SU(C) UNIX System V
Name
su - makes the user a super-user or another user
Syntax
su [ - ] [ name [ arg ... ] ]
Description
su allows authorized users to become another user without
logging off. The default user name is root (i.e., super-
user).
su cannot be used to simply assume the login of another user
in this implementation of UNIX. Instead, su can be used
under four circumstances:
⊕ The super-user can ``su'' to any account.
⊕ An administrative user with the su authorization can
``su'' to the super-user account.
⊕ A user can ``su'' to their own account (silly, but
possible).
⊕ A system daemon can ``su'' to an account.
To use su, the appropriate password must be supplied (unless
you are already a super-user). If the password is correct,
su will execute a new shell with the effective user ID set
to that of the specified user. (The LUID is not changed.)
The new shell will be the optional program named in the
shell field of the specified user's password file (/bin/sh
if none is specified (see sh(C)). To restore normal user ID
privileges, press
EOF (Ctrl-D) to the new shell.
Any additional arguments given on the command line are
passed to the program invoked as the shell. When using
programs like sh(C), an arg of the form -c string executes
string via the shell and an arg of -r gives the user a
restricted shell.
The following statements are true only if the optional
program named in the shell field of the specified user's
password file entry is like sh(C). If the first argument to
su is a -, the environment is changed to what would be
expected if the user actually logged in as the specified
user. This is done by invoking the program used as the
shell with an arg0 value whose first character is -, thus
causing first the system's profile (/etc/profile) and then
the specified user's profile (.profile in the new HOME
directory) to be executed. Otherwise, the environment is
passed along with the possible exception of $PATH, which is
set to /bin:/etc:/usr/bin for root. The - option should
never be used in /etc/rc scripts.
Note that if the optional program used as the shell is
/bin/sh, the user's .profile can check arg0 for -sh or -su
to determine if it was invoked by login(M) or su(C),
respectively. If the user's program is other than /bin/sh,
then .profile is invoked with an arg0 of -program by both
login(M) and su(C).
The file /etc/default/su can be used to control several
aspects of how su is used. Several entries can be placed in
/etc/default/su:
SULOG Name of log file to record all attempts to use su.
Usually /usr/adm/sulog. If not set, no logfile is
kept. (See example below.)
PATH The PATH environment variable to set for non-root
users. If not set, it defaults to
``:/bin:/usr/bin.'' The current PATH environment
variable is ignored.
SUPATH When invoked by root, the path is set by default
to ``/bin:/usr/bin:/etc'', unless this variable is
defined., The current PATH is ignored.
CONSOLE Attempts to use su are logged to the named device,
independently of SULOG.
For example, if you want to log all attempts by users to
become root, create the file /etc/default/su. In this file,
place a string similar to: SULOG=/usr/adm/sulog This causes
all attempts by any user to switch user IDs to be recorded
in the file /usr/adm/sulog. This filename is arbitrary.
The su logfile records the original user, the UID of the su
attempt, and the time of the attempt. If the attempt is
successful, a plus sign (+) is placed on the line describing
the attempt. A minus sign (-) indicates an unsuccessful
attempt.
Examples
To become user bin while retaining your previously exported
environment, enter:
su bin
To become user bin but change the environment to what would
be expected if bin had originally logged in, enter:
su - bin
To execute command with the temporary environment and
permissions of user bin, enter:
su - bin -c ``command args''
Files
/etc/passwd The system password file
/etc/default/su Optional file containing control
options
/etc/profile The system profile
$HOME/.profile The user profile
See Also
env(C), environ(M), login(M), passwd(F), profile(M), sh(C),
auths(C)
Standards Conformance
su is conformant with:
AT&T SVID Issue 2, Select Code 307-127;
and The X/Open Portability Guide II of January 1987.
(printed 2/15/90) SU(C)