[unix-history] / usr / src / usr.bin / su / su.1

.\" Copyright (c) 1988, 1990, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" %sccs.include.redist.roff%
.\"
.\"	@(#)su.1	8.1 (Berkeley) %G%
.\"
.Dd 
.Dt SU 1
.Os
.Sh NAME
.Nm su
.Nd substitute user identity
.Sh SYNOPSIS
.Nm su
.Op Fl Kflm
.Op Ar login
.Sh DESCRIPTION
.Nm Su
requests the Kerberos password for
.Ar login
(or for
.Dq Ar login Ns .root ,
if no login is provided), and switches to
that user and group ID after obtaining a Kerberos ticket granting ticket.
A shell is then executed.
.Nm Su
will resort to the local password file to find the password for
.Ar login
if there is a Kerberos error.
If
.Nm su
is executed by root, no password is requested and a shell
with the appropriate user ID is executed; no additional Kerberos tickets
are obtained.
.Pp
By default, the environment is unmodified with the exception of
.Ev USER ,
.Ev HOME ,
and
.Ev SHELL .
.Ev HOME
and
.Ev SHELL
are set to the target login's default values.
.Ev USER
is set to the target login, unless the target login has a user ID of 0,
in which case it is unmodified.
The invoked shell is the target login's.
This is the traditional behavior of
.Nm su .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl K
Do not attempt to use Kerberos to authenticate the user.
.It Fl f
If the invoked shell is
.Xr csh 1 ,
this option prevents it from reading the
.Dq Pa .cshrc
file.
.It Fl l
Simulate a full login.
The environment is discarded except for
.Ev HOME ,
.Ev SHELL ,
.Ev PATH ,
.Ev TERM ,
and
.Ev USER .
.Ev HOME
and
.Ev SHELL
are modified as above.
.Ev USER
is set to the target login.
.Ev PATH
is set to
.Dq Pa /bin:/usr/bin .
.Ev TERM
is imported from your current environment.
The invoked shell is the target login's, and
.Nm su
will change directory to the target login's home directory.
.It Fl m
Leave the environment unmodified.
The invoked shell is your login shell, and no directory changes are made.
As a security precaution, if the target user's shell is a non-standard
shell (as defined by
.Xr getusershell 3 )
and the caller's real uid is
non-zero,
.Nm su
will fail.
.El
.Pp
The
.Fl l
and
.Fl m
options are mutually exclusive; the last one specified
overrides any previous ones.
.Pp
Only users in group 0 (normally
.Dq wheel )
can
.Nm su
to
.Dq root .
.Pp
By default (unless the prompt is reset by a startup file) the super-user
prompt is set to
.Dq Sy \&#
to remind one of its awesome power.
.Sh SEE ALSO
.Xr csh 1 ,
.Xr login 1 ,
.Xr sh 1 ,
.Xr kinit 1 ,
.Xr kerberos 1 ,
.Xr passwd 5 ,
.Xr group 5 ,
.Xr environ 7
.Sh ENVIRONMENT
Environment variables used by
.Nm su :
.Bl -tag -width HOME
.It Ev HOME
Default home directory of real user ID unless modified as
specified above.
.It Ev PATH
Default search path of real user ID unless modified as specified above.
.It Ev TERM
Provides terminal type which may be retained for the substituted
user ID.
.It Ev USER
The user ID is always the effective ID (the target user ID) after an
.Nm su
unless the user ID is 0 (root).
.El
.Sh HISTORY
A
.Nm
command appeared in
.At v7 .
The version desribed
here is an adaptation of the
.Tn MIT
Athena Kerberos command.
Commit	Line	Data
84bb5642 KB	1	.\" Copyright (c) 1988, 1990, 1993
84bb5642 KB	2	.\" The Regents of the University of California. All rights reserved.
7d4168b6	3	.\"
c2d1dc9f	4	.\" %sccs.include.redist.roff%
6964f298	5	.\"
84bb5642	6	.\" @(#)su.1 8.1 (Berkeley) %G%
7d4168b6	7	.\"
27655ae5 CL	8	.Dd
27655ae5 CL	9	.Dt SU 1
c2d1dc9f	10	.Os
27655ae5 CL	11	.Sh NAME
	12	.Nm su
	13	.Nd substitute user identity
	14	.Sh SYNOPSIS
	15	.Nm su
	16	.Op Fl Kflm
	17	.Op Ar login
	18	.Sh DESCRIPTION
	19	.Nm Su
e5b1d5e7	20	requests the Kerberos password for
27655ae5 CL	21	.Ar login
	22	(or for
	23	.Dq Ar login Ns .root ,
	24	if no login is provided), and switches to
239627de	25	that user and group ID after obtaining a Kerberos ticket granting ticket.
27655ae5 CL	26	A shell is then executed.
27655ae5 CL	27	.Nm Su
e5b1d5e7	28	will resort to the local password file to find the password for
27655ae5	29	.Ar login
e5b1d5e7	30	if there is a Kerberos error.
239627de	31	If
27655ae5	32	.Nm su
239627de	33	is executed by root, no password is requested and a shell
27655ae5	34	with the appropriate user ID is executed; no additional Kerberos tickets
239627de	35	are obtained.
27655ae5	36	.Pp
e5b1d5e7	37	By default, the environment is unmodified with the exception of
27655ae5 CL	38	.Ev USER ,
27655ae5 CL	39	.Ev HOME ,
e5b1d5e7	40	and
27655ae5 CL	41	.Ev SHELL .
27655ae5 CL	42	.Ev HOME
e5b1d5e7	43	and
27655ae5	44	.Ev SHELL
e5b1d5e7	45	are set to the target login's default values.
27655ae5	46	.Ev USER
e5b1d5e7 KB	47	is set to the target login, unless the target login has a user ID of 0,
	48	in which case it is unmodified.
	49	The invoked shell is the target login's.
	50	This is the traditional behavior of
27655ae5 CL	51	.Nm su .
27655ae5 CL	52	.Pp
e5b1d5e7	53	The options are as follows:
27655ae5 CL	54	.Bl -tag -width Ds
27655ae5 CL	55	.It Fl K
e5b1d5e7	56	Do not attempt to use Kerberos to authenticate the user.
27655ae5	57	.It Fl f
e5b1d5e7	58	If the invoked shell is
27655ae5 CL	59	.Xr csh 1 ,
	60	this option prevents it from reading the
	61	.Dq Pa .cshrc
	62	file.
	63	.It Fl l
e5b1d5e7 KB	64	Simulate a full login.
e5b1d5e7 KB	65	The environment is discarded except for
27655ae5 CL	66	.Ev HOME ,
	67	.Ev SHELL ,
	68	.Ev PATH ,
	69	.Ev TERM ,
e5b1d5e7	70	and
27655ae5 CL	71	.Ev USER .
27655ae5 CL	72	.Ev HOME
e5b1d5e7	73	and
27655ae5	74	.Ev SHELL
e5b1d5e7	75	are modified as above.
27655ae5	76	.Ev USER
e5b1d5e7	77	is set to the target login.
27655ae5 CL	78	.Ev PATH
	79	is set to
	80	.Dq Pa /bin:/usr/bin .
	81	.Ev TERM
e5b1d5e7 KB	82	is imported from your current environment.
e5b1d5e7 KB	83	The invoked shell is the target login's, and
27655ae5	84	.Nm su
e5b1d5e7	85	will change directory to the target login's home directory.
27655ae5	86	.It Fl m
e5b1d5e7 KB	87	Leave the environment unmodified.
	88	The invoked shell is your login shell, and no directory changes are made.
	89	As a security precaution, if the target user's shell is a non-standard
27655ae5 CL	90	shell (as defined by
	91	.Xr getusershell 3 )
	92	and the caller's real uid is
6fad2abb	93	non-zero,
27655ae5	94	.Nm su
6fad2abb	95	will fail.
27655ae5 CL	96	.El
	97	.Pp
	98	The
	99	.Fl l
	100	and
	101	.Fl m
	102	options are mutually exclusive; the last one specified
e5b1d5e7	103	overrides any previous ones.
27655ae5 CL	104	.Pp
	105	Only users in group 0 (normally
	106	.Dq wheel )
	107	can
	108	.Nm su
	109	to
	110	.Dq root .
	111	.Pp
6964f298	112	By default (unless the prompt is reset by a startup file) the super-user
27655ae5 CL	113	prompt is set to
	114	.Dq Sy \&#
	115	to remind one of its awesome power.
	116	.Sh SEE ALSO
	117	.Xr csh 1 ,
	118	.Xr login 1 ,
	119	.Xr sh 1 ,
	120	.Xr kinit 1 ,
	121	.Xr kerberos 1 ,
	122	.Xr passwd 5 ,
	123	.Xr group 5 ,
	124	.Xr environ 7
	125	.Sh ENVIRONMENT
	126	Environment variables used by
	127	.Nm su :
	128	.Bl -tag -width HOME
	129	.It Ev HOME
	130	Default home directory of real user ID unless modified as
	131	specified above.
	132	.It Ev PATH
	133	Default search path of real user ID unless modified as specified above.
	134	.It Ev TERM
	135	Provides terminal type which may be retained for the substituted
	136	user ID.
	137	.It Ev USER
	138	The user ID is always the effective ID (the target user ID) after an
	139	.Nm su
	140	unless the user ID is 0 (root).
	141	.El
	142	.Sh HISTORY
	143	A
	144	.Nm
	145	command appeared in
	146	.At v7 .
	147	The version desribed
c2d1dc9f CL	148	here is an adaptation of the
	149	.Tn MIT
	150	Athena Kerberos command.