su(1) su(1)
NAME
su - temporarily switch to another account (become superuser or
another user)
SYNOPSIS
su [-] [loginname [arg ...]]
DESCRIPTION
su allows you to work temporarily under another login name (in another
account).
Except for the system administrator (i.e. superusers), all users who
invoke su are asked to supply the appropriate password for whichever
account they wish to switch to. The system administrator (logged in as
root) may work in any account without providing a password. If a shell
is entered in the /etc/passwd file as the start-up program for the
specified login name, su will execute a new subshell, using the user
ID associated with the given login name as the real and effective user
ID of this new shell process. If no such entry exists in /etc/passwd,
the Bourne shell /usr/bin/sh is started by default. The PATH variable
[see sh(1)] retains the value defined in the environment. If you
switch to the system administrator's account, PATH is set to the value
of the SUPATH variable from /etc/default/su. For the rest, the new
subshell inherits the original environment of the user who calls su,
for example $USER and $HOME. If you wish to change the environment to
what would be expected if you had actually logged in as the specified
loginname, you can do this by calling su with the - option.
All system-wide attempts to become another user with su (including
those made from remote systems) are logged in the file /var/adm/sulog
(if the environment variable SULOG is defined in /etc/default/su); all
such attempts to switch to the system administrator's account are out-
put on the console (if the environment variable CONSOLE is defined in
/etc/default/su).
The invoked subshell can be exited by pressing the <CTRL-D> key. You
will then be returned to your original account with your previous
environment exactly as it was when you left it.
Page 1 Reliant UNIX 5.44 Printed 11/98
su(1) su(1)
Checking your current login name
The id(1) command displays the login name under which you are
currently identified.
Checking your original login name
The logname(1) and who(1) commands display the login name under which
you last logged in with the login command.
OPTIONS
- If you use the dash option (-), and the start-up program named in
the file /etc/passwd for the user loginname is sh, your environ-
ment will be changed to what would be expected if you had origi-
nally logged in (with login) as loginname. A login shell is
invoked [see login(1)] and the system's profile (/etc/profile)
and then the user-specific profile ($HOME/.profile) are executed.
Your .profile can check arg0 for -sh or -su to determine if it
was invoked by login or su, respectively.
If the start-up program is a program other than /usr/bin/sh,
-program is passed to .profile as arg0, regardless of whether it
was invoked by login or su.
loginname
Login name under which you wish to work temporarily. You will be
asked for the password of loginname before you can proceed
further.
Only the system administrator can work in other accounts without
giving the password.
loginname not specified:
As system administrator (superuser) you assume the privileges of
root (after giving the appropriate password!).
arg One or more arguments to be passed to the startup program entered
for the specified login name in the /etc/passwd file (the command
interpreter /bin/sh by default). These arguments can be specified
on the su command line exactly as for the command interpreter.
If the startup program is a shell, it is also possible to specify
a single argument of the form -c command or -r:
-c command
Executes command in the start-up shell with the environment
of the specified login name.
-r Calls a restricted shell.
Page 2 Reliant UNIX 5.44 Printed 11/98
su(1) su(1)
ERROR MESSAGES
su: Sorry
You have entered an invalid login name or password.
LOCALE
The LCMESSAGES environment variable governs the language in which
message texts are displayed. If LCMESSAGES is undefined or is defined
as the null string, it defaults to the value of LANG. If LANG is like-
wise undefined or null, the system acts as if it were not internation-
alized.
The LCALL environment variable governs the entire locale. LCALL
takes precedence over all the other environment variables which affect
internationalization.
EXAMPLES
These examples illustrate the difference between the login command and
the su command.
Example 1
Use the command (login) to log in to the system under the login name
(guest); then check the current login name (with id), the original
login name (with who am i), and the value of the environment variable
LOGNAME (with echo $LOGNAME):
$ login guest
Password: blanked input of the password for guest
$ id
uid=100(guest) gid=10(other)
$ who am i
guest grtty MAR 17 15:13
$ echo $LOGNAME
guest
Example 2
Use su without the - option to switch to the login name franny.
Although franny's environment redefines the PS1 variable (i.e. the
shell prompt) to the value FR, this variable will not be evaluated.
Check the current login name (with id), the original login name (with
who am i), the value of the environment variable LOGNAME (with echo
$LOGNAME), and return to the login name guest (with <CTRL-D>):
Page 3 Reliant UNIX 5.44 Printed 11/98
su(1) su(1)
$ su franny
Password: blanked input of the password for franny
$ id
uid=103(franny) gid=10(other)
$ who am i
guest grtty MAR 17 15:13
$ echo $LOGNAME
guest
$ <CTRL-D>
$ id
uid=100(guest) gid=10(other)
Example 3
Use su, this time with the - option, to switch to the login name
franny. The environment variable PS1 (i.e. the shell prompt), which is
redefined in franny's environment to FR, will now be evaluated. Check
the current login name (with id), the original login name (with who am
i) and the value of the environment variable LOGNAME (with echo
$LOGNAME), then execute logname and finally return to the login name
guest (with <CTRL-D>).
$ su - franny
Password: blanked input of the password for franny
FR id
uid=103(franny) gid=10(other)
FR who am i
guest grtty MAR 17 15:13
FR echo $LOGNAME
franny
FR logname
guest
FR <CTRL-D>
$
Example 4
Use su - -c to switch to the login name franny and, in the temporary
environment and with the permissions of user franny, execute the com-
mand id (which displays the current login name):
$ su - franny -c "id"
Password: blanked input of the password for franny
uid=103(franny) gid=10(other)
$
Page 4 Reliant UNIX 5.44 Printed 11/98
su(1) su(1)
ENVIRONMENT VARIABLES
SULOG
If a filename is assigned to this variable in /etc/default/su,
all attempts to switch to another account with su are logged in
filename. The default value for SULOG is /var/adm/sulog.
CONSOLE
If a terminal name is assigned to this variable in
/etc/default/su, all attempts to use su root are logged on that
terminal. The default value for CONSOLE is /dev/console.
PATH The value of this variable in /etc/default/su is assigned to the
PATH variable if you switch accounts using su -.
SUPATH
If you switch to the system administrator's account, the PATH
environment variable is assigned the value of the SUPATH variable
from /etc/default/su.
FILES
/etc/passwd
System's login and password file.
/etc/profile
System profile executed for each login name by the login shell.
$HOME/.profile
Private shell script that every user can set up in his or her
home directory. This profile is automatically executed by the
login shell after /etc/profile.
/var/adm/sulog
File that logs every attempt made in the system to become another
user, provided the SULOG variable is set to /var/adm/sulog.
/etc/default/su
File containing the default values for the variables SULOG,
CONSOLE, PATH and SUPATH, e.g. SULOG is set to /var/adm/sulog and
CONSOLE is set to /dev/console.
SEE ALSO
env(1), login(1), sh(1), passwd(4), profile(4), su(4), environ(5).
Page 5 Reliant UNIX 5.44 Printed 11/98