|
|
AIX logon attempts
|
|
su(1) General Commands Manual su(1) NAME
su - switch user SYNOPSIS
[username [arguments]] [username] DESCRIPTION
The (set user or superuser) command allows one user to become another user without logging out. username is the name of a user defined in the file (see passwd(4)). The default name is (that is, superuser). To use the appropriate password must be supplied unless the current user is superuser and is not using the option. If a valid password is entered, executes a new shell with the real and effective user ID, real and effective group ID, and group access list set to that of the specified user. The new shell is the one specified in the shell field of the new user's entry in the password file, The arguments are passed along to the new shell for execution, permitting the user to run shell procedures with the new user's privileges. When exiting from the new shell, the previous username and environment are restored. All attempts to become another user are logged in including failures. Successful attempts are flagged with failures, with They are also logged with (see syslog(3C)). Options recognizes the following options: If the option is specified, the new shell starts up as if the new user had initiated a new login session. If the option is omit- ted, the new shell starts as if a subshell was invoked. See more details below. If DCE (Distributed Computing Environment) is being used as the authentication mechanism, the option must be specified. With this option, even superuser will be prompted for the user's password. The reason for this is because DCE credentials for a user cannot be obtained without that user's pass- word. This option cannot be used with shell arguments. If the option is specified, the new shell starts up as if the new user had initiated a new login session. Exceptions are as follows: o The variable is reset to the new user's home directory. o If the new user name is the path and prompt variables are reset: For other user names: o The variable is retained. o The rest of the environment is deleted and reset to the login state. However, the login files are normally executed anyway, usually restoring the expected value of and other variables. If the option is omitted, the new shell starts as if a subshell was invoked. Exceptions are as follows: o If the new user name is the path and prompt variables are reset: o The previously defined and environment variables are removed. o The rest of the environment is retained. If the shell specified in is sets the value of parameter in the new shell (referenced as to If the option of the command is specified, sets parameter to If the shell specified in is not sets the value of parameter in the new shell to shellname. If the option of the command is specified, sets parameter to For example, if the Korn shell is invoked, the value of shellname will be either or By comparison, the command always sets parameter to HP-UX Smart Card Login If the user account is configured to use a Smart Card, the user password is stored in the card. This password has characteristics identi- cal to a normal password stored on the system. In order to using a Smart Card account, the Smart Card from the destination user account must be inserted into the Smart Card reader. The user is prompted for a PIN instead of a password during authentication. The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is not necessary to know the pass- word, only the PIN. The card is locked if an incorrect PIN is entered three consecutive times. It may be unlocked only by the card issuer. SECURITY FEATURES
Except for user users cannot use to change to an account that has been locked because of expired passwords or other access restrictions. Refer to the file in the security(4) manual page for detailed information on configurable parameters that affect the behavior of this com- mand. Currently, the supported parameters for the command are: EXTERNAL INFLUENCES
Environment Variables User's home directory The language in which messages are displayed. If is not specified or is null, it defaults to (see lang(5)). If any internationalization variable contains an invalid set- ting, all internationalization variables default to (see environ(5)). User's login name Command name search path Default prompt Name of the user's shell International Code Set Support Characters in the 7-bit US-ASCII code sets are supported in login names (see ascii(5)). EXAMPLES
Become user while retaining the previously exported environment: Become user but change the environment to what would be expected if had originally logged in: Execute the command, using the temporary environment and permissions of user In this example, user bin's shell is invoked with the argu- ments Become user in the DCE environment: WARNINGS
After a valid password is supplied, uses information from and to determine the user's group ID and group access list. If is linked to and group membership for the user trying to log in is managed by the Network Information Service (NIS), and no NIS server is able to respond, waits until a server does respond. DEPENDENCIES
Pluggable Authentication Modules (PAM) PAM is an Open Group standard for user authentication, password modification, and account validation. In particular, is invoked to perform all functions related to This includes password retrieval, account validation, and error message displays. FILES
User's profile System's default group access list file System's password file System's profile Log of all attempts Security defaults configuration file SEE ALSO
env(1), login(1), sh(1), initgroups(3C), syslog(3C), group(4), passwd(4), profile(4), security(4), environ(5). Pluggable Authentication Modules (PAM) pam_acct_mgmt(3), pam_authenticate(3). HP-UX Smart Card Login scpin(1). STANDARDS CONFORMANCE
su(1)
AIX logon attempts