+SU(1) BSD Reference Manual SU(1)
+
+N\bNA\bAM\bME\bE
+ s\bsu\bu - substitute user identity
+
+S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
+ s\bsu\bu [-\b-K\bKf\bfl\blm\bm] [_\bl_\bo_\bg_\bi_\bn]
+
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+ S\bSu\bu requests the Kerberos password for _\bl_\bo_\bg_\bi_\bn (or for ``_\bl_\bo_\bg_\bi_\bn.root'', if no
+ login is provided), and switches to that user and group ID after obtain-
+ ing a Kerberos ticket granting ticket. A shell is then executed. S\bSu\bu
+ will resort to the local password file to find the password for _\bl_\bo_\bg_\bi_\bn if
+ there is a Kerberos error. If s\bsu\bu is executed by root, no password is re-
+ quested and a shell with the appropriate user ID is executed; no addi-
+ tional Kerberos tickets are obtained.
+
+ By default, the environment is unmodified with the exception of USER,
+ HOME, and SHELL. HOME and SHELL are set to the target login's default
+ values. USER is set to the target login, unless the target login has a
+ user ID of 0, in which case it is unmodified. The invoked shell is the
+ target login's. This is the traditional behavior of s\bsu\bu.
+
+ The options are as follows:
+
+ -\b-K\bK Do not attempt to use Kerberos to authenticate the user.
+
+ -\b-f\bf If the invoked shell is csh(1), this option prevents it from
+ reading the ``_\b._\bc_\bs_\bh_\br_\bc'' file.
+
+ -\b-l\bl Simulate a full login. The environment is discarded except for
+ HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as
+ above. USER is set to the target login. PATH is set to
+ ``_\b/_\bb_\bi_\bn_\b:_\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn''. TERM is imported from your current environ-
+ ment. The invoked shell is the target login's, and s\bsu\bu will
+ change directory to the target login's home directory.
+
+ -\b-m\bm Leave the environment unmodified. The invoked shell is your lo-
+ gin shell, and no directory changes are made. As a security pre-
+ caution, if the target user's shell is a non-standard shell (as
+ defined by getusershell(3)) and the caller's real uid is non-
+ zero, s\bsu\bu will fail.
+
+ The -\b-l\bl and -\b-m\bm options are mutually exclusive; the last one specified
+ overrides any previous ones.
+
+ Only users in group 0 (normally ``wheel'') can s\bsu\bu to ``root''.
+
+ By default (unless the prompt is reset by a startup file) the super-user
+ prompt is set to ``#\b#'' to remind one of its awesome power.
+
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ csh(1), login(1), sh(1), kinit(1), kerberos(1), passwd(5),
+ group(5), environ(7)
+
+E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
+ Environment variables used by s\bsu\bu:
+
+ HOME Default home directory of real user ID unless modified as specified
+ above.
+
+ PATH Default search path of real user ID unless modified as specified
+ above.
+
+ TERM Provides terminal type which may be retained for the substituted
+
+ user ID.
+
+ USER The user ID is always the effective ID (the target user ID) after
+ an s\bsu\bu unless the user ID is 0 (root).
+
+H\bHI\bIS\bST\bTO\bOR\bRY\bY
+ A s\bsu\bu command appeared in Version 7 AT&T UNIX. The version desribed here
+ is an adaptation of the MIT Athena Kerberos command.
+
+4.4BSD June 6, 1993 2