NAME¶
su —
substitute user identity
SYNOPSIS¶
su |
[-K |
--no-kerberos]
[-f]
[-l |
--full]
[-m]
[-i instance |
--instance=instance]
[-c command |
--command=command]
[login
[shell
arguments]] |
DESCRIPTION¶
su will use Kerberos authentication provided that an instance
for the user wanting to change effective UID is present in a file named
.k5login in the target user id's home directory
A special case exists where ‘
root's
’
~/.k5login needs to contain an entry for:
‘
user/⟨instance⟩@REALM
’ for
su to succed (where ⟨instance⟩ is
‘
root
’ unless changed with
-i).
In the absence of either an entry for current user in said file or other
problems like missing
‘
host/hostname@REALM
’ keys in the system's
keytab, or user typing the wrong password,
su will fall back
to traditional
/etc/passwd authentication.
When using
/etc/passwd authentication,
su
allows ‘
root
’ access only to members of
the group ‘
wheel
’, or to any user (with
knowledge of the ‘
root
’ password) if that
group does not exist, or has no members.
The options are as follows:
- -K,
--no-kerberos don't use Kerberos.
- -f don't read .cshrc.
- -l,
--full simulate full login.
- -m leave environment unmodified.
- -i instance,
--instance=instance
root instance to use.
- -c command,
--command=command
command to execute.