Search all pages
Professions, Sciences, Humanities, Business, ...
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...
Conversions, tests, processing, manipulation,...
Integer, Floating point, Matrix, Statistics, Boolean, ...
Algorithms, Memory, Process control, Debugging, ...
Data storage, Integrity, Encryption, Compression, ...
Networks, protocols, Interprocess, Remote, Client Server, ...
Timing, Calendar and Clock, Audio, Video, Printer, Controls...
Management, Filtering, File & Directory access, Viewers, ...
RocketLink!--> Man page versions:
SU(1) OpenBSD Reference Manual SU(1)
su - substitute user identity
su [-Kflm] [login [shell arguments]]
su requests the Kerberos password for login (or for ``login.root'', if no
login is provided), and switches to that user and group ID after obtain-
ing a Kerberos ticket granting access. A shell is then executed, and any
additional shell arguments after the login name are passed to the shell.
su will resort to the local password file to find the password for login
if there is a Kerberos error or if Kerberos is not installed. If su is
executed by root, no password is requested and a shell with the appropri-
ate user ID is executed; no additional Kerberos tickets are obtained.
Alternately, if the user enters the password "s/key", they will be au-
thenticated using the S/Key one-time password system as described in
skey(1). S/Key is a Trademark of Bellcore.
By default, the environment is unmodified with the exception of LOGNAME,
USER, HOME, and SHELL. HOME and SHELL are set to the target login's de-
fault values. LOGNAME and USER are set to the target login, unless the
target login has a user ID of 0, in which case it is unmodified. The in-
voked shell is the target login's. This is the traditional behavior of
The options are as follows:
-K Do not attempt to use Kerberos to authenticate the user.
-f If the invoked shell is csh(1), this option prevents it from
reading the ``.cshrc'' file.
-l Simulate a full login. The environment is discarded except for
HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME and SHELL are
modified as above. LOGNAME and USER are set to the target login.
PATH is set to ``/usr/bin:/bin''. TERM is imported from your cur-
rent environment. The invoked shell is the target login's, and
su will change directory to the target login's home directory.
-m Leave the environment unmodified. The invoked shell is your lo-
gin shell, and no directory changes are made. As a security pre-
caution, if the target user's shell is a non-standard shell (as
defined by getusershell(3)) and the caller's real UID is non-ze-
ro, su will fail.
The -l and -m options are mutually exclusive; the last one specified
overrides any previous ones.
If the optional shell arguments are provided on the command line, they
are passed to the login shell of the target login. This allows it to
pass arbitrary commands via the -c option as understood by most shells.
Note that -c usually expects a single argument only; you have to quote it
when passing multiple words.
If group 0 (normally ``wheel'') has users listed then only those users
can su to ``root''. It is not sufficient to change a user's /etc/passwd
entry to add them to the ``wheel'' group; they must explicitly be listed
in /etc/group. If no one is in the ``wheel'' group, it is ignored, and
anyone who knows the root password is permitted to su to ``root''.
By default (unless the prompt is reset by a startup file) the super-user
prompt is set to ``#'' to remind one of its awesome power.
su bin -c makewhatis
Runs the command makewhatis as user bin. You will be asked for
bin's password unless your real UID is 0.
su bin -c 'makewhatis /usr/local/man'
Same as above, but the target command consists of more than a sin-
su -l foo
Pretend a login for user foo.
csh(1), kerberos(1), kinit(1), login(1), sh(1), skey(1), group(5),
Environment variables used by su:
HOME Default home directory of real user ID unless modified as specified
PATH Default search path of real user ID unless modified as specified
TERM Provides terminal type which may be retained for the substituted
The user ID is always the effective ID (the target user ID) after
an su unless the user ID is 0 (root).
USER Same as LOGNAME.
A su command appeared in Version 7 AT&T UNIX. The version described here
is an adaptation of the MIT Athena Kerberos command.
OpenBSD 2.6 July 29, 1991 2
Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others.
(Corrections, notes, and links courtesy of RocketAware.com)
FreeBSD Sources for su(1)
OpenBSD sources for su(1)
Up to: Process Limits: Identity - Process ownership and Identity
RocketLink!--> Man page versions:
Search | About | Comments | Submit Path: RocketAware >
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments