Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ su(C) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auths(C)

nv(C)

environ(M)

login(M)

passwd(FP)

profile(M)

sh(C)

sg(C)


 su(C)                           19 June 1992                           su(C)


 Name

    su - make the user a super user or another user

 Syntax

    su [ - ] [ name [ arg ... ] ]

 Description

    The su command allows authorized users to change their user id to that of
    another user without logging off.  The default user name is root (that
    is, super user).

    If a user has su authorization they can su to any account, providing they
    know the password for that account.  If the user does not have su author-
    ization, they can su only to their own account or to another account that
    they own, or to an account that has the same owner as the current
    account.

    To use su, the appropriate password must be supplied (unless you are
    already the super user).  If the password is correct, su will execute a
    new shell with the user ID, group ID, and supplemental group list set to
    those of the specified user.  The new shell also has the kernel and
    subsystem authorizations of the specified user, although the LUID is not
    changed.  The new shell will be the optional program named in the shell
    field of the specified user's password file (/bin/sh if none is specified
    (see sh(C))).  To restore normal user ID privileges, press EOF <Ctrl>d to
    exit the new shell.

    Any additional arguments given on the command line are passed to the pro-
    gram invoked as the shell.  When using programs like sh(C), an arg of the
    form -c string executes string via the shell and an arg of -r gives the
    user a restricted shell.  You must specify a username with the -c option;
    for example, su root -c sysadmsh.  When you exit the system administra-
    tion shell, you will no longer be root.

    The following statements are true only if the optional program named in
    the shell field of the specified user's password file entry is like sh.
    If the first argument to su is a ``-'', the environment is changed to
    what would be expected if the user actually logged in as the specified
    user.  This is done by invoking the program used as the shell with an
    arg0 value whose first character is ``-'', thus causing first the
    system's profile (/etc/profile) and then the specified user's profile
    (.profile in the new HOME directory) to be executed.  Otherwise, the
    environment is passed along with the possible exception of $PATH, which
    is set to /bin:/etc:/usr/bin for root.  The ``-'' option should never be
    used in /etc/rc scripts.

    Note that if the optional program used as the shell is /bin/sh, the
    user's .profile can check arg0 for -sh or -su to determine if it was
    invoked by login(M) or su, respectively.  If the user's program is other
    than /bin/sh, then .profile is invoked with an arg0 of -program by both
    login and su.

    The file /etc/default/su can be used to control several aspects of how su
    is used.  Several entries can be placed in /etc/default/su:

    SULOG     Name of log file to record all attempts to use su.  Usually
              /usr/adm/sulog.  If this is not set, no logfile is kept. (See
              below.)

    PATH      The PATH environment variable to set for non-root users.  If
              not set, it defaults to :/bin:/usr/bin.  The current PATH
              environment variable is ignored.

    SUPATH    The PATH environment variable to set for root.  If not set, it
              defaults to /bin:/etc:/usr/bin.  The current PATH is ignored.

    CONSOLE   Attempts to use su are logged to the named device, indepen-
              dently of SULOG.

    For example, if you want to log all attempts by users to become root,
    edit the file /etc/default/su.  In this file, place a string similar to:

       SULOG=/usr/adm/sulog

    This causes all attempts by any user to switch user IDs to be recorded in
    the file /usr/adm/sulog.  This filename is arbitrary.  The su logfile
    records the original user, the UID of the su attempt, and the time of the
    attempt.  If the attempt is successful, a plus sign (+) is placed on the
    line describing the attempt.  A minus sign (-) indicates an unsuccessful
    attempt.

 Examples

    To become user bin while retaining your previously exported environment,
    enter:

       su bin


    To become user bin but change the environment to what would be expected
    if bin had originally logged in, enter:

       su - bin


    To execute command with the temporary environment and permissions of user
    bin, enter:

       su - bin -c command args


 Files

    /etc/passwd             The system password file
    /etc/default/su         File containing control options
    /etc/profile            The system profile
    $HOME/.profile          The user profile

 See also

    auths(C), nv(C), environ(M), login(M), passwd(FP), profile(M), sh(C),
    sg(C)

 Standards conformance

    su is conformant with:

    AT&T SVID Issue 2;
    and X/Open Portability Guide, Issue 3, 1989.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026