SU(1) User Commands SU(1)

su - become super-user or another user

su [-] [username [arg ...]]

The su command allows one user to get the credentials of another without logging on and off. The default username is root (that is, the super-user).

Unless the caller is the super-user, the user's password must be entered (the exact authentication mechanism may depend on PAM settings for su, see pam(8)). If access is granted, the su command will execute the user's shell from the system's password file with the appropriate user id, group id and supplementary group ids. Any additional arguments will be passed to this shell.

If the first argument is -, a login shell is executed in the user's home directory using default environment variables; only the settings of the DISPLAY and TERM variables are retained. In any case, the PATH environment variable is adjusted.

The su command reads the configuration file /etc/default/su on startup. Lines containing the following strings are interpreted:

All attempts are logged to the specified file, usually /dev/console. If no such line is present, console logging is not done.
The default path for non-super-user accounts. If unset, /usr/local/bin:/bin:/usr/bin: is assumed.
If authentication fails, su will wait the specified number of seconds before printing an error message and exiting. Default is 4, minimum is 0, maximum is 5 seconds.
All attempts are logged to the specified file, if present.
The default path for super-user accounts. If unset, /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin is assumed.
Log attempts to the syslog(3) LOG_AUTH facility. If value is YES, all attempts are logged; if FAIL, only the ones that failed. LOG_CRIT messages are generated for failed su attempts, LOG_NOTICE messages for successful attempts to become super-user, and LOG_INFO messages otherwise.

/etc/default/su
Configuration file.
/etc/passwd
User database.

env(1), login(1), sh(1), syslog(3), passwd(5), pam(8)

4/17/03 Heirloom Toolchest