[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
su
: Run a command with substitute user and group id
su
allows one user to temporarily become another user. It runs a
command (often an interactive shell) with the real and effective user
id, group id, and supplemental groups of a given user. Synopsis:
su [option]... [user [arg]...] |
If no user is given, the default is root
, the super-user.
The shell to use is taken from user's passwd
entry, or
`/bin/sh' if none is specified there. If user has a
password, su
prompts for the password unless run by a user with
effective user id of zero (the super-user).
By default, su
does not change the current directory.
It sets the environment variables HOME
and SHELL
from the password entry for user, and if user is not
the super-user, sets USER
and LOGNAME
to user.
By default, the shell is not a login shell.
Any additional args are passed as additional arguments to the shell.
GNU su
does not treat `/bin/sh' or any other shells specially
(e.g., by setting argv[0]
to `-su', passing -c
only
to certain shells, etc.).
su
can optionally be compiled to use syslog
to report
failed, and optionally successful, su
attempts. (If the system
supports syslog
.) However, GNU su
does not check if the
user is a member of the wheel
group; see below.
The program accepts the following options. Also see 2. Common options.
-c
option instead of starting an interactive shell.
-f
option to the shell. This probably only makes sense
if the shell run is csh
or tcsh
, for which the -f
option prevents reading the startup file (`.cshrc'). With
Bourne-like shells, the -f
option disables file name pattern
expansion (globbing), which is not likely to be useful.
TERM
, HOME
, and SHELL
(which are set as described above), and USER
and LOGNAME
(which are set, even for the super-user, as described above), and set
PATH
to a compiled-in default value. Change to user's home
directory. Prepend `-' to the shell's name, intended to make it
read its login startup file(s).
HOME
, USER
,
LOGNAME
, or SHELL
. Run the shell given in the environment
variable SHELL
instead of the shell from user's passwd
entry, unless the user running su
is not the superuser and
user's shell is restricted. A restricted shell is one that
is not listed in the file `/etc/shells', or in a compiled-in list
if that file does not exist. Parts of what this option does can be
overridden by --login
and --shell
.
su
is not the superuser and user's
shell is restricted (see `-m' just above).
su
does not support the `wheel' group (This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual
su
mechanism, once someone learns the root password who
sympathizes with the ordinary users, he or she can tell the rest. The
"wheel group" feature would make this impossible, and thus cement the
power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |