![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to su.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / su|
Return to su.1 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / su |
1.1 root 1: .\" Copyright (c) 1988, 1990 The Regents of the University of California.
2: .\" All rights reserved.
3: .\"
4: .\" Redistribution and use in source and binary forms are permitted provided
5: .\" that: (1) source distributions retain this entire copyright notice and
6: .\" comment, and (2) distributions including binaries display the following
7: .\" acknowledgement: ``This product includes software developed by the
8: .\" University of California, Berkeley and its contributors'' in the
9: .\" documentation or other materials provided with the distribution and in
10: .\" all advertising materials mentioning features or use of this software.
11: .\" Neither the name of the University nor the names of its contributors may
12: .\" be used to endorse or promote products derived from this software without
13: .\" specific prior written permission.
14: .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
15: .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
16: .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17: .\"
18: .\" @(#)su.1 6.11 (Berkeley) 6/24/90
19: .\"
20: .TH SU 1 "%Q"
21: .UC
22: .SH NAME
23: su \- substitute user id
24: .SH SYNOPSIS
25: .nf
26: .ft B
27: su [ -Kflm ] [ login ]
28: .ft R
29: .nf
30: .SH DESCRIPTION
31: .I Su
32: requests the Kerberos password for
33: .I login
34: (or for ``\fIlogin\fP.root'', if no login is provided), and switches to
35: that user and group ID after obtaining a Kerberos ticket granting ticket.
36: A shell is then invoked.
37: .I Su
38: will resort to the local password file to find the password for
39: .I login
40: if there is a Kerberos error.
41: If
42: .I su
43: is executed by root, no password is requested and a shell
44: with the appropriate user ID is invoked; no additional Kerberos tickets
45: are obtained.
46: .PP
47: By default, the environment is unmodified with the exception of
48: .IR USER ,
49: .IR HOME ,
50: and
51: .IR SHELL .
52: .I HOME
53: and
54: .I SHELL
55: are set to the target login's default values.
56: .I USER
57: is set to the target login, unless the target login has a user ID of 0,
58: in which case it is unmodified.
59: The invoked shell is the target login's.
60: This is the traditional behavior of
61: .IR su .
62: .PP
63: The options are as follows:
64: .TP
65: \-K
66: Do not attempt to use Kerberos to authenticate the user.
67: .TP
68: \-f
69: If the invoked shell is
70: .IR csh (1),
71: this option prevents it from reading the ``.cshrc'' file.
72: .TP
73: \-l
74: Simulate a full login.
75: The environment is discarded except for
76: .IR HOME ,
77: .IR SHELL ,
78: .IR PATH ,
79: .IR TERM ,
80: and
81: .IR USER .
82: .I HOME
83: and
84: .I SHELL
85: are modified as above.
86: .I USER
87: is set to the target login.
88: .I PATH
89: is set to ``/bin:/usr/bin''.
90: .I TERM
91: is imported from your current environment.
92: The invoked shell is the target login's, and
93: .I su
94: will change directory to the target login's home directory.
95: .TP
96: \-m
97: Leave the environment unmodified.
98: The invoked shell is your login shell, and no directory changes are made.
99: As a security precaution, if the target user's shell is a non-standard
100: shell (as defined by \fIgetusershell\fP(3)) and the caller's real uid is
101: non-zero,
102: .I su
103: will fail.
104: .PP
105: The \-l and \-m options are mutually exclusive; the last one specified
106: overrides any previous ones.
107: .PP
108: Only users in group 0 (normally ``wheel'') can
109: .I su
110: to ``root''.
111: .PP
112: By default (unless the prompt is reset by a startup file) the super-user
113: prompt is set to ``#'' to remind one of its awesome power.
114: .SH "SEE ALSO"
115: csh(1), login(1), sh(1), kinit(1), kerberos(1), passwd(5), group(5), environ(7)
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.