| 1 | .\" Copyright (c) 1988, 1990 The Regents of the University of California. |
| 2 | .\" All rights reserved. |
| 3 | .\" |
| 4 | .\" Redistribution and use in source and binary forms, with or without |
| 5 | .\" modification, are permitted provided that the following conditions |
| 6 | .\" are met: |
| 7 | .\" 1. Redistributions of source code must retain the above copyright |
| 8 | .\" notice, this list of conditions and the following disclaimer. |
| 9 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| 10 | .\" notice, this list of conditions and the following disclaimer in the |
| 11 | .\" documentation and/or other materials provided with the distribution. |
| 12 | .\" 3. All advertising materials mentioning features or use of this software |
| 13 | .\" must display the following acknowledgement: |
| 14 | .\" This product includes software developed by the University of |
| 15 | .\" California, Berkeley and its contributors. |
| 16 | .\" 4. Neither the name of the University nor the names of its contributors |
| 17 | .\" may be used to endorse or promote products derived from this software |
| 18 | .\" without specific prior written permission. |
| 19 | .\" |
| 20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 30 | .\" SUCH DAMAGE. |
| 31 | .\" |
| 32 | .\" @(#)su.1 6.12 (Berkeley) 7/29/91 |
| 33 | .\" |
| 34 | .Dd July 29, 1991 |
| 35 | .Dt SU 1 |
| 36 | .Os |
| 37 | .Sh NAME |
| 38 | .Nm su |
| 39 | .Nd substitute user identity |
| 40 | .Sh SYNOPSIS |
| 41 | .Nm su |
| 42 | .Op Fl Kflm |
| 43 | .Op Ar login |
| 44 | .Sh DESCRIPTION |
| 45 | .Nm Su |
| 46 | requests the Kerberos password for |
| 47 | .Ar login |
| 48 | (or for |
| 49 | .Dq Ar login Ns .root , |
| 50 | if no login is provided), and switches to |
| 51 | that user and group ID after obtaining a Kerberos ticket granting ticket. |
| 52 | A shell is then executed. |
| 53 | .Nm Su |
| 54 | will resort to the local password file to find the password for |
| 55 | .Ar login |
| 56 | if there is a Kerberos error. |
| 57 | If |
| 58 | .Nm su |
| 59 | is executed by root, no password is requested and a shell |
| 60 | with the appropriate user ID is executed; no additional Kerberos tickets |
| 61 | are obtained. |
| 62 | .Pp |
| 63 | By default, the environment is unmodified with the exception of |
| 64 | .Ev USER , |
| 65 | .Ev HOME , |
| 66 | and |
| 67 | .Ev SHELL . |
| 68 | .Ev HOME |
| 69 | and |
| 70 | .Ev SHELL |
| 71 | are set to the target login's default values. |
| 72 | .Ev USER |
| 73 | is set to the target login, unless the target login has a user ID of 0, |
| 74 | in which case it is unmodified. |
| 75 | The invoked shell is the target login's. |
| 76 | This is the traditional behavior of |
| 77 | .Nm su . |
| 78 | .Pp |
| 79 | The options are as follows: |
| 80 | .Bl -tag -width Ds |
| 81 | .It Fl K |
| 82 | Do not attempt to use Kerberos to authenticate the user. |
| 83 | .It Fl f |
| 84 | If the invoked shell is |
| 85 | .Xr csh 1 , |
| 86 | this option prevents it from reading the |
| 87 | .Dq Pa .cshrc |
| 88 | file. |
| 89 | .It Fl l |
| 90 | Simulate a full login. |
| 91 | The environment is discarded except for |
| 92 | .Ev HOME , |
| 93 | .Ev SHELL , |
| 94 | .Ev PATH , |
| 95 | .Ev TERM , |
| 96 | and |
| 97 | .Ev USER . |
| 98 | .Ev HOME |
| 99 | and |
| 100 | .Ev SHELL |
| 101 | are modified as above. |
| 102 | .Ev USER |
| 103 | is set to the target login. |
| 104 | .Ev PATH |
| 105 | is set to |
| 106 | .Dq Pa /bin:/usr/bin . |
| 107 | .Ev TERM |
| 108 | is imported from your current environment. |
| 109 | The invoked shell is the target login's, and |
| 110 | .Nm su |
| 111 | will change directory to the target login's home directory. |
| 112 | .It Fl m |
| 113 | Leave the environment unmodified. |
| 114 | The invoked shell is your login shell, and no directory changes are made. |
| 115 | As a security precaution, if the target user's shell is a non-standard |
| 116 | shell (as defined by |
| 117 | .Xr getusershell 3 ) |
| 118 | and the caller's real uid is |
| 119 | non-zero, |
| 120 | .Nm su |
| 121 | will fail. |
| 122 | .El |
| 123 | .Pp |
| 124 | The |
| 125 | .Fl l |
| 126 | and |
| 127 | .Fl m |
| 128 | options are mutually exclusive; the last one specified |
| 129 | overrides any previous ones. |
| 130 | .Pp |
| 131 | Only users in group 0 (normally |
| 132 | .Dq wheel ) |
| 133 | can |
| 134 | .Nm su |
| 135 | to |
| 136 | .Dq root . |
| 137 | .Pp |
| 138 | By default (unless the prompt is reset by a startup file) the super-user |
| 139 | prompt is set to |
| 140 | .Dq Sy \&# |
| 141 | to remind one of its awesome power. |
| 142 | .Sh SEE ALSO |
| 143 | .Xr csh 1 , |
| 144 | .Xr login 1 , |
| 145 | .Xr sh 1 , |
| 146 | .Xr kinit 1 , |
| 147 | .Xr kerberos 1 , |
| 148 | .Xr passwd 5 , |
| 149 | .Xr group 5 , |
| 150 | .Xr environ 7 |
| 151 | .Sh ENVIRONMENT |
| 152 | Environment variables used by |
| 153 | .Nm su : |
| 154 | .Bl -tag -width HOME |
| 155 | .It Ev HOME |
| 156 | Default home directory of real user ID unless modified as |
| 157 | specified above. |
| 158 | .It Ev PATH |
| 159 | Default search path of real user ID unless modified as specified above. |
| 160 | .It Ev TERM |
| 161 | Provides terminal type which may be retained for the substituted |
| 162 | user ID. |
| 163 | .It Ev USER |
| 164 | The user ID is always the effective ID (the target user ID) after an |
| 165 | .Nm su |
| 166 | unless the user ID is 0 (root). |
| 167 | .El |
| 168 | .Sh HISTORY |
| 169 | A |
| 170 | .Nm |
| 171 | command appeared in |
| 172 | .At v7 . |
| 173 | The version desribed |
| 174 | here is an adaptation of the |
| 175 | .Tn MIT |
| 176 | Athena Kerberos command. |