icon Top 9 categories map      RocketAware >


Tips: Browse or Search all pages for efficient awareness of more than 6000 of the most popular reusable and open source applications, functions, libraries, and FAQs.

The "RKT couplings" below include links to source code, updates, additional information, advice, FAQs, and overviews.


Search all pages


By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Integer, Floating point, Matrix, Statistics, Boolean, ...

Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...


RocketLink!--> Man page versions: OpenBSD FreeBSD NetBSD RedHat Others

SU(1)                      OpenBSD Reference Manual                      SU(1)

     su - substitute user identity

     su [-Kflm] [login [shell arguments]]

     su requests the Kerberos password for login (or for ``login.root'', if no
     login is provided), and switches to that user and group ID after obtain-
     ing a Kerberos ticket granting access.  A shell is then executed, and any
     additional shell arguments after the login name are passed to the shell.
     su will resort to the local password file to find the password for login
     if there is a Kerberos error or if Kerberos is not installed.  If su is
     executed by root, no password is requested and a shell with the appropri-
     ate user ID is executed; no additional Kerberos tickets are obtained.

     Alternately, if the user enters the password "s/key", they will be au-
     thenticated using the S/Key one-time password system as described in
     skey(1).  S/Key is a Trademark of Bellcore.

     By default, the environment is unmodified with the exception of LOGNAME,
     USER, HOME, and SHELL. HOME and SHELL are set to the target login's de-
     fault values.  LOGNAME and USER are set to the target login, unless the
     target login has a user ID of 0, in which case it is unmodified.  The in-
     voked shell is the target login's.  This is the traditional behavior of

     The options are as follows:

     -K      Do not attempt to use Kerberos to authenticate the user.

     -f      If the invoked shell is csh(1),  this option prevents it from
             reading the ``.cshrc'' file.

     -l      Simulate a full login.  The environment is discarded except for
             HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME and SHELL are
             modified as above.  LOGNAME and USER are set to the target login.
             PATH is set to ``/usr/bin:/bin''. TERM is imported from your cur-
             rent environment.  The invoked shell is the target login's, and
             su will change directory to the target login's home directory.

     -m      Leave the environment unmodified.  The invoked shell is your lo-
             gin shell, and no directory changes are made.  As a security pre-
             caution, if the target user's shell is a non-standard shell (as
             defined by getusershell(3))  and the caller's real UID is non-ze-
             ro, su will fail.

     The -l and -m options are mutually exclusive; the last one specified
     overrides any previous ones.

     If the optional shell arguments are provided on the command line, they
     are passed to the login shell of the target login.  This allows it to
     pass arbitrary commands via the -c option as understood by most shells.
     Note that -c usually expects a single argument only; you have to quote it
     when passing multiple words.

     If group 0 (normally ``wheel'') has users listed then only those users
     can su to ``root''. It is not sufficient to change a user's /etc/passwd
     entry to add them to the ``wheel'' group; they must explicitly be listed
     in /etc/group. If no one is in the ``wheel'' group, it is ignored, and
     anyone who knows the root password is permitted to su to ``root''.

     By default (unless the prompt is reset by a startup file) the super-user
     prompt is set to ``#'' to remind one of its awesome power.

     su bin -c makewhatis
            Runs the command makewhatis as user bin. You will be asked for
            bin's password unless your real UID is 0.

     su bin -c 'makewhatis /usr/local/man'
            Same as above, but the target command consists of more than a sin-
            gle word.

     su -l foo
            Pretend a login for user foo.

     csh(1),  kerberos(1),  kinit(1),  login(1),  sh(1),  skey(1),  group(5),
     passwd(5),  environ(7)

     Environment variables used by su:

     HOME  Default home directory of real user ID unless modified as specified

     PATH  Default search path of real user ID unless modified as specified

     TERM  Provides terminal type which may be retained for the substituted
           user ID.

           The user ID is always the effective ID (the target user ID) after
           an su unless the user ID is 0 (root).

     USER  Same as LOGNAME.

     A su command appeared in Version 7 AT&T UNIX.  The version described here
     is an adaptation of the MIT Athena Kerberos command.

OpenBSD 2.6                      July 29, 1991                               2

Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others.

(Corrections, notes, and links courtesy of RocketAware.com)

[Detailed Topics]
FreeBSD Sources for su(1)
OpenBSD sources for su(1)

[Overview Topics]

Up to: Process Limits: Identity - Process ownership and Identity

RocketLink!--> Man page versions: OpenBSD FreeBSD NetBSD RedHat Others

Rapid-Links: Search | About | Comments | Submit Path: RocketAware > su.1/
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments