![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ksu.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / old / athena / ksu|
Return to ksu.1 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / old / athena / ksu |
1.1 ! root 1: .\" $Source: /mit/kerberos/src/man/RCS/ksu.1,v $ ! 2: .\" $Author: jtkohl $ ! 3: .\" $Header: ksu.1,v 4.1 89/01/23 11:38:16 jtkohl Exp $ ! 4: .\" ! 5: .\" Copyright (c) 1988 The Regents of the University of California. ! 6: .\" All rights reserved. ! 7: .\" ! 8: .\" Redistribution and use in source and binary forms are permitted ! 9: .\" provided that the above copyright notice and this paragraph are ! 10: .\" duplicated in all such forms and that any documentation, ! 11: .\" advertising materials, and other materials related to such ! 12: .\" distribution and use acknowledge that the software was developed ! 13: .\" by the University of California, Berkeley. The name of the ! 14: .\" University may not be used to endorse or promote products derived ! 15: .\" from this software without specific prior written permission. ! 16: .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR ! 17: .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ! 18: .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. ! 19: .\" ! 20: .\" @(#)su.1 6.7 (Berkeley) 12/7/88 ! 21: .\" ! 22: .TH KSU 1 "Kerberos Version 4.0" "MIT Project Athena" ! 23: .UC ! 24: .SH NAME ! 25: ksu \- substitute user id, using Kerberos ! 26: .SH SYNOPSIS ! 27: .B ksu ! 28: [-flm] [login] ! 29: .SH DESCRIPTION ! 30: \fIKsu\fP requests the password for \fIlogin\fP (or for ``root'', if no ! 31: login is provided), and switches to that user and group ID. A shell is ! 32: then invoked. ! 33: .PP ! 34: By default, your environment is unmodified with the exception of ! 35: \fIUSER\fP, \fIHOME\fP, and \fISHELL\fP. \fIHOME\fP and \fISHELL\fP ! 36: are set to the target login's \fI/etc/passwd\fP values. \fIUSER\fP ! 37: is set to the target login, unless the target login has a UID of 0, ! 38: in which case it is unmodified. The invoked shell is the target ! 39: login's. This is the traditional behavior of \fIksu\fP. ! 40: .PP ! 41: The \fI-l\fP option simulates a full login. The environment is discarded ! 42: except for \fIHOME\fP, \fISHELL\fP, \fIPATH\fP, \fITERM\fP, and \fIUSER\fP. ! 43: \fIHOME\fP and \fISHELL\fP are modified as above. \fIUSER\fP is set to ! 44: the target login. \fIPATH\fP is set to ``/usr/ucb:/bin:/usr/bin''. ! 45: \fITERM\fP is imported from your current environment. The invoked shell ! 46: is the target login's, and \fIksu\fP will change directory to the target ! 47: login's home directory. ! 48: .PP ! 49: The \fI-m\fP option causes the environment to remain unmodified, and ! 50: the invoked shell to be your login shell. No directory changes are ! 51: made. As a security precaution, if the ! 52: .I -m ! 53: option is specified, the target user's shell is a non-standard shell ! 54: (as defined by \fIgetusershell\fP(3)) and the caller's real uid is ! 55: non-zero, ! 56: .I su ! 57: will fail. ! 58: .PP ! 59: If the invoked shell is \fIcsh\fP, the \fI-f\fP option prevents it from ! 60: reading the \fI.cshrc\fP file. Otherwise, this option is ignored. ! 61: .PP ! 62: Only users with root instances listed in /\&.klogin may \fIksu\fP to ! 63: ``root'' (The format of this file is described by \fIrlogin\fP(1).). When ! 64: attempting root access, \fIksu\fP attempts to fetch a ! 65: ticket-granting-ticket for ``username.root@localrealm'', where ! 66: \fIusername\fP is the username of the process. If possible, the tickets ! 67: are used to obtain, use, and verify tickets for the service ! 68: ``rcmd.host@localrealm'' where \fIhost\fP is the canonical host name (as ! 69: determined by ! 70: .IR krb_get_phost (3)) ! 71: of the machine. If this verification ! 72: fails, the \fIksu\fP is disallowed (If the service ! 73: ``rcmd.host@localrealm'' is not registered, the \fIksu\fP is allowed.). ! 74: .PP ! 75: By default (unless the prompt is reset by a startup file) the super-user ! 76: prompt is set to ``#'' to remind one of its awesome power. ! 77: .PP ! 78: When not attempting to switch to the ``root'' user, ! 79: .I ksu ! 80: behaves exactly like ! 81: .IR su (1). ! 82: .SH "SEE ALSO" ! 83: su(1), csh(1), login(1), rlogin(1), sh(1), krb_get_phost(3), passwd(5), ! 84: group(5), environ(7)
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.