System Administration Commands                             su(1M)


NAME

     su - become superuser or another user


SYNOPSIS

     su [-] [username [arg...]]


DESCRIPTION

     The su command allows one to  become  another  user  without
     logging  off  or  to assume a role. The default user name is
     root (superuser).

     To use su, the appropriate password must be supplied (unless
     the  invoker  is already root).  If the password is correct,
     su creates a new shell process that has the real and  effec-
     tive user ID, group IDs, and supplementary group list set to
     those of the  specified  username.   Additionally,  the  new
     shell's  project  ID is set to the default project ID of the
     specified      user.      See      getdefaultproj(3PROJECT),
     setproject(3PROJECT).   The  new  shell  will  be  the shell
     specified in the shell field  of  username's  password  file
     entry   (see   passwd(4)).    If   no  shell  is  specified,
     /usr/bin/sh is used (see sh(1)).  If superuser privilege  is
     requested  and the shell for the superuser cannot be invoked
     using exec(2), /sbin/sh is used as a fallback. To return  to
     normal user ID privileges, type an EOF character (CTRL-D) to
     exit the new shell.

     Any additional arguments  given  on  the  command  line  are
     passed  to the new shell. When using programs such as sh, an
     arg of the form -c string executes string  using  the  shell
     and an arg of -r gives the user a restricted shell.

     To create a login environment, the command "su -"  does  the
     following:

         o    In addition to what is already propagated, the  LC*
              and  LANG  environment variables from the specified
              user's environment are also propagated.

         o    Propagate TZ from the user's environment. If TZ  is
              not found in the user's environment, su uses the TZ
              value  from  the  TIMEZONE   parameter   found   in
              /etc/default/login.

         o    Set MAIL to /var/mail/new_user.

SunOS 5.11          Last change: 26 Feb 2004                    1


System Administration Commands                             su(1M)

     If the first argument to su is a dash (-),  the  environment
     will  be changed to what would be expected if the user actu-
     ally  logged  in  as  the  specified  user.  Otherwise,  the
     environment  is  passed  along, with the exception of $PATH,
     which is controlled by PATH and SUPATH in /etc/default/su.

     All attempts to become another user using su are  logged  in
     the log file /var/adm/sulog (see sulog(4)).


SECURITY

     su uses pam(3PAM) with the service name su  for  authentica-
     tion, account management, and credential establishment.


EXAMPLES

     Example 1 Becoming User bin While Retaining Your  Previously
     Exported Environment

     To become user bin while retaining your previously  exported
     environment, execute:

       example% su bin

     Example 2 Becoming User bin  and  Changing  to  bin's  Login
     Environment

     To become user bin but change the environment to what  would
     be expected if bin had originally logged in, execute:

       example% su - bin

     Example 3 Executing command with user bin's Environment  and
     Permissions

     To execute command with the temporary environment  and  per-
     missions of user bin, type:

       example% su - bin -c "command args"

SunOS 5.11          Last change: 26 Feb 2004                    2


System Administration Commands                             su(1M)


ENVIRONMENT VARIABLES

     Variables with LD_ prefix are removed for security  reasons.
     Thus,  su  bin will not retain previously exported variables
     with LD_ prefix while becoming user bin.

     If any  of  the  LC_*  variables  (  LC_CTYPE,  LC_MESSAGES,
     LC_TIME,   LC_COLLATE,  LC_NUMERIC,  and  LC_MONETARY)  (see
     environ(5)) are not set in the environment, the  operational
     behavior  of  su  for  each corresponding locale category is
     determined by the value of the LANG environment variable. If
     LC_ALL  is  set,  its contents are used to override both the
     LANG and the other LC_* variables.  If  none  of  the  above
     variables  are  set in the environment, the "C" (U.S. style)
     locale determines how su behaves.

     LC_CTYPE       Determines how su  handles  characters.  When
                    LC_CTYPE  is  set  to  a  valid value, su can
                    display and handle text  and  filenames  con-
                    taining valid characters for that locale.  su
                    can display and  handle  Extended  Unix  Code
                    (EUC) characters where any individual charac-
                    ter can be 1, 2, or 3  bytes  wide.   su  can
                    also  handle  EUC characters of 1, 2, or more
                    column widths. In the "C" locale, only  char-
                    acters from ISO 8859-1 are valid.

     LC_MESSAGES    Determines  how  diagnostic  and  informative
                    messages  are  presented.  This  includes the
                    language and style of the messages,  and  the
                    correct  form  of  affirmative  and  negative
                    responses. In the "C"  locale,  the  messages
                    are  presented  in  the default form found in
                    the  program  itself  (in  most  cases,  U.S.
                    English).


FILES

     $HOME/.profile        user's login commands for sh and ksh

     /etc/passwd           system's password file

     /etc/profile          system-wide sh and ksh login commands

     /var/adm/sulog        log file

SunOS 5.11          Last change: 26 Feb 2004                    3


System Administration Commands                             su(1M)

     /etc/default/su       the default parameters  in  this  file
                           are:

                           SULOG      If defined, all attempts to
                                      su   to  another  user  are
                                      logged  in  the   indicated
                                      file.

                           CONSOLE    If defined, all attempts to
                                      su  to  root  are logged on
                                      the console.

                           PATH       Default path.  (/usr/bin:)

                           SUPATH     Default  path  for  a  user
                                      invoking    su   to   root.
                                      (/usr/sbin:/usr/bin)

                           SYSLOG     Determines   whether    the
                                      syslog(3C)  LOG_AUTH facil-
                                      ity should be used  to  log
                                      all       su      attempts.
                                      LOG_NOTICE   messages   are
                                      generated for su's to root,
                                      LOG_INFO messages are  gen-
                                      erated  for  su's  to other
                                      users,  and  LOG_CRIT  mes-
                                      sages   are  generated  for
                                      failed su attempts.

     /etc/default/login    the default parameters  in  this  file
                           are:

                           TIMEZONE    Sets  the  TZ  environment
                                       variable of the shell.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

SunOS 5.11          Last change: 26 Feb 2004                    4


System Administration Commands                             su(1M)

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|


SEE ALSO

     csh(1),   env(1),   ksh(1),   login(1),   roles(1),   sh(1),
     syslogd(1M),        exec(2),       getdefaultproj(3PROJECT),
     setproject(3PROJECT),   pam(3PAM),   pam_authenticate(3PAM),
     pam_acct_mgmt(3PAM),     pam_setcred(3PAM),     pam.conf(4),
     passwd(4), profile(4), sulog(4), syslog(3C),  attributes(5),
     environ(5)

SunOS 5.11          Last change: 26 Feb 2004                    5


Man(1) output converted with man2html


FhG Schily's Home VED powered