CALIFE(1) BSD General Commands Manual CALIFE(1)NAME
calife -- becomes root (or another user) legally.
SYNOPSIS
calife [-] [login]
or
... [-] [login] for some sites (check with your administrator).
DESCRIPTION
Calife requests user's own password for becoming login (or root, if no login is provided), and switches to that user and group ID after veri-
fying proper rights to do so. A shell is then executed. If calife is executed by root, no password is requested and a shell with the appro-
priate user ID is executed.
The invoked shell is the user's own except when a shell is specified in the configuration file calife.auth.
If ``-'' is specified on the command line, user's profile files are read as if it was a login shell.
This is not the traditional behavior of su.
Only users specified in calife.auth can use calife to become another one with this method.
You can specify in the calife.auth file the list of logins allowed for users when using calife. See calife.auth(5) for more details.
calife.auth is installed as /etc/calife.auth.
FILES
/etc/calife.auth List of users authorized to use calife and the users they can become.
/etc/calife.out This script is executed just after getting out of calife.
SEE ALSO su(1), calife.auth(5), group(5), environ(7)ENVIRONMENT
The original environment is kept. This is not a security problem as you have to be yourself at login (i.e. it does not have the same security
implications as in su(1) ).
Environment variables used by calife:
HOME Default home directory of real user ID.
PATH Default search path of real user ID unless modified as specified above.
TERM Provides terminal type which may be retained for the substituted user ID.
USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root).
BUGS
The MD5-based crypt(3) function is slower and probably stronger than the DES-based one but it is usable only among FreeBSD 2.0+ systems.
HISTORY
A calife command appeared in DG/UX, written for Antenne 2 in 1991. It has evolved considerably since this period with more OS support, user
lists handling and improved logging.
PAM support was introduced in 2005 to port it to MacOS X variants (Panther and up).
AUTHOR
Ollivier Robert <roberto@keltia.freenix.fr>
BSD September 25, 1994 BSD
Check Out this Related Man Page
SU(1) BSD General Commands Manual SU(1)NAME
su -- substitute user identity
SYNOPSIS
su [-] [-flm] [login [args]]
DESCRIPTION
The su utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is
then executed.
PAM is used to set the policy su(1) will use. In particular, by default only users in the ``admin'' or ``wheel'' groups can switch to UID 0
(``root''). This group requirement may be changed by modifying the ``pam_group'' section of /etc/pam.d/su. See pam_group(8) for details on
how to modify this setting.
By default, the environment is unmodified with the exception of USER, HOME, and SHELL. HOME and SHELL are set to the target login's default
values. USER is set to the target login, unless the target login has a user ID of 0, in which case it is unmodified. The invoked shell is
the one belonging to the target login. This is the traditional behavior of su.
The options are as follows:
-f If the invoked shell is csh(1), this option prevents it from reading the ``.cshrc'' file.
-l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as
above. USER is set to the target login. PATH is set to ``/bin:/usr/bin''. TERM is imported from your current environment. The
invoked shell is the target login's, and su will change directory to the target login's home directory.
- (no letter) The same as -l.
-m Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. As a security precau-
tion, if the target user's shell is a non-standard shell (as defined by getusershell(3)) and the caller's real uid is non-zero, su
will fail.
The -l (or -) and -m options are mutually exclusive; the last one specified overrides any previous ones.
If the optional args are provided on the command line, they are passed to the login shell of the target login. Note that all command line
arguments before the target login name are processed by su itself, everything after the target login name gets passed to the login shell.
By default (unless the prompt is reset by a startup file) the super-user prompt is set to ``#'' to remind one of its awesome power.
ENVIRONMENT
Environment variables used by su:
HOME Default home directory of real user ID unless modified as specified above.
PATH Default search path of real user ID unless modified as specified above.
TERM Provides terminal type which may be retained for the substituted user ID.
USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root).
FILES
/etc/pam.d/su PAM configuration for su.
EXAMPLES
su man -c catman
Runs the command catman as user man. You will be asked for man's password unless your real UID is 0.
su man -c 'catman /usr/share/man /usr/local/man'
Same as above, but the target command consists of more than a single word and hence is quoted for use with the -c option being passed
to the shell. (Most shells expect the argument to -c to be a single word).
su -l foo
Simulate a login for user foo.
su - foo
Same as above.
su - Simulate a login for root.
SEE ALSO csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)HISTORY
A su command appeared in Version 1 AT&T UNIX.
BSD September 13, 2006 BSD