su(1M)




NAME

     su - become superuser or another user


SYNOPSIS

     su [-] [ username  [ arg...]]


DESCRIPTION

     The su command allows one to  become  another  user  without
     logging  off  or  to assume a role. The default user name is
     root (superuser).

     To use su, the appropriate password must be supplied (unless
     the invoker is already root). If the password is correct, su
     creates a new shell process that has the real and  effective
     user  ID,  group  IDs,  and  supplementary group list set to
     those of  the  specified  username.  Additionally,  the  new
     shell's  project  ID is set to the default project ID of the
     specified      user.      See      getdefaultproj(3PROJECT),
     setproject(3PROJECT). The new shell will be the shell speci-
     fied in the shell field of username's  password  file  entry
     (see  passwd(4)).  If  no shell is specified, /usr/bin/sh is
     used (see sh(1)). If superuser privilege  is  requested  and
     the shell for the superuser cannot be invoked using exec(2),
     /sbin/sh is used as a fallback. To return to normal user  ID
     privileges, type an EOF character (<CTRL-D>) to exit the new
     shell.

     Any additional arguments  given  on  the  command  line  are
     passed  to the new shell. When using programs such as sh, an
     arg of the form -c string executes string  using  the  shell
     and an arg of -r gives the user a restricted shell.

     The following statements are true  if  the  login  shell  is
     /usr/bin/sh   or   an   empty   string  (which  defaults  to
     /usr/bin/sh) in the specific user's password file entry.  If
     the first argument to su is a dash (-), the environment will
     be changed to what would be expected if  the  user  actually
     logged  in as the specified user. Otherwise, the environment
     is passed along, with the exception of $PATH,  which is con-
     trolled by PATH and SUPATH in /etc/default/su.

     All attempts to become another user using su are  logged  in
     the log file /var/adm/sulog (see sulog(4)).


SECURITY

     su uses pam(3PAM) with the service name su  for  authentica-
     tion, account management, and credential establishment.


EXAMPLES

     Example 1: Becoming User bin While Retaining Your Previously
     Exported Environment

     To become user bin while retaining your previously  exported
     environment, execute:

     example% su bin

     Example 2: Becoming User bin and  Changing  to  bin's  Login
     Environment

     To become user bin but change the environment to what  would
     be expected if bin had originally logged in, execute:

     example% su - bin

     Example 3: Executing command with user bin's Environment and
     Permissions

     To execute command with the temporary environment  and  per-
     missions of user bin, type:

     example% su - bin -c "command args"


ENVIRONMENT VARIABLES

     Variables with LD_ prefix are removed for security  reasons.
     Thus,  su  bin will not retain previously exported variables
     with LD_ prefix while becoming user bin.

     If any  of  the  LC_*  variables  (  LC_CTYPE,  LC_MESSAGES,
     LC_TIME,   LC_COLLATE,  LC_NUMERIC,  and  LC_MONETARY)  (see
     environ(5)) are not set in the environment, the  operational
     behavior  of  su  for  each corresponding locale category is
     determined by the value of the LANG environment variable. If
     LC_ALL  is  set,  its contents are used to override both the
     LANG and the other LC_* variables.  If  none  of  the  above
     variables  are  set in the environment, the "C" (U.S. style)
     locale determines how su behaves.

     LC_CTYPE
           Determines how su handles characters. When LC_CTYPE is
           set  to  a valid value, su can display and handle text
           and filenames containing  valid  characters  for  that
           locale.  su  can display and handle Extended Unix Code
           (EUC) characters where any individual character can be
           1,  2, or 3 bytes wide. su can also handle EUC charac-
           ters of 1, 2,  or  more  column  widths.  In  the  "C"
           locale, only characters from ISO 8859-1 are valid.

     LC_MESSAGES
           Determines how diagnostic and informative messages are
           presented. This includes the language and style of the
           messages, and the  correct  form  of  affirmative  and
           negative  responses.  In  the "C" locale, the messages
           are presented in the default form found in the program
           itself (in most cases, U.S. English).


FILES

     $HOME/.profile
           user's login commands for sh and ksh

     /etc/passwd
           system's password file

     /etc/profile
           system-wide sh and ksh login commands

     /var/adm/sulog
           log file

     /etc/default/su
           the default parameters in this file are:

           SULOG If defined, all attempts to su to  another  user
                 are logged in the indicated file.

           CONSOLE
                 If defined, all  attempts  to  su  to  root  are
                 logged on the console.

           PATH  Default path. (/usr/bin:)

           SUPATH
                 Default path for a user  invoking  su  to  root.
                 (/usr/sbin:/usr/bin)

           SYSLOG
                 Determines  whether  the   syslog(3C)   LOG_AUTH
                 facility  should be used to log all su attempts.
                 LOG_NOTICE messages are generated  for  su's  to
                 root,  LOG_INFO  messages are generated for su's
                 to other users, and LOG_CRIT messages  are  gen-
                 erated for failed su attempts.

           SLEEPTIME
                 If present, sets the number of seconds  to  wait
                 before  login  failure  is printed to the screen
                 and another login attempt is allowed. Default is
                 4  seconds.  Minimum is 0 seconds.  Maximum is 5
                 seconds.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|


SEE ALSO

     csh(1),   env(1),   ksh(1),   login(1),   roles(1),   sh(1),
     syslogd(1M),        exec(2),       getdefaultproj(3PROJECT),
     setproject(3PROJECT),  pam(3PAM),  syslog(3C),  pam.conf(4),
     passwd(4),  profile(4), sulog(4), attributes(5), environ(5),
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix(5),     pam_unix_account(5),      pam_unix_auth(5),
     pam_unix_session(5)


NOTES

     The pam_unix(5) module might not be supported  in  a  future
     release.    Similar    functionality    is    provided    by
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix_account(5),          pam_unix_auth(5),          and
     pam_unix_session(5).


Man(1) output converted with man2html