1su(1M) System Administration Commands su(1M)
2
3
4
6 su - become superuser or another user
7
9 su [-] [username [arg...]]
10
11
13 The su command allows one to become another user without logging off or
14 to assume a role. The default user name is root (superuser).
15
16
17 To use su, the appropriate password must be supplied (unless the
18 invoker is already root). If the password is correct, su creates a new
19 shell process that has the real and effective user ID, group IDs, and
20 supplementary group list set to those of the specified username. Addi‐
21 tionally, the new shell's project ID is set to the default project ID
22 of the specified user. See getdefaultproj(3PROJECT), setpro‐
23 ject(3PROJECT). The new shell will be the shell specified in the shell
24 field of username's password file entry (see passwd(4)). If no shell is
25 specified, /usr/bin/sh is used (see sh(1)). If superuser privilege is
26 requested and the shell for the superuser cannot be invoked using
27 exec(2), /sbin/sh is used as a fallback. To return to normal user ID
28 privileges, type an EOF character (CTRL-D) to exit the new shell.
29
30
31 Any additional arguments given on the command line are passed to the
32 new shell. When using programs such as sh, an arg of the form -c string
33 executes string using the shell and an arg of -r gives the user a
34 restricted shell.
35
36
37 To create a login environment, the command "su -" does the following:
38
39 o In addition to what is already propagated, the LC* and LANG
40 environment variables from the specified user's environment
41 are also propagated.
42
43 o Propagate TZ from the user's environment. If TZ is not found
44 in the user's environment, su uses the TZ value from the
45 TIMEZONE parameter found in /etc/default/login.
46
47 o Set MAIL to /var/mail/new_user.
48
49
50 If the first argument to su is a dash (-), the environment will be
51 changed to what would be expected if the user actually logged in as the
52 specified user. Otherwise, the environment is passed along, with the
53 exception of $PATH, which is controlled by PATH and SUPATH in
54 /etc/default/su.
55
56
57 All attempts to become another user using su are logged in the log file
58 /var/adm/sulog (see sulog(4)).
59
61 su uses pam(3PAM) with the service name su for authentication, account
62 management, and credential establishment.
63
65 Example 1 Becoming User bin While Retaining Your Previously Exported
66 Environment
67
68
69 To become user bin while retaining your previously exported environ‐
70 ment, execute:
71
72
73 example% su bin
74
75
76
77 Example 2 Becoming User bin and Changing to bin's Login Environment
78
79
80 To become user bin but change the environment to what would be expected
81 if bin had originally logged in, execute:
82
83
84 example% su - bin
85
86
87
88 Example 3 Executing command with user bin's Environment and Permissions
89
90
91 To execute command with the temporary environment and permissions of
92 user bin, type:
93
94
95 example% su - bin -c "command args"
96
97
98
100 Variables with LD_ prefix are removed for security reasons. Thus, su
101 bin will not retain previously exported variables with LD_ prefix while
102 becoming user bin.
103
104
105 If any of the LC_* variables ( LC_CTYPE, LC_MESSAGES, LC_TIME, LC_COL‐
106 LATE, LC_NUMERIC, and LC_MONETARY) (see environ(5)) are not set in the
107 environment, the operational behavior of su for each corresponding
108 locale category is determined by the value of the LANG environment
109 variable. If LC_ALL is set, its contents are used to override both the
110 LANG and the other LC_* variables. If none of the above variables are
111 set in the environment, the "C" (U.S. style) locale determines how su
112 behaves.
113
114 LC_CTYPE Determines how su handles characters. When LC_CTYPE is
115 set to a valid value, su can display and handle text and
116 filenames containing valid characters for that locale.
117 su can display and handle Extended Unix Code (EUC) char‐
118 acters where any individual character can be 1, 2, or 3
119 bytes wide. su can also handle EUC characters of 1, 2,
120 or more column widths. In the "C" locale, only charac‐
121 ters from ISO 8859-1 are valid.
122
123
124 LC_MESSAGES Determines how diagnostic and informative messages are
125 presented. This includes the language and style of the
126 messages, and the correct form of affirmative and nega‐
127 tive responses. In the "C" locale, the messages are pre‐
128 sented in the default form found in the program itself
129 (in most cases, U.S. English).
130
131
133 $HOME/.profile user's login commands for sh and ksh
134
135
136 /etc/passwd system's password file
137
138
139 /etc/profile system-wide sh and ksh login commands
140
141
142 /var/adm/sulog log file
143
144
145 /etc/default/su the default parameters in this file are:
146
147 SULOG If defined, all attempts to su to
148 another user are logged in the indi‐
149 cated file.
150
151
152 CONSOLE If defined, all attempts to su to root
153 are logged on the console.
154
155
156 PATH Default path. (/usr/bin:)
157
158
159 SUPATH Default path for a user invoking su to
160 root. (/usr/sbin:/usr/bin)
161
162
163 SYSLOG Determines whether the syslog(3C)
164 LOG_AUTH facility should be used to
165 log all su attempts. LOG_NOTICE mes‐
166 sages are generated for su's to root,
167 LOG_INFO messages are generated for
168 su's to other users, and LOG_CRIT mes‐
169 sages are generated for failed su
170 attempts.
171
172
173
174 /etc/default/login the default parameters in this file are:
175
176 TIMEZONE Sets the TZ environment variable of
177 the shell.
178
179
180
182 See attributes(5) for descriptions of the following attributes:
183
184
185
186
187 ┌─────────────────────────────┬─────────────────────────────┐
188 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
189 ├─────────────────────────────┼─────────────────────────────┤
190 │Availability │SUNWcsu │
191 └─────────────────────────────┴─────────────────────────────┘
192
194 csh(1), env(1), ksh(1), login(1), roles(1), sh(1), syslogd(1M),
195 exec(2), getdefaultproj(3PROJECT), setproject(3PROJECT), pam(3PAM),
196 pam_authenticate(3PAM), pam_acct_mgmt(3PAM), pam_setcred(3PAM),
197 pam.conf(4), passwd(4), profile(4), sulog(4), syslog(3C),
198 attributes(5), environ(5)
199
200
201
202SunOS 5.11 26 Feb 2004 su(1M)