1.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id: su.1 16528 2006-01-12 16:25:01Z joda $ 33.\" 34.Dd January 12, 2006 35.Dt SU 1 36.Os HEIMDAL 37.Sh NAME 38.Nm su 39.Nd substitute user identity 40.Sh SYNOPSIS 41.Nm su 42.Op Fl K | Fl -no-kerberos 43.Op Fl f 44.Op Fl l | Fl -full 45.Op Fl m 46.Oo Fl i Ar instance \*(Ba Xo 47.Fl -instance= Ns Ar instance 48.Xc 49.Oc 50.Oo Fl c Ar command \*(Ba Xo 51.Fl -command= Ns Ar command 52.Xc 53.Oc 54.Op Ar login Op Ar "shell arguments" 55.Sh DESCRIPTION 56.Nm su 57will use Kerberos authentication provided that an instance for the 58user wanting to change effective UID is present in a file named 59.Pa .k5login 60in the target user id's home directory 61.Pp 62A special case exists where 63.Ql root Ap s 64.Pa ~/.k5login 65needs to contain an entry for: 66.Ql user Ns / Ns Ao instance Ac Ns @ Ns REALM 67for 68.Nm su 69to succed (where 70.Aq instance 71is 72.Ql root 73unless changed with 74.Fl i ) . 75.Pp 76In the absence of either an entry for current user in said file or 77other problems like missing 78.Ql host/hostname@REALM 79keys in the system's 80keytab, or user typing the wrong password, 81.Nm su 82will fall back to traditional 83.Pa /etc/passwd 84authentication. 85.Pp 86When using 87.Pa /etc/passwd 88authentication, 89.Nm su 90allows 91.Ql root 92access only to members of the group 93.Ql wheel , 94or to any user (with knowledge of the 95.Ql root 96password) if that group 97does not exist, or has no members. 98.Pp 99The options are as follows: 100.Bl -item -width Ds 101.It 102.Fl K , 103.Fl -no-kerberos 104don't use Kerberos. 105.It 106.Fl f 107don't read .cshrc. 108.It 109.Fl l , 110.Fl -full 111simulate full login. 112.It 113.Fl m 114leave environment unmodified. 115.It 116.Fl i Ar instance , 117.Fl -instance= Ns Ar instance 118root instance to use. 119.It 120.Fl c Ar command , 121.Fl -command= Ns Ar command 122command to execute. 123.El 124