manpagez: man pages & more
man su(1)
Home | html | info | man
su(1)                     BSD General Commands Manual                    su(1)


     su -- substitute user identity


     su [-] [-flm] [login [args]]


     The su utility requests appropriate user credentials via PAM and switches
     to that user ID (the default user is the superuser).  A shell is then

     PAM is used to set the policy su(1) will use.  In particular, by default
     only users in the ``admin'' or ``wheel'' groups can switch to UID 0
     (``root'').  This group requirement may be changed by modifying the
     ``pam_group'' section of /etc/pam.d/su.  See pam_group(8) for details on
     how to modify this setting.

     By default, the environment is unmodified with the exception of USER,
     HOME, and SHELL.  HOME and SHELL are set to the target login's default
     values.  USER is set to the target login, unless the target login has a
     user ID of 0, in which case it is unmodified.  The invoked shell is the
     one belonging to the target login.  This is the traditional behavior of

     The options are as follows:

     -f      If the invoked shell is csh(1), this option prevents it from
             reading the ``.cshrc'' file.

     -l      Simulate a full login.  The environment is discarded except for
             HOME, SHELL, PATH, TERM, and USER.  HOME and SHELL are modified
             as above.  USER is set to the target login.  PATH is set to
             ``/bin:/usr/bin''.  TERM is imported from your current environ-
             ment.  The invoked shell is the target login's, and su will
             change directory to the target login's home directory.

     -       (no letter) The same as -l.

     -m      Leave the environment unmodified.  The invoked shell is your
             login shell, and no directory changes are made.  As a security
             precaution, if the target user's shell is a non-standard shell
             (as defined by getusershell(3)) and the caller's real uid is non-
             zero, su will fail.

     The -l (or -) and -m options are mutually exclusive; the last one speci-
     fied overrides any previous ones.

     If the optional args are provided on the command line, they are passed to
     the login shell of the target login.  Note that all command line argu-
     ments before the target login name are processed by su itself, everything
     after the target login name gets passed to the login shell.

     By default (unless the prompt is reset by a startup file) the super-user
     prompt is set to ``#'' to remind one of its awesome power.


     Environment variables used by su:

     HOME  Default home directory of real user ID unless modified as specified

     PATH  Default search path of real user ID unless modified as specified

     TERM  Provides terminal type which may be retained for the substituted
           user ID.

     USER  The user ID is always the effective ID (the target user ID) after
           an su unless the user ID is 0 (root).


     /etc/pam.d/su  PAM configuration for su.


     su man -c catman
            Runs the command catman as user man.  You will be asked for man's
            password unless your real UID is 0.
     su man -c 'catman /usr/share/man /usr/local/man'
            Same as above, but the target command consists of more than a sin-
            gle word and hence is quoted for use with the -c option being
            passed to the shell.  (Most shells expect the argument to -c to be
            a single word).
     su -l foo
            Simulate a login for user foo.
     su - foo
            Same as above.
     su -   Simulate a login for root.


     csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)


     A su command appeared in Version 1 AT&T UNIX.

BSD                           September 13, 2006                           BSD

Mac OS X 10.6 - Generated Thu Sep 17 20:09:16 CDT 2009
© 2000-2024
Individual documents may contain additional copyright information.