su(1) General Commands Manual su(1)
NAME
su - Substitutes user ID temporarily
SYNOPSIS
su [- | -f] [user] [shell_option] [shell_command]
OPTIONS
Prevents the user's shell initialization file from being executed by passing the -f option to the user's shell, thus making su start up
faster. The -f option is supported by the csh family of shells. Simulates a full login by executing the commands in either the and files
for csh or the file for sh and ksh and by setting the current working directory to the user's home directory. Passes the specified shell
option flag to the newly invoked user's shell for execution. The shell_option must be supported by the invoked shell. The csh, sh, ksh, and
any other interactive command shell support the commonly used -c shell option. By default (no "shell_option"), the shell is opened with the
-i (interactive) shell option. See the reference page for the shell you are using for more information on the shell options. Passes the
specified command to the newly invoked user's shell for execution. The shell_command must be supported by the invoked shell.
DESCRIPTION
The su command demands the password of the specified user, and if it is given, changes to that user and invokes the user's shell without
changing the current directory.
Except in a case where the - option is used, the user environment is unchanged except for HOME, SHELL, USER, and LOGNAME which are taken
from the password file for the user being substituted (see environ). The new user ID stays in force until the shell exits.
If no user is specified, root is assumed. Only users who belong to group number 0 (system) can issue su to become root, even with the root
password. To remind superusers of their responsibilities, the shell substitutes a # (number sign) for its usual prompt.
Shell commands may be passed to the shell that is spawned by su by including them on the command line after the su flags and arguments.
After the flags recognized by su and the user argument are processed, unrecognized command line flags (shell_options) and/or arguments
(shell_commands) are passed to the shell for execution. If the spawned shell does not support the command or the format of the command, the
command is not executed and the resulting shell behavior and error messages are determined by the shell.
Security Restrictions
The su command fails if any lock conditions exist on the target account. Specifically, if the destination account was retired, if the num-
ber of unsuccessful login attempts exceeds the maximum allowed, if the administrative lock was applied, or the password's lifetime was
exceeded, the Information System Security Officer (ISSO) must unlock the destination account before any user can log in to it or use su to
transition to it.
SECURITY NOTE
This security-sensitive command uses SIA (Security Integration Architecture) as an interface to the security mechanism(s) that perform the
actual user validation. See the matrix.conf(4) reference page for more information.
ENVIRONMENT VARIABLES
The following environment variables affect the behavior of su:
SEE ALSO
Commands: csh(1), ksh(1), sh(1)
su(1)