]> Julianne Frances Haugh Creation, 1989 Thomas Kłoczko kloczek@pld.org.pl shadow-utils maintainer, 2000 - 2007 Nicolas François nicolas.francois@centraliens.net shadow-utils maintainer, 2007 - now su 1 User Commands shadow-utils &SHADOW_UTILS_VERSION; su change user ID or become superuser su options - username args The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser. The - option may be used to provide an environment similar to what the user would expect had the user logged in directly. The -c option may be used to treat the next argument as a command by most shells. Options are recognized everywhere in the argument list. You can use the -- argument to stop option parsing. The - option is special: it is also recognized after --, but has to be placed before username. The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuse of the system. The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs. A subsystem login is indicated by the presence of a "*" as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into. The options which apply to the su command are: -c, --command COMMAND Specify a command that will be invoked by the shell using its -c. The executed command will have no controlling terminal. This option cannot be used to execute interactive programs which need a controlling TTY. -, -l, --login Provide an environment similar to what the user would expect had the user logged in directly. When - is used, it must be specified before any username. For portability it is recommended to use it as last option, before any username. The other forms (-l and --login) do not have this restriction. -s, --shell SHELL The shell that will be invoked. The invoked shell is chosen from (highest priority first): The shell specified with --shell. If --preserve-environment is used, the shell specified by the $SHELL environment variable. The shell indicated in the /etc/passwd entry for the target user. /bin/sh if a shell could not be found by any above method. If the target user has a restricted shell (i.e. the shell field of this user's entry in /etc/passwd is not listed in /etc/shells), then the --shell option or the $SHELL environment variable won't be taken into account, unless su is called by root. -m, -p, --preserve-environment Preserve the current environment, except for: $PATH reset according to the /etc/login.defs options ENV_PATH or ENV_SUPATH (see below); $IFS reset to <space><tab><newline>, if it was set. If the target user has a restricted shell, this option has no effect (unless su is called by root). Note that the default behavior for the environment is the following: The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment variables are reset. If --login is not used, the environment is copied, except for the variables above. If --login is used, the $TERM, $COLORTERM, $DISPLAY, and $XAUTHORITY environment variables are copied if they were set. If --login is used, the $TZ, $HZ, and $MAIL environment variables are set according to the /etc/login.defs options ENV_TZ, ENV_HZ, MAIL_DIR, and MAIL_FILE (see below). If --login is used, other environment variables might be set by the ENVIRON_FILE file (see below). Other environments might be set by PAM modules. This version of su has many compilation options, only some of which may be in use at any particular site. The following configuration variables in /etc/login.defs change the behavior of this tool: &CONSOLE; &CONSOLE_GROUPS; &DEFAULT_HOME; &ENV_HZ; &ENVIRON_FILE; &ENV_PATH; &ENV_SUPATH; &ENV_TZ; &LOGIN_STRING; &MAIL_CHECK_ENAB; &MAIL_DIR; "AS_ENAB; &SULOG_FILE; &SU_NAME; &SU_WHEEL_ONLY; &SYSLOG_SU_ENAB; &USERGROUPS_ENAB; /etc/passwd User account information. /etc/shadow Secure user account information. /etc/login.defs Shadow password suite configuration. On success, su returns the exit value of the command it executed. If this command was terminated by a signal, su returns the number of this signal plus 128. If su has to kill the command (because it was asked to terminate, and the command did not terminate in time), su returns 255. Some exit values from su are independent from the executed command: 0 success (--help only) 1 System or authentication failure 126 The requested command was not found 127 The requested command could not be executed login1 , login.defs5 , sg1 , sh1 .