1.\" Copyright (c) 1988, 1990, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)su.1 8.2 (Berkeley) 4/18/94 33.\" $FreeBSD: src/usr.bin/su/su.1,v 1.41 2008/07/01 20:56:23 danger Exp $ 34.\" $DragonFly: src/usr.bin/su/su.1,v 1.6 2007/03/25 11:35:11 swildner Exp $ 35.\" 36.Dd July 1, 2008 37.Dt SU 1 38.Os 39.Sh NAME 40.Nm su 41.Nd substitute user identity 42.Sh SYNOPSIS 43.Nm 44.Op Fl 45.Op Fl flm 46.Op Fl c Ar class 47.Op Ar login Op Ar args 48.Sh DESCRIPTION 49The 50.Nm 51utility requests appropriate user credentials via PAM 52and switches to that user ID 53(the default user is the superuser). 54A shell is then executed. 55.Pp 56PAM is used to set the policy 57.Xr su 1 58will use. 59In particular, by default only users in the 60.Dq Li wheel 61group can switch to UID 0 62.Pq Dq Li root . 63This group requirement may be changed by modifying the 64.Dq Li pam_group 65section of 66.Pa /etc/pam.d/su . 67See 68.Xr pam_group 8 69for details on how to modify this setting. 70.Pp 71By default, the environment is unmodified with the exception of 72.Ev USER , 73.Ev HOME , 74and 75.Ev SHELL . 76.Ev HOME 77and 78.Ev SHELL 79are set to the target login's default values. 80.Ev USER 81is set to the target login, unless the target login has a user ID of 0, 82in which case it is unmodified. 83The invoked shell is the one belonging to the target login. 84This is the traditional behavior of 85.Nm . 86Resource limits and session priority applicable to the original user's 87login class (see 88.Xr login.conf 5 ) 89are also normally retained unless the target login has a user ID of 0. 90.Pp 91The options are as follows: 92.Bl -tag -width Ds 93.It Fl f 94If the invoked shell is 95.Xr csh 1 , 96this option prevents it from reading the 97.Dq Pa .cshrc 98file. 99.It Fl l 100Simulate a full login. 101The environment is discarded except for 102.Ev HOME , 103.Ev SHELL , 104.Ev PATH , 105.Ev TERM , 106and 107.Ev USER . 108.Ev HOME 109and 110.Ev SHELL 111are modified as above. 112.Ev USER 113is set to the target login. 114.Ev PATH 115is set to 116.Dq Pa /bin:/usr/bin . 117.Ev TERM 118is imported from your current environment. 119Environment variables may be set or overridden from the login class 120capabilities database according to the class of the target login. 121The invoked shell is the target login's, and 122.Nm 123will change directory to the target login's home directory. 124Resource limits and session priority are modified to that for the 125target account's login class. 126.It Fl 127(no letter) The same as 128.Fl l . 129.It Fl m 130Leave the environment unmodified. 131The invoked shell is your login shell, and no directory changes are made. 132As a security precaution, if the target user's shell is a non-standard 133shell (as defined by 134.Xr getusershell 3 ) 135and the caller's real uid is 136non-zero, 137.Nm 138will fail. 139.It Fl c Ar class 140Use the settings of the specified login class. 141Only allowed for the super-user. 142.El 143.Pp 144The 145.Fl l 146(or 147.Fl ) 148and 149.Fl m 150options are mutually exclusive; the last one specified 151overrides any previous ones. 152.Pp 153If the optional 154.Ar args 155are provided on the command line, they are passed to the login shell of 156the target login. 157Note that all command line arguments before the target login name are 158processed by 159.Nm 160itself, everything after the target login name gets passed to the login 161shell. 162.Pp 163By default (unless the prompt is reset by a startup file) the super-user 164prompt is set to 165.Dq Sy \&# 166to remind one of its awesome power. 167.Sh ENVIRONMENT 168Environment variables used by 169.Nm : 170.Bl -tag -width HOME 171.It Ev HOME 172Default home directory of real user ID unless modified as 173specified above. 174.It Ev PATH 175Default search path of real user ID unless modified as specified above. 176.It Ev TERM 177Provides terminal type which may be retained for the substituted 178user ID. 179.It Ev USER 180The user ID is always the effective ID (the target user ID) after an 181.Nm 182unless the user ID is 0 (root). 183.El 184.Sh FILES 185.Bl -tag -width ".Pa /etc/pam.d/su" -compact 186.It Pa /etc/pam.d/su 187PAM configuration for 188.Nm . 189.El 190.Sh EXAMPLES 191.Bl -tag -width 5n -compact 192.It Li "su -m man -c catman" 193Runs the command 194.Li catman 195as user 196.Li man . 197You will be asked for man's password unless your real UID is 0. 198Note that the 199.Fl m 200option is required since user 201.Dq man 202does not have a valid shell by default. 203.It Li "su -m man -c 'catman /usr/share/man /usr/local/man /usr/pkg/xorg/man'" 204Same as above, but the target command consists of more than a 205single word and hence is quoted for use with the 206.Fl c 207option being passed to the shell. 208(Most shells expect the argument to 209.Fl c 210to be a single word). 211.It Li "su -m -c staff man -c 'catman /usr/share/man /usr/local/man /usr/pkg/xorg/man'" 212Same as above, but the target command is run with the resource limits of 213the login class 214.Dq staff . 215Note: in this example, the first 216.Fl c 217option applies to 218.Nm 219while the second is an argument to the shell being invoked. 220.It Li "su -l foo" 221Simulate a login for user foo. 222.It Li "su - foo" 223Same as above. 224.It Li "su -" 225Simulate a login for root. 226.El 227.Sh SEE ALSO 228.Xr csh 1 , 229.Xr sh 1 , 230.Xr group 5 , 231.Xr login.conf 5 , 232.Xr passwd 5 , 233.Xr environ 7 , 234.Xr pam_group 8 235.Sh HISTORY 236A 237.Nm 238command appeared in 239.At v1 . 240