su(1)
NAME
su − switch to another user name
SYNOPSIS
su [-] [username [arguments]]
DESCRIPTION
The su (set user or superuser) command allows one user to become another user without logging out.
username is the name of a user defined in the /etc/passwd file (see passwd(4). The default name is root (i.e., superuser).
To use su, you must supply the appropriate password (unless you are currently root). If the password is correct, su executes a new shell with the real and effective user ID, real and effective group ID, and group access list set to that of the specified user.
The new shell is the one specified in the shell field of the new user’s entry in the password file, /etc/passwd. su uses the Bourne shell (see sh-bourne(1)).
The arguments (the balance of the command line after username) are passed along to the new shell for execution, permitting you to run shell procedures with the new user’s privileges.
When you exit from the new shell, the previous user name and environment are restored.
If you specify the - option of the su command, the new shell starts up as if you just logged in, except as follows:
• The HOME variable is reset to the new user’s home directory.
• If the new user name is root, the path and prompt variables are reset:
PATH=/usr/bin:/usr/sbin:/sbin
PS1=#
For other user names:
PATH=/usr/bin
PS1=$
• The rest of the environment is deleted and reset to the login state. However, the login files are normally executed anyway, usually restoring the expected value of PATH and other variables.
If you omit the - option, the new shell starts up as if you invoked it as a subshell, except as follows:
• If the new user name is root, the path and prompt variables are reset:
PATH=/usr/bin:/usr/sbin:/sbin
PS1=#
• The rest of the environment is retained.
If the shell specified in /etc/passwd is /usr/bin/sh, su sets the value of parameter 0 in the new shell (referenced as $0) to su. If you specify the - option of the su command, su sets parameter 0 to −su.
If the shell specified in /etc/passwd is not /usr/bin/sh, su sets the value of parameter 0 in the new shell to shellname. If you specify the - option of the su command, su sets parameter 0 to −shellname. For example for the Korn shell, the value of shellname would be ksh or -ksh.
(By comparison, the login command always sets parameter 0 to −shellname.)
All attempts to become another user are logged in /var/adm/sulog, including failures. Successful attempts are flagged with +, failures with -. They are also logged with syslog() (see syslog(3C)).
SECURITY FEATURES
Except for user root, users on a trusted system cannot use su to change to an account that has been locked because of expired passwords or other access restrictions,
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is null, it defaults to "C" (see lang(5)).
If any internationalization variable contains an invalid setting, all internationalization variables default to "C" (see environ(5)).
International Code Set Support
Characters in the 7-bit USASCII code sets are supported in login names (see ascii(5)).
EXAMPLES
Become user bin while retaining the previously exported environment:
su bin
Become user bin but change the environment to what would be expected if bin had originally logged in:
su - bin
Execute command and its arguments using the temporary environment and permissions of user bin:
su - bin -c command arguments
WARNINGS
After a successful password has been supplied (if needed), su uses information from /etc/passwd and /etc/logingroup to determine the user’s group ID and group access list. If /etc/group is linked to /etc/logingroup, and group membership for the user trying to log in is managed by the Network Information Service (NIS), and no NIS server is able to respond, su waits until a server does respond.
DEPENDENCIES
HP-UX Integrated Login Library
su can use the HP-UX Integrated Login Library, if it is configured. For further details, see auth(5) and auth.adm(1m).
The HP-UX Integrated Login typically uses the Distributed Computing Environment (DCE) for its user registry. The DCE user registry and its relationship to the HP-UX Integrated Login are described in auth.dce(5).
FILES
$HOME/.profile User’s profile
/etc/logingroup System’s default group access list file
/etc/passwd System’s password file
/etc/profile System’s profile
/var/adm/sulog Log of all attempts
VARIABLES
HOME User’s home directory
LOGNAME User’s login name
PATH Command name search path
PS1 Default prompt
SHELL Name of the user’s shell
SEE ALSO
env(1), login(1), sh(1), initgroups(3C), syslog(3C), group(4), passwd(4), profile(4), environ(5).
HP-UX Integrated Login Library: auth.adm(1m), auth(5), auth.dce(5).
STANDARDS CONFORMANCE
su: SVID2, SVID3, XPG2
Hewlett-Packard Company — HP-UX Release 10.20: July 1996