su(1)


NAME

   su - change user ID or become superuser

SYNOPSIS

   su [options] [username]

DESCRIPTION

   The su command is used to become another user during a login session.
   Invoked without a username, su defaults to becoming the superuser. The
   optional argument - may be used to provide an environment similar to
   what the user would expect had the user logged in directly.

   Additional arguments may be provided after the username, in which case
   they are supplied to the user's login shell. In particular, an argument
   of -c will cause the next argument to be treated as a command by most
   command interpreters. The command will be executed by the shell
   specified in /etc/passwd for the target user.

   You can use the -- argument to separate su options from the arguments
   supplied to the shell.

   The user will be prompted for a password, if appropriate. Invalid
   passwords will produce an error message. All attempts, both valid and
   invalid, are logged to detect abuse of the system.

   The current environment is passed to the new shell. The value of $PATH
   is reset to /bin:/usr/bin for normal users, or
   /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
   with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.

   A subsystem login is indicated by the presence of a "*" as the first
   character of the login shell. The given home directory will be used as
   the root of a new file system which the user is actually logged into.

OPTIONS

   The options which apply to the su command are:

   -c, --command COMMAND
       Specify a command that will be invoked by the shell using its -c.

       The executed command will have no controlling terminal. This option
       cannot be used to execute interractive programs which need a
       controlling TTY.

   -, -l, --login
       Provide an environment similar to what the user would expect had
       the user logged in directly.

       When - is used, it must be specified before any username. For
       portability it is recommended to use it as last option, before any
       username. The other forms (-l and --login) do not have this
       restriction.

   -s, --shell SHELL
       The shell that will be invoked.

       The invoked shell is chosen from (highest priority first):

           The shell specified with --shell.

           If --preserve-environment is used, the shell specified by the
           $SHELL environment variable.

           The shell indicated in the /etc/passwd entry for the target
           user.

           /bin/sh if a shell could not be found by any above method.

       If the target user has a restricted shell (i.e. the shell field of
       this user's entry in /etc/passwd is not listed in /etc/shells),
       then the --shell option or the $SHELL environment variable won't be
       taken into account, unless su is called by root.

   -m, -p, --preserve-environment
       Preserve the current environment, except for:

       $PATH
           reset according to the /etc/login.defs options ENV_PATH or
           ENV_SUPATH (see below);

       $IFS
           reset to "<space><tab><newline>", if it was set.

       If the target user has a restricted shell, this option has no
       effect (unless su is called by root).

       Note that the default behavior for the environment is the
       following:

           The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment
           variables are reset.

           If --login is not used, the environment is copied, except for
           the variables above.

           If --login is used, the $TERM, $COLORTERM, $DISPLAY, and
           $XAUTHORITY environment variables are copied if they were set.

           Other environments might be set by PAM modules.

CAVEATS

   This version of su has many compilation options, only some of which may
   be in use at any particular site.

CONFIGURATION

   The following configuration variables in /etc/login.defs change the
   behavior of this tool:

   CONSOLE_GROUPS (string)
       List of groups to add to the user's supplementary groups set when
       logging in on the console (as determined by the CONSOLE setting).
       Default is none.

       Use with caution - it is possible for users to gain permanent
       access to these groups, even when not logged in on the console.

   DEFAULT_HOME (boolean)
       Indicate if login is allowed if we can't cd to the home directory.
       Default is no.

       If set to yes, the user will login in the root (/) directory if it
       is not possible to cd to her home directory.

   ENV_PATH (string)
       If set, it will be used to define the PATH environment variable
       when a regular user login. The value is a colon separated list of
       paths (for example /bin:/usr/bin) and can be preceded by PATH=. The
       default value is PATH=/bin:/usr/bin.

   ENV_SUPATH (string)
       If set, it will be used to define the PATH environment variable
       when the superuser login. The value is a colon separated list of
       paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be
       preceded by PATH=. The default value is
       PATH=/sbin:/bin:/usr/sbin:/usr/bin.

   SULOG_FILE (string)
       If defined, all su activity is logged to this file.

   SU_NAME (string)
       If defined, the command name to display when running "su -". For
       example, if this is defined as "su" then a "ps" will display the
       command is "-su". If not defined, then "ps" would display the name
       of the shell actually being run, e.g. something like "-sh".

   SYSLOG_SU_ENAB (boolean)
       Enable "syslog" logging of su activity - in addition to sulog file
       logging.

FILES

   /etc/passwd
       User account information.

   /etc/shadow
       Secure user account information.

   /etc/login.defs
       Shadow password suite configuration.

EXIT VALUES

   On success, su returns the exit value of the command it executed.

   If this command was terminated by a signal, su returns the number of
   this signal plus 128.

   If su has to kill the command (because it was asked to terminate, and
   the command did not terminate in time), su returns 255.

   Some exit values from su are independent from the executed command:

   0
       success (--help only)

   1
       System or authentication failure

   126
       The requested command was not found

   127
       The requested command could not be executed

SEE ALSO

   login(1), login.defs(5), sg(1), sh(1).


More Linux Commands

manpages/sched_getparam.2.html
sched_getparam(2) - set and get scheduling parameters.......
sched_setparam() sets the scheduling parameters associated with the scheduling policy for the process identified by pid. If pid is zero, then the parameters of

manpages/XtMoveWidget.3.html
XtMoveWidget(3) - move and resize widgets - Linux man page
The XtConfigureWidget function returns immediately if the specified geometry fields are the same as the old values. Otherwise, XtConfigureWidget writes the new

manpages/XGetKeyboardControl.3.html
XGetKeyboardControl(3) - manipulate keyboard settings and ke
The XChangeKeyboardControl function controls the keyboard characteristics defined by the XKeyboardControl structure. The value_mask argument specifies which val

manpages/gkeytool.1.html
gkeytool(1) - Manage private keys and public certificates...
Cryptographic credentials, in a Java environment, are usually stored in a Key Store. The Java SDK specifies a Key Store as a persistent container of two types o

manpages/gtk-encode-symbolic-svg.1.html
gtk-encode-symbolic-svg(1) Symbolic icon conversion utility
gtk-encode-symbolic-svg converts symbolic svg icons into specially prepared png files. GTK+ can load and recolor these pngs, just like original svgs, but loadin

manpages/poweroff.8.html
poweroff(8) - Halt, power-off or reboot the machine.........
poweroff.8 - halt, poweroff, reboot may be used to halt, power-off or reboot the machine. OPTIONS The following options are understood: --help Print a short hel

manpages/keyctl_get_persistent.3.html
keyctl_get_persistent(3) Get the persistent keyring for a us
keyctl_get_persistent() gets the persistent keyring for the specified user ID. Unlike the session and user keyrings, this keyring will persist once all login se

manpages/program_invocation_short_name.3.html
program_invocation_short_name(3) - obtain name used to invok
program_invocation_name contains the name that was used to invoke the calling program. This is the same as the value of argv[0] in main(), with the difference t

manpages/yuvfps.1.html
yuvfps(1) - Converts to a different frame rate (Man Page)...
yuvfps is a general (UP or DOWN) resampling utility that is provided to allow the generation of video streams with the frame rates required for each standard vi

manpages/tputs.3ncurses.html
tputs(3ncurses) - curses interfaces to terminfo database....
These low-level routines must be called by programs that have to deal directly with the terminfo database to handle certain terminal capabilities, such as progr

manpages/htole32.3.html
htole32(3) - convert values between host and big-/little-end
These functions convert the byte encoding of integer values from the byte order that the current CPU (the host) uses, to and from little-endian and big-endian b

manpages/napms.3ncurses.html
napms(3ncurses) - low-level curses routines - Linux man page
The following routines give low-level access to various curses capabilities. These routines typically are used inside library routines. The def_prog_mode and de





We can't live, work or learn in freedom unless the software we use is free.