![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ksu.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / old / athena / ksu|
Return to ksu.1 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / old / athena / ksu |
1.1 root 1: .\" $Source: /mit/kerberos/src/man/RCS/ksu.1,v $
2: .\" $Author: jtkohl $
3: .\" $Header: ksu.1,v 4.1 89/01/23 11:38:16 jtkohl Exp $
4: .\"
5: .\" Copyright (c) 1988 The Regents of the University of California.
6: .\" All rights reserved.
7: .\"
8: .\" Redistribution and use in source and binary forms are permitted
9: .\" provided that the above copyright notice and this paragraph are
10: .\" duplicated in all such forms and that any documentation,
11: .\" advertising materials, and other materials related to such
12: .\" distribution and use acknowledge that the software was developed
13: .\" by the University of California, Berkeley. The name of the
14: .\" University may not be used to endorse or promote products derived
15: .\" from this software without specific prior written permission.
16: .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17: .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18: .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19: .\"
20: .\" @(#)su.1 6.7 (Berkeley) 12/7/88
21: .\"
22: .TH KSU 1 "Kerberos Version 4.0" "MIT Project Athena"
23: .UC
24: .SH NAME
25: ksu \- substitute user id, using Kerberos
26: .SH SYNOPSIS
27: .B ksu
28: [-flm] [login]
29: .SH DESCRIPTION
30: \fIKsu\fP requests the password for \fIlogin\fP (or for ``root'', if no
31: login is provided), and switches to that user and group ID. A shell is
32: then invoked.
33: .PP
34: By default, your environment is unmodified with the exception of
35: \fIUSER\fP, \fIHOME\fP, and \fISHELL\fP. \fIHOME\fP and \fISHELL\fP
36: are set to the target login's \fI/etc/passwd\fP values. \fIUSER\fP
37: is set to the target login, unless the target login has a UID of 0,
38: in which case it is unmodified. The invoked shell is the target
39: login's. This is the traditional behavior of \fIksu\fP.
40: .PP
41: The \fI-l\fP option simulates a full login. The environment is discarded
42: except for \fIHOME\fP, \fISHELL\fP, \fIPATH\fP, \fITERM\fP, and \fIUSER\fP.
43: \fIHOME\fP and \fISHELL\fP are modified as above. \fIUSER\fP is set to
44: the target login. \fIPATH\fP is set to ``/usr/ucb:/bin:/usr/bin''.
45: \fITERM\fP is imported from your current environment. The invoked shell
46: is the target login's, and \fIksu\fP will change directory to the target
47: login's home directory.
48: .PP
49: The \fI-m\fP option causes the environment to remain unmodified, and
50: the invoked shell to be your login shell. No directory changes are
51: made. As a security precaution, if the
52: .I -m
53: option is specified, the target user's shell is a non-standard shell
54: (as defined by \fIgetusershell\fP(3)) and the caller's real uid is
55: non-zero,
56: .I su
57: will fail.
58: .PP
59: If the invoked shell is \fIcsh\fP, the \fI-f\fP option prevents it from
60: reading the \fI.cshrc\fP file. Otherwise, this option is ignored.
61: .PP
62: Only users with root instances listed in /\&.klogin may \fIksu\fP to
63: ``root'' (The format of this file is described by \fIrlogin\fP(1).). When
64: attempting root access, \fIksu\fP attempts to fetch a
65: ticket-granting-ticket for ``username.root@localrealm'', where
66: \fIusername\fP is the username of the process. If possible, the tickets
67: are used to obtain, use, and verify tickets for the service
68: ``rcmd.host@localrealm'' where \fIhost\fP is the canonical host name (as
69: determined by
70: .IR krb_get_phost (3))
71: of the machine. If this verification
72: fails, the \fIksu\fP is disallowed (If the service
73: ``rcmd.host@localrealm'' is not registered, the \fIksu\fP is allowed.).
74: .PP
75: By default (unless the prompt is reset by a startup file) the super-user
76: prompt is set to ``#'' to remind one of its awesome power.
77: .PP
78: When not attempting to switch to the ``root'' user,
79: .I ksu
80: behaves exactly like
81: .IR su (1).
82: .SH "SEE ALSO"
83: su(1), csh(1), login(1), rlogin(1), sh(1), krb_get_phost(3), passwd(5),
84: group(5), environ(7)
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.