xref: /freebsd/usr.bin/su/su.1 (revision ce4946daa5ce852d28008dac492029500ab2ee95) 
1.\" Copyright (c) 1988, 1990, 1993, 1994
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"	@(#)su.1	8.2 (Berkeley) 4/18/94
33.\" $FreeBSD$
34.\"
35.\" this is for hilit19's braindeadness: "
36.Dd April 18, 1994
37.Dt SU 1
38.Os
39.Sh NAME
40.Nm su
41.Nd substitute user identity
42.Sh SYNOPSIS
43.Nm
44.Op Fl
45.Op Fl flm
46.Op Fl c Ar class
47.Op Ar login Op Ar args
48.Sh DESCRIPTION
49.Nm Su
50requests the superuser password for
51.Ar login
52(or if Kerberos PAMs are used for
53.Dq Ar login Ns .root
54or
55.Dq Ar login Ns /root
56as appropriate),
57and switches to that user ID.
58A shell is then executed.
59.Nm Su
60will resort to the local password file to find the password for
61.Ar login
62if there is a PAM error.
63If
64.Nm
65is executed by root, no password is requested and a shell
66with the appropriate user ID is executed;
67no additional PAM work is done.
68.Pp
69By default, the environment is unmodified with the exception of
70.Ev USER ,
71.Ev HOME ,
72and
73.Ev SHELL .
74.Ev HOME
75and
76.Ev SHELL
77are set to the target login's default values.
78.Ev USER
79is set to the target login, unless the target login has a user ID of 0,
80in which case it is unmodified.
81The invoked shell is the one belonging to the target login.
82This is the traditional behavior of
83.Nm .
84Resource limits and session priority applicable to the original user's
85login class (See
86.Xr login.conf 5 )
87are also normally retained unless the target login as a user ID of 0.
88.Pp
89The options are as follows:
90.Bl -tag -width Ds
91.It Fl f
92If the invoked shell is
93.Xr csh 1 ,
94this option prevents it from reading the
95.Dq Pa .cshrc
96file.
97.It Fl l
98Simulate a full login.
99The environment is discarded except for
100.Ev HOME ,
101.Ev SHELL ,
102.Ev PATH ,
103.Ev TERM ,
104and
105.Ev USER .
106.Ev HOME
107and
108.Ev SHELL
109are modified as above.
110.Ev USER
111is set to the target login.
112.Ev PATH
113is set to
114.Dq Pa /bin:/usr/bin .
115.Ev TERM
116is imported from your current environment.
117Environment variables may be set or overridden from the login class
118capabilities database according to the class of the target login.
119The invoked shell is the target login's, and
120.Nm
121will change directory to the target login's home directory.
122Resource limits and session priority are modified to that for the
123target account's login class.
124.It Fl
125(no letter) The same as
126.Fl l .
127.It Fl m
128Leave the environment unmodified.
129The invoked shell is your login shell, and no directory changes are made.
130As a security precaution, if the target user's shell is a non-standard
131shell (as defined by
132.Xr getusershell 3 )
133and the caller's real uid is
134non-zero,
135.Nm
136will fail.
137.It Fl c Ar class
138Use the settings of the specified login class.
139Only allowed for the super-user.
140.El
141.Pp
142The
143.Fl l
144(or
145.Fl
146)
147and
148.Fl m
149options are mutually exclusive; the last one specified
150overrides any previous ones.
151.Pp
152If the optional
153.Ar args
154are provided on the command line, they are passed to the login shell of
155the target login.
156.Pp
157Only users who are a member of group 0 (normally
158.Dq wheel )
159can
160.Nm
161to
162.Dq root .
163\ If group 0 is missing or empty, any user can
164.Nm
165to
166.Dq root .
167.Pp
168By default (unless the prompt is reset by a startup file) the super-user
169prompt is set to
170.Dq Sy \&#
171to remind one of its awesome power.
172.Sh FILES
173.Bl -tag -width /etc/auth.conf -compact
174.It Pa /etc/auth.conf
175configure authentication services
176.It Pa /etc/pam.conf
177if
178.Nm
179is configured with PAM support, it uses
180.Pa /etc/pam.conf
181entries with service name
182.Dq su
183.El
184.Sh SEE ALSO
185.Xr csh 1 ,
186.Xr kerberos 1 ,
187.Xr kinit 1 ,
188.Xr login 1 ,
189.Xr sh 1 ,
190.Xr group 5 ,
191.Xr login.conf 5 ,
192.Xr passwd 5 ,
193.Xr environ 7 ,
194.Xr pam 8
195.Sh ENVIRONMENT
196Environment variables used by
197.Nm :
198.Bl -tag -width HOME
199.It Ev HOME
200Default home directory of real user ID unless modified as
201specified above.
202.It Ev PATH
203Default search path of real user ID unless modified as specified above.
204.It Ev TERM
205Provides terminal type which may be retained for the substituted
206user ID.
207.It Ev USER
208The user ID is always the effective ID (the target user ID) after an
209.Nm
210unless the user ID is 0 (root).
211.El
212.Sh EXAMPLES
213.Bl -tag -width 5n -compact
214.It Li "su man -c catman"
215Runs the command
216.Li catman
217as user
218.Li man .
219You will be asked for man's password unless your real UID is 0.
220.It Li "su man -c 'catman /usr/share/man /usr/local/man /usr/X11R6/man'"
221Same as above, but the target command constitutes of more than a
222single word and hence is quoted for use with the
223.Fl c
224option being passed to the shell.  (Most shells expect the argument to
225.Fl c
226to be a single word).
227.It Li "su -c staff man -c 'catman /usr/share/man /usr/local/man /usr/X11R6/man'"
228Same as above, but the target command is run with the resource limits of
229the login class
230.Dq staff .
231Note: in this example, the first
232.Fl c
233option applies to
234.Nm
235while the second is an argument to the shell being invoked.
236.It Li "su -l foo"
237Simulate a login for user foo.
238.It Li "su - foo"
239Same as above.
240.It Li "su -  "
241Simulate a login for root.
242.El
243.Sh HISTORY
244A
245.Nm
246command appeared in
247.At v1 .
248