22.5 su: Run a command with substitute user and group id

su allows one user to temporarily become another user. It runs a command (often an interactive shell) with the real and effective user id, group id, and supplemental groups of a given user. Synopsis:

su [option]... [user [arg]...]

If no user is given, the default is root, the super-user. The shell to use is taken from user's passwd entry, or `/bin/sh' if none is specified there. If user has a password, su prompts for the password unless run by a user with effective user id of zero (the super-user).

By default, su does not change the current directory. It sets the environment variables HOME and SHELL from the password entry for user, and if user is not the super-user, sets USER and LOGNAME to user. By default, the shell is not a login shell.

Any additional args are passed as additional arguments to the shell.

GNU su does not treat `/bin/sh' or any other shells specially (e.g., by setting argv[0] to `-su', passing -c only to certain shells, etc.).

su can optionally be compiled to use syslog to report failed, and optionally successful, su attempts. (If the system supports syslog.) However, GNU su does not check if the user is a member of the wheel group; see below.

The program accepts the following options. Also see 2. Common options.

`-c command'

`--command=command'

Pass command, a single command line to run, to the shell with a -c option instead of starting an interactive shell.

`-f'

`--fast'

Pass the -f option to the shell. This probably only makes sense if the shell run is csh or tcsh, for which the -f option prevents reading the startup file (`.cshrc'). With Bourne-like shells, the -f option disables file name pattern expansion (globbing), which is not likely to be useful.

`-'

`-l'

`--login'

Make the shell a login shell. This means the following. Unset all environment variables except TERM, HOME, and SHELL (which are set as described above), and USER and LOGNAME (which are set, even for the super-user, as described above), and set PATH to a compiled-in default value. Change to user's home directory. Prepend `-' to the shell's name, intended to make it read its login startup file(s).

`-m'

`-p'

`--preserve-environment'

Do not change the environment variables HOME, USER, LOGNAME, or SHELL. Run the shell given in the environment variable SHELL instead of the shell from user's passwd entry, unless the user running su is not the superuser and user's shell is restricted. A restricted shell is one that is not listed in the file `/etc/shells', or in a compiled-in list if that file does not exist. Parts of what this option does can be overridden by --login and --shell.

`-s shell'

`--shell=shell'

Run shell instead of the shell from user's passwd entry, unless the user running su is not the superuser and user's shell is restricted (see `-m' just above).

Why GNU su does not support the `wheel' group

(This section is by Richard Stallman.)

Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)

However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.

I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.