table of contents
SU(1) | General Commands Manual | SU(1) |
NAME¶
su
—
substitute user identity
SYNOPSIS¶
su |
[-K |
- -no-kerberos -f -l |
- -full -m -i
instance |
-
-instance= instance-c
command |
-
-command= commandlogin
[ ]shell
arguments ] |
DESCRIPTION¶
su
will use Kerberos authentication provided
that an instance for the user wanting to change effective UID is present in a
file named .k5login in the target user id's
home directory
A special case exists where ‘root's
’
~/.k5login needs to contain an entry for:
‘user/⟨instance⟩@REALM
’
for su
to succed (where
⟨instance⟩ is ‘root
’
unless changed with -i
).
In the absence of either an entry for current user in said file or other
problems like missing
‘host/hostname@REALM
’ keys in the
system's keytab, or user typing the wrong password,
su
will fall back to traditional
/etc/passwd authentication.
When using /etc/passwd authentication,
su
allows
‘root
’ access only to members of the
group ‘wheel
’, or to any user (with
knowledge of the ‘root
’ password) if
that group does not exist, or has no members.
The options are as follows:
January 12, 2006 | HEIMDAL |