su(1) DG/UX R4.11 su(1)
NAME
su - switch username (become another user)
SYNOPSIS
su [-] [name [arg ... ] ]
DESCRIPTION
Su lets you become another user without logging off. The default
user name is root.
To use su on a generic DG/UX system, supply the appropriate password
(unless it's already root).
On a system with DG/UX information security, in order for a non-
privileged user to be able to su to a user, that user must be
authorized for the su service in the A&A database. You will then be
prompted for a password. Enter the password associated with the
user's su service authorization. If the password is correct, su will
execute a new shell with the real and effective user ID set to that
of the specified user. Also, on a system with DG/UX information
security, privilege is set to that of the specified user. And the
specified user's audit mask is OR'd into yours. (However, su does
not change your AUTHID.) The new shell will be the optional program
named in the shell field of the specified user's password file entry
(see passwd(4)), or /bin/sh if none is specified (see sh(1)). To
restore normal user ID privileges, type an EOF (Ctrl-D) to the new
shell.
On a trusted system with mandatory access control (MAC), su does not
change the process clearance (MAC label) when switching to the new
user id. However, su does ensure that the destination user's su
authorization does allow you to su at your current process clearance.
If it does not allow this, su will fail. In addition, su attempts to
reset the process directory mode to virtual. If it cannot do so, it
will also fail.
Any additional arguments given on the command line are passed to the
program invoked as the shell. When using programs like sh(1), an arg
of the form -c string executes string via the shell and an arg of -r
will give the user a restricted shell.
The following statements are true only if the optional program named
in the shell field of the specified user's password file entry is
like sh(1):
If the first argument to su is a -, the environment is changed as if
you actually logged in as the specified user. You invoke the program
used as the shell with an arg0 value whose first character is -, thus
executing first the system's profile (/etc/profile) and then the
specified user's profile (.profile in the new HOME directory).
Otherwise, the environment is passed along with the possible
exception of $PATH, which is set to /bin:/etc:/usr/bin for root.
If the optional program used as the shell is /bin/sh, the user's
.profile can check arg0 for -sh or -su to determine if it was invoked
by login(1) or su(1), respectively. If the user's program is other
than /bin/sh, then .profile is invoked with an arg0 of -program by
both login(1) and su(1).
All attempts to become another user using su are logged in the log
file /usr/adm/sulog. This file contains the time and date when su
was invoked, a plus sign or a minus sign indicating the success or
failure (respectively) of the su command, the user's tty, the user's
login name, and the name to which the user attempted to change.
For example, the following entry shows that user morris, at tty06,
became root at 4:41pm on June 30.
SU 06/30 16:41 + tty06 morris-root
The following entry shows an unsuccessful attempt to become root.
SU 06/24 13:55 - tty11 morris-root
EXAMPLES
To become user bin while retaining your previously exported
environment, execute:
su bin
To become user bin but change the environment to what would be
expected if bin had originally logged in, execute:
su - bin
To execute command with the temporary environment and permissions of
user bin, type:
su - bin -c "command args"
FILES
/etc/passwd System's password file
/etc/profile System's profile
$HOME/.profile User's profile
/usr/adm/sulog Log file
/etc/default/su The default parameters that live here are:
SULOG: If defined, all attempts to su to another user are
logged in the indicated file.
CONSOLE: If defined, all attempts to su to root are logged on
the console.
PATH: Default path.
SUPATH: Default path for a user invoking su to become root.
SEE ALSO
env(1), login(1), sh(1).
passwd(4), profile(4), environ(5).
NOTES
If you are using a system with DG/UX information security, and a
user's su password expires, you will not be able to su to that user.
Licensed material--property of copyright holder(s)