Commit | Line | Data |
---|---|---|
851414c8 | 1 | .\" Copyright (c) 1988, 1990, 1993, 1994 |
84bb5642 | 2 | .\" The Regents of the University of California. All rights reserved. |
7d4168b6 | 3 | .\" |
c2d1dc9f | 4 | .\" %sccs.include.redist.roff% |
6964f298 | 5 | .\" |
851414c8 | 6 | .\" @(#)su.1 8.2 (Berkeley) %G% |
7d4168b6 | 7 | .\" |
27655ae5 CL |
8 | .Dd |
9 | .Dt SU 1 | |
c2d1dc9f | 10 | .Os |
27655ae5 CL |
11 | .Sh NAME |
12 | .Nm su | |
13 | .Nd substitute user identity | |
14 | .Sh SYNOPSIS | |
15 | .Nm su | |
16 | .Op Fl Kflm | |
17 | .Op Ar login | |
18 | .Sh DESCRIPTION | |
19 | .Nm Su | |
e5b1d5e7 | 20 | requests the Kerberos password for |
27655ae5 CL |
21 | .Ar login |
22 | (or for | |
23 | .Dq Ar login Ns .root , | |
24 | if no login is provided), and switches to | |
239627de | 25 | that user and group ID after obtaining a Kerberos ticket granting ticket. |
27655ae5 CL |
26 | A shell is then executed. |
27 | .Nm Su | |
e5b1d5e7 | 28 | will resort to the local password file to find the password for |
27655ae5 | 29 | .Ar login |
e5b1d5e7 | 30 | if there is a Kerberos error. |
239627de | 31 | If |
27655ae5 | 32 | .Nm su |
239627de | 33 | is executed by root, no password is requested and a shell |
27655ae5 | 34 | with the appropriate user ID is executed; no additional Kerberos tickets |
239627de | 35 | are obtained. |
27655ae5 | 36 | .Pp |
e5b1d5e7 | 37 | By default, the environment is unmodified with the exception of |
27655ae5 CL |
38 | .Ev USER , |
39 | .Ev HOME , | |
e5b1d5e7 | 40 | and |
27655ae5 CL |
41 | .Ev SHELL . |
42 | .Ev HOME | |
e5b1d5e7 | 43 | and |
27655ae5 | 44 | .Ev SHELL |
e5b1d5e7 | 45 | are set to the target login's default values. |
27655ae5 | 46 | .Ev USER |
e5b1d5e7 KB |
47 | is set to the target login, unless the target login has a user ID of 0, |
48 | in which case it is unmodified. | |
49 | The invoked shell is the target login's. | |
50 | This is the traditional behavior of | |
27655ae5 CL |
51 | .Nm su . |
52 | .Pp | |
e5b1d5e7 | 53 | The options are as follows: |
27655ae5 CL |
54 | .Bl -tag -width Ds |
55 | .It Fl K | |
e5b1d5e7 | 56 | Do not attempt to use Kerberos to authenticate the user. |
27655ae5 | 57 | .It Fl f |
e5b1d5e7 | 58 | If the invoked shell is |
27655ae5 CL |
59 | .Xr csh 1 , |
60 | this option prevents it from reading the | |
61 | .Dq Pa .cshrc | |
62 | file. | |
63 | .It Fl l | |
e5b1d5e7 KB |
64 | Simulate a full login. |
65 | The environment is discarded except for | |
27655ae5 CL |
66 | .Ev HOME , |
67 | .Ev SHELL , | |
68 | .Ev PATH , | |
69 | .Ev TERM , | |
e5b1d5e7 | 70 | and |
27655ae5 CL |
71 | .Ev USER . |
72 | .Ev HOME | |
e5b1d5e7 | 73 | and |
27655ae5 | 74 | .Ev SHELL |
e5b1d5e7 | 75 | are modified as above. |
27655ae5 | 76 | .Ev USER |
e5b1d5e7 | 77 | is set to the target login. |
27655ae5 CL |
78 | .Ev PATH |
79 | is set to | |
80 | .Dq Pa /bin:/usr/bin . | |
81 | .Ev TERM | |
e5b1d5e7 KB |
82 | is imported from your current environment. |
83 | The invoked shell is the target login's, and | |
27655ae5 | 84 | .Nm su |
e5b1d5e7 | 85 | will change directory to the target login's home directory. |
27655ae5 | 86 | .It Fl m |
e5b1d5e7 KB |
87 | Leave the environment unmodified. |
88 | The invoked shell is your login shell, and no directory changes are made. | |
89 | As a security precaution, if the target user's shell is a non-standard | |
27655ae5 CL |
90 | shell (as defined by |
91 | .Xr getusershell 3 ) | |
92 | and the caller's real uid is | |
6fad2abb | 93 | non-zero, |
27655ae5 | 94 | .Nm su |
6fad2abb | 95 | will fail. |
27655ae5 CL |
96 | .El |
97 | .Pp | |
98 | The | |
99 | .Fl l | |
100 | and | |
101 | .Fl m | |
102 | options are mutually exclusive; the last one specified | |
e5b1d5e7 | 103 | overrides any previous ones. |
27655ae5 CL |
104 | .Pp |
105 | Only users in group 0 (normally | |
106 | .Dq wheel ) | |
107 | can | |
108 | .Nm su | |
109 | to | |
110 | .Dq root . | |
111 | .Pp | |
6964f298 | 112 | By default (unless the prompt is reset by a startup file) the super-user |
27655ae5 CL |
113 | prompt is set to |
114 | .Dq Sy \&# | |
115 | to remind one of its awesome power. | |
116 | .Sh SEE ALSO | |
117 | .Xr csh 1 , | |
118 | .Xr login 1 , | |
119 | .Xr sh 1 , | |
120 | .Xr kinit 1 , | |
121 | .Xr kerberos 1 , | |
122 | .Xr passwd 5 , | |
123 | .Xr group 5 , | |
124 | .Xr environ 7 | |
125 | .Sh ENVIRONMENT | |
126 | Environment variables used by | |
127 | .Nm su : | |
128 | .Bl -tag -width HOME | |
129 | .It Ev HOME | |
130 | Default home directory of real user ID unless modified as | |
131 | specified above. | |
132 | .It Ev PATH | |
133 | Default search path of real user ID unless modified as specified above. | |
134 | .It Ev TERM | |
135 | Provides terminal type which may be retained for the substituted | |
136 | user ID. | |
137 | .It Ev USER | |
138 | The user ID is always the effective ID (the target user ID) after an | |
139 | .Nm su | |
140 | unless the user ID is 0 (root). | |
141 | .El | |
142 | .Sh HISTORY | |
143 | A | |
144 | .Nm | |
145 | command appeared in | |
146 | .At v7 . |