Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ su(C) — OpenDesktop 1.1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

env(C)

environ(M)

login(M)

passwd(F)

profile(M)

sh(C)

auths(C)


     SU(C)                                UNIX System V



     Name
          su - makes the user a super-user or another user


     Syntax
          su [ - ] [ name [ arg ... ] ]


     Description
          su allows authorized users to become  another  user  without
          logging  off.   The  default user name is root (i.e., super-
          user).

          su cannot be used to simply assume the login of another user
          in  this  implementation  of  UNIX.  Instead, su can be used
          under four circumstances:

           ⊕   The super-user can ``su'' to any account.

           ⊕   An administrative user with the  su  authorization  can
               ``su'' to the super-user account.

           ⊕   A user can ``su'' to  their  own  account  (silly,  but
               possible).

           ⊕   A system daemon can ``su'' to an account.

          To use su, the appropriate password must be supplied (unless
          you  are already a super-user).  If the password is correct,
          su will execute a new shell with the effective user  ID  set
          to  that  of  the specified user. (The LUID is not changed.)
          The new shell will be the  optional  program  named  in  the
          shell  field  of the specified user's password file (/bin/sh
          if none is specified (see sh(C)).  To restore normal user ID
          privileges, press

          EOF (Ctrl-D) to the new shell.

          Any additional arguments  given  on  the  command  line  are
          passed  to  the  program  invoked  as the shell.  When using
          programs like sh(C), an arg of the form -c  string  executes
          string  via  the  shell  and  an  arg of -r gives the user a
          restricted shell.

          The following statements  are  true  only  if  the  optional
          program  named  in  the  shell field of the specified user's
          password file entry is like sh(C).  If the first argument to
          su  is  a  -,  the  environment  is changed to what would be
          expected if the user actually logged  in  as  the  specified
          user.   This  is  done  by  invoking the program used as the
          shell with an arg0 value whose first character  is  -,  thus
          causing  first  the system's profile (/etc/profile) and then
          the specified user's  profile  (.profile  in  the  new  HOME
          directory)  to  be  executed.  Otherwise, the environment is
          passed along with the possible exception of $PATH, which  is
          set  to  /bin:/etc:/usr/bin  for  root.  The - option should
          never be used in /etc/rc scripts.

          Note that if the optional  program  used  as  the  shell  is
          /bin/sh,  the  user's .profile can check arg0 for -sh or -su
          to determine  if  it  was  invoked  by  login(M)  or  su(C),
          respectively.   If the user's program is other than /bin/sh,
          then .profile is invoked with an arg0 of  -program  by  both
          login(M) and su(C).

          The file /etc/default/su can  be  used  to  control  several
          aspects of how su is used.  Several entries can be placed in
          /etc/default/su:

          SULOG     Name of log file to record all attempts to use su.
                    Usually /usr/adm/sulog.  If not set, no logfile is
                    kept. (See example below.)

          PATH      The PATH environment variable to set for  non-root
                    users.     If    not    set,    it   defaults   to
                    ``:/bin:/usr/bin.''  The current PATH  environment
                    variable is ignored.

          SUPATH    When invoked by root, the path is set  by  default
                    to ``/bin:/usr/bin:/etc'', unless this variable is
                    defined., The current PATH is ignored.

          CONSOLE   Attempts to use su are logged to the named device,
                    independently of SULOG.

          For example, if you want to log all  attempts  by  users  to
          become root, create the file /etc/default/su.  In this file,
          place a string similar to:  SULOG=/usr/adm/sulog This causes
          all  attempts  by any user to switch user IDs to be recorded
          in the file /usr/adm/sulog.   This  filename  is  arbitrary.
          The  su logfile records the original user, the UID of the su
          attempt, and the time of the attempt.   If  the  attempt  is
          successful, a plus sign (+) is placed on the line describing
          the attempt.  A minus sign  (-)  indicates  an  unsuccessful
          attempt.

     Examples
          To become user bin while retaining your previously  exported
          environment, enter:

               su bin

          To become user bin but change the environment to what  would
          be expected if bin had originally logged in, enter:

          su - bin

          To  execute  command  with  the  temporary  environment  and
          permissions of user bin, enter:

          su - bin -c ``command args''


     Files
          /etc/passwd         The system password file
          /etc/default/su          Optional  file  containing  control
          options
          /etc/profile        The system profile

          $HOME/.profile      The user profile


     See Also
          env(C), environ(M), login(M), passwd(F), profile(M),  sh(C),
          auths(C)


     Standards Conformance
          su is conformant with:
          AT&T SVID Issue 2, Select Code 307-127;
          and The X/Open Portability Guide II of January 1987.


     (printed 2/15/90)                                      SU(C)












































































































































































































































































































































































































































































Typewritten Software • bear@typewritten.org • Edmonds, WA 98026