1.\" Copyright (c) 1988, 1990, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.roff% 5.\" 6.\" @(#)su.1 8.1 (Berkeley) 06/06/93 7.\" 8.Dd 9.Dt SU 1 10.Os 11.Sh NAME 12.Nm su 13.Nd substitute user identity 14.Sh SYNOPSIS 15.Nm su 16.Op Fl Kflm 17.Op Ar login 18.Sh DESCRIPTION 19.Nm Su 20requests the Kerberos password for 21.Ar login 22(or for 23.Dq Ar login Ns .root , 24if no login is provided), and switches to 25that user and group ID after obtaining a Kerberos ticket granting ticket. 26A shell is then executed. 27.Nm Su 28will resort to the local password file to find the password for 29.Ar login 30if there is a Kerberos error. 31If 32.Nm su 33is executed by root, no password is requested and a shell 34with the appropriate user ID is executed; no additional Kerberos tickets 35are obtained. 36.Pp 37By default, the environment is unmodified with the exception of 38.Ev USER , 39.Ev HOME , 40and 41.Ev SHELL . 42.Ev HOME 43and 44.Ev SHELL 45are set to the target login's default values. 46.Ev USER 47is set to the target login, unless the target login has a user ID of 0, 48in which case it is unmodified. 49The invoked shell is the target login's. 50This is the traditional behavior of 51.Nm su . 52.Pp 53The options are as follows: 54.Bl -tag -width Ds 55.It Fl K 56Do not attempt to use Kerberos to authenticate the user. 57.It Fl f 58If the invoked shell is 59.Xr csh 1 , 60this option prevents it from reading the 61.Dq Pa .cshrc 62file. 63.It Fl l 64Simulate a full login. 65The environment is discarded except for 66.Ev HOME , 67.Ev SHELL , 68.Ev PATH , 69.Ev TERM , 70and 71.Ev USER . 72.Ev HOME 73and 74.Ev SHELL 75are modified as above. 76.Ev USER 77is set to the target login. 78.Ev PATH 79is set to 80.Dq Pa /bin:/usr/bin . 81.Ev TERM 82is imported from your current environment. 83The invoked shell is the target login's, and 84.Nm su 85will change directory to the target login's home directory. 86.It Fl m 87Leave the environment unmodified. 88The invoked shell is your login shell, and no directory changes are made. 89As a security precaution, if the target user's shell is a non-standard 90shell (as defined by 91.Xr getusershell 3 ) 92and the caller's real uid is 93non-zero, 94.Nm su 95will fail. 96.El 97.Pp 98The 99.Fl l 100and 101.Fl m 102options are mutually exclusive; the last one specified 103overrides any previous ones. 104.Pp 105Only users in group 0 (normally 106.Dq wheel ) 107can 108.Nm su 109to 110.Dq root . 111.Pp 112By default (unless the prompt is reset by a startup file) the super-user 113prompt is set to 114.Dq Sy \&# 115to remind one of its awesome power. 116.Sh SEE ALSO 117.Xr csh 1 , 118.Xr login 1 , 119.Xr sh 1 , 120.Xr kinit 1 , 121.Xr kerberos 1 , 122.Xr passwd 5 , 123.Xr group 5 , 124.Xr environ 7 125.Sh ENVIRONMENT 126Environment variables used by 127.Nm su : 128.Bl -tag -width HOME 129.It Ev HOME 130Default home directory of real user ID unless modified as 131specified above. 132.It Ev PATH 133Default search path of real user ID unless modified as specified above. 134.It Ev TERM 135Provides terminal type which may be retained for the substituted 136user ID. 137.It Ev USER 138The user ID is always the effective ID (the target user ID) after an 139.Nm su 140unless the user ID is 0 (root). 141.El 142.Sh HISTORY 143A 144.Nm 145command appeared in 146.At v7 . 147The version desribed 148here is an adaptation of the 149.Tn MIT 150Athena Kerberos command. 151