Commit | Line | Data |
---|---|---|
7b089094 WJ |
1 | .\" Copyright (c) 1988, 1990 The Regents of the University of California. |
2 | .\" All rights reserved. | |
3 | .\" | |
4 | .\" Redistribution and use in source and binary forms, with or without | |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .\" @(#)su.1 6.12 (Berkeley) 7/29/91 | |
33 | .\" | |
34 | .Dd July 29, 1991 | |
35 | .Dt SU 1 | |
36 | .Os | |
37 | .Sh NAME | |
38 | .Nm su | |
39 | .Nd substitute user identity | |
40 | .Sh SYNOPSIS | |
41 | .Nm su | |
42 | .Op Fl Kflm | |
43 | .Op Ar login | |
44 | .Sh DESCRIPTION | |
45 | .Nm Su | |
46 | requests the Kerberos password for | |
47 | .Ar login | |
48 | (or for | |
49 | .Dq Ar login Ns .root , | |
50 | if no login is provided), and switches to | |
51 | that user and group ID after obtaining a Kerberos ticket granting ticket. | |
52 | A shell is then executed. | |
53 | .Nm Su | |
54 | will resort to the local password file to find the password for | |
55 | .Ar login | |
56 | if there is a Kerberos error. | |
57 | If | |
58 | .Nm su | |
59 | is executed by root, no password is requested and a shell | |
60 | with the appropriate user ID is executed; no additional Kerberos tickets | |
61 | are obtained. | |
62 | .Pp | |
63 | By default, the environment is unmodified with the exception of | |
64 | .Ev USER , | |
65 | .Ev HOME , | |
66 | and | |
67 | .Ev SHELL . | |
68 | .Ev HOME | |
69 | and | |
70 | .Ev SHELL | |
71 | are set to the target login's default values. | |
72 | .Ev USER | |
73 | is set to the target login, unless the target login has a user ID of 0, | |
74 | in which case it is unmodified. | |
75 | The invoked shell is the target login's. | |
76 | This is the traditional behavior of | |
77 | .Nm su . | |
78 | .Pp | |
79 | The options are as follows: | |
80 | .Bl -tag -width Ds | |
81 | .It Fl K | |
82 | Do not attempt to use Kerberos to authenticate the user. | |
83 | .It Fl f | |
84 | If the invoked shell is | |
85 | .Xr csh 1 , | |
86 | this option prevents it from reading the | |
87 | .Dq Pa .cshrc | |
88 | file. | |
89 | .It Fl l | |
90 | Simulate a full login. | |
91 | The environment is discarded except for | |
92 | .Ev HOME , | |
93 | .Ev SHELL , | |
94 | .Ev PATH , | |
95 | .Ev TERM , | |
96 | and | |
97 | .Ev USER . | |
98 | .Ev HOME | |
99 | and | |
100 | .Ev SHELL | |
101 | are modified as above. | |
102 | .Ev USER | |
103 | is set to the target login. | |
104 | .Ev PATH | |
105 | is set to | |
106 | .Dq Pa /bin:/usr/bin . | |
107 | .Ev TERM | |
108 | is imported from your current environment. | |
109 | The invoked shell is the target login's, and | |
110 | .Nm su | |
111 | will change directory to the target login's home directory. | |
112 | .It Fl m | |
113 | Leave the environment unmodified. | |
114 | The invoked shell is your login shell, and no directory changes are made. | |
115 | As a security precaution, if the target user's shell is a non-standard | |
116 | shell (as defined by | |
117 | .Xr getusershell 3 ) | |
118 | and the caller's real uid is | |
119 | non-zero, | |
120 | .Nm su | |
121 | will fail. | |
122 | .El | |
123 | .Pp | |
124 | The | |
125 | .Fl l | |
126 | and | |
127 | .Fl m | |
128 | options are mutually exclusive; the last one specified | |
129 | overrides any previous ones. | |
130 | .Pp | |
131 | Only users in group 0 (normally | |
132 | .Dq wheel ) | |
133 | can | |
134 | .Nm su | |
135 | to | |
136 | .Dq root . | |
137 | .Pp | |
138 | By default (unless the prompt is reset by a startup file) the super-user | |
139 | prompt is set to | |
140 | .Dq Sy \&# | |
141 | to remind one of its awesome power. | |
142 | .Sh SEE ALSO | |
143 | .Xr csh 1 , | |
144 | .Xr login 1 , | |
145 | .Xr sh 1 , | |
146 | .Xr kinit 1 , | |
147 | .Xr kerberos 1 , | |
148 | .Xr passwd 5 , | |
149 | .Xr group 5 , | |
150 | .Xr environ 7 | |
151 | .Sh ENVIRONMENT | |
152 | Environment variables used by | |
153 | .Nm su : | |
154 | .Bl -tag -width HOME | |
155 | .It Ev HOME | |
156 | Default home directory of real user ID unless modified as | |
157 | specified above. | |
158 | .It Ev PATH | |
159 | Default search path of real user ID unless modified as specified above. | |
160 | .It Ev TERM | |
161 | Provides terminal type which may be retained for the substituted | |
162 | user ID. | |
163 | .It Ev USER | |
164 | The user ID is always the effective ID (the target user ID) after an | |
165 | .Nm su | |
166 | unless the user ID is 0 (root). | |
167 | .El | |
168 | .Sh HISTORY | |
169 | A | |
170 | .Nm | |
171 | command appeared in | |
172 | .At v7 . | |
173 | The version desribed | |
174 | here is an adaptation of the | |
175 | .Tn MIT | |
176 | Athena Kerberos command. |