'\" t
.\" Title: su
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets v1.78.1
.\" Date: 05/17/2017
.\" Manual: User Commands
.\" Source: shadow-utils 4.2
.\" Language: English
.\"
.TH "SU" "1" "05/17/2017" "shadow\-utils 4\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
su \- change user ID or become superuser
.SH "SYNOPSIS"
.HP \w'\fBsu\fR\ 'u
\fBsu\fR [\fIoptions\fR] [\fIusername\fR]
.SH "DESCRIPTION"
.PP
The
\fBsu\fR
command is used to become another user during a login session\&. Invoked without a
\fBusername\fR,
\fBsu\fR
defaults to becoming the superuser\&. The optional argument
\fB\-\fR
may be used to provide an environment similar to what the user would expect had the user logged in directly\&.
.PP
Additional arguments may be provided after the username, in which case they are supplied to the user\*(Aqs login shell\&. In particular, an argument of
\fB\-c\fR
will cause the next argument to be treated as a command by most command interpreters\&. The command will be executed by the shell specified in
/etc/passwd
for the target user\&.
.PP
You can use the
\fB\-\-\fR
argument to separate
\fBsu\fR
options from the arguments supplied to the shell\&.
.PP
The user will be prompted for a password, if appropriate\&. Invalid passwords will produce an error message\&. All attempts, both valid and invalid, are logged to detect abuse of the system\&.
.PP
The current environment is passed to the new shell\&. The value of
\fB$PATH\fR
is reset to
/bin:/usr/bin
for normal users, or
/sbin:/bin:/usr/sbin:/usr/bin
for the superuser\&. This may be changed with the
\fBENV_PATH\fR
and
\fBENV_SUPATH\fR
definitions in
/etc/login\&.defs\&.
.PP
A subsystem login is indicated by the presence of a "*" as the first character of the login shell\&. The given home directory will be used as the root of a new file system which the user is actually logged into\&.
.SH "OPTIONS"
.PP
The options which apply to the
\fBsu\fR
command are:
.PP
\fB\-c\fR, \fB\-\-command\fR\ \&\fICOMMAND\fR
.RS 4
Specify a command that will be invoked by the shell using its
\fB\-c\fR\&.
.sp
The executed command will have no controlling terminal\&. This option cannot be used to execute interractive programs which need a controlling TTY\&.
.RE
.PP
\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR
.RS 4
Provide an environment similar to what the user would expect had the user logged in directly\&.
.sp
When
\fB\-\fR
is used, it must be specified before any
\fBusername\fR\&. For portability it is recommended to use it as last option, before any
\fBusername\fR\&. The other forms (\fB\-l\fR
and
\fB\-\-login\fR) do not have this restriction\&.
.RE
.PP
\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
.RS 4
The shell that will be invoked\&.
.sp
The invoked shell is chosen from (highest priority first):
.PP
.RS 4
The shell specified with \-\-shell\&.
.RE
.PP
.RS 4
If
\fB\-\-preserve\-environment\fR
is used, the shell specified by the
\fB$SHELL\fR
environment variable\&.
.RE
.PP
.RS 4
The shell indicated in the
/etc/passwd
entry for the target user\&.
.RE
.PP
.RS 4
/bin/sh
if a shell could not be found by any above method\&.
.RE
.sp
If the target user has a restricted shell (i\&.e\&. the shell field of this user\*(Aqs entry in
/etc/passwd
is not listed in
/etc/shells), then the
\fB\-\-shell\fR
option or the
\fB$SHELL\fR
environment variable won\*(Aqt be taken into account, unless
\fBsu\fR
is called by root\&.
.RE
.PP
\fB\-m\fR, \fB\-p\fR, \fB\-\-preserve\-environment\fR
.RS 4
Preserve the current environment, except for:
.PP
\fB$PATH\fR
.RS 4
reset according to the
/etc/login\&.defs
options
\fBENV_PATH\fR
or
\fBENV_SUPATH\fR
(see below);
.RE
.PP
\fB$IFS\fR
.RS 4
reset to
\(lq\(rq, if it was set\&.
.RE
.sp
If the target user has a restricted shell, this option has no effect (unless
\fBsu\fR
is called by root)\&.
.sp
Note that the default behavior for the environment is the following:
.PP
.RS 4
The
\fB$HOME\fR,
\fB$SHELL\fR,
\fB$USER\fR,
\fB$LOGNAME\fR,
\fB$PATH\fR, and
\fB$IFS\fR
environment variables are reset\&.
.RE
.PP
.RS 4
If
\fB\-\-login\fR
is not used, the environment is copied, except for the variables above\&.
.RE
.PP
.RS 4
If
\fB\-\-login\fR
is used, the
\fB$TERM\fR,
\fB$COLORTERM\fR,
\fB$DISPLAY\fR, and
\fB$XAUTHORITY\fR
environment variables are copied if they were set\&.
.RE
.PP
.RS 4
Other environments might be set by PAM modules\&.
.RE
.sp
.RE
.SH "CAVEATS"
.PP
This version of
\fBsu\fR
has many compilation options, only some of which may be in use at any particular site\&.
.SH "CONFIGURATION"
.PP
The following configuration variables in
/etc/login\&.defs
change the behavior of this tool:
.PP
\fBCONSOLE_GROUPS\fR (string)
.RS 4
List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&.
Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&.
.RE
.PP
\fBDEFAULT_HOME\fR (boolean)
.RS 4
Indicate if login is allowed if we can\*(Aqt cd to the home directory\&. Default is no\&.
.sp
If set to
\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&.
.RE
.PP
\fBENV_PATH\fR (string)
.RS 4
If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example
\fI/bin:/usr/bin\fR) and can be preceded by
\fIPATH=\fR\&. The default value is
\fIPATH=/bin:/usr/bin\fR\&.
.RE
.PP
\fBENV_SUPATH\fR (string)
.RS 4
If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example
\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by
\fIPATH=\fR\&. The default value is
\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&.
.RE
.PP
\fBSULOG_FILE\fR (string)
.RS 4
If defined, all su activity is logged to this file\&.
.RE
.PP
\fBSU_NAME\fR (string)
.RS 4
If defined, the command name to display when running "su \-"\&. For example, if this is defined as "su" then a "ps" will display the command is "\-su"\&. If not defined, then "ps" would display the name of the shell actually being run, e\&.g\&. something like "\-sh"\&.
.RE
.PP
\fBSYSLOG_SU_ENAB\fR (boolean)
.RS 4
Enable "syslog" logging of
\fBsu\fR
activity \- in addition to sulog file logging\&.
.RE
.SH "FILES"
.PP
/etc/passwd
.RS 4
User account information\&.
.RE
.PP
/etc/shadow
.RS 4
Secure user account information\&.
.RE
.PP
/etc/login\&.defs
.RS 4
Shadow password suite configuration\&.
.RE
.SH "EXIT VALUES"
.PP
On success,
\fBsu\fR
returns the exit value of the command it executed\&.
.PP
If this command was terminated by a signal,
\fBsu\fR
returns the number of this signal plus 128\&.
.PP
If su has to kill the command (because it was asked to terminate, and the command did not terminate in time),
\fBsu\fR
returns 255\&.
.PP
Some exit values from
\fBsu\fR
are independent from the executed command:
.PP
\fI0\fR
.RS 4
success (\fB\-\-help\fR
only)
.RE
.PP
\fI1\fR
.RS 4
System or authentication failure
.RE
.PP
\fI126\fR
.RS 4
The requested command was not found
.RE
.PP
\fI127\fR
.RS 4
The requested command could not be executed
.RE
.SH "SEE ALSO"
.PP
\fBlogin\fR(1),
\fBlogin.defs\fR(5),
\fBsg\fR(1),
\fBsh\fR(1)\&.