NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CAVEATS | CONFIGURATION | FILES | EXIT VALUES | SEE ALSO | COLOPHON

SU(1)                           User Commands                          SU(1)

NAME         top

       su - change user ID or become superuser

SYNOPSIS         top

       su [options] [username]

DESCRIPTION         top

       The su command is used to become another user during a login session.
       Invoked without a username, su defaults to becoming the superuser.
       The optional argument - may be used to provide an environment similar
       to what the user would expect had the user logged in directly.
       Additional arguments may be provided after the username, in which
       case they are supplied to the user's login shell. In particular, an
       argument of -c will cause the next argument to be treated as a
       command by most command interpreters. The command will be executed by
       the shell specified in /etc/passwd for the target user.
       You can use the -- argument to separate su options from the arguments
       supplied to the shell.
       The user will be prompted for a password, if appropriate. Invalid
       passwords will produce an error message. All attempts, both valid and
       invalid, are logged to detect abuse of the system.
       The current environment is passed to the new shell. The value of
       $PATH is reset to /bin:/usr/bin for normal users, or
       /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
       with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
       A subsystem login is indicated by the presence of a "*" as the first
       character of the login shell. The given home directory will be used
       as the root of a new file system which the user is actually logged
       into.

OPTIONS         top

       The options which apply to the su command are:
       -c, --command COMMAND
           Specify a command that will be invoked by the shell using its -c.
           The executed command will have no controlling terminal. This
           option cannot be used to execute interactive programs which need
           a controlling TTY.
       -, -l, --login
           Provide an environment similar to what the user would expect had
           the user logged in directly.
           When - is used, it must be specified before any username. For
           portability it is recommended to use it as last option, before
           any username. The other forms (-l and --login) do not have this
           restriction.
       -s, --shell SHELL
           The shell that will be invoked.
           The invoked shell is chosen from (highest priority first):
               The shell specified with --shell.
               If --preserve-environment is used, the shell specified by the
               $SHELL environment variable.
               The shell indicated in the /etc/passwd entry for the target
               user.
               /bin/sh if a shell could not be found by any above method.
           If the target user has a restricted shell (i.e. the shell field
           of this user's entry in /etc/passwd is not listed in
           /etc/shells), then the --shell option or the $SHELL environment
           variable won't be taken into account, unless su is called by
           root.
       -m, -p, --preserve-environment
           Preserve the current environment, except for:
           $PATH
               reset according to the /etc/login.defs options ENV_PATH or
               ENV_SUPATH (see below);
           $IFS
               reset to “<space><tab><newline>”, if it was set.
           If the target user has a restricted shell, this option has no
           effect (unless su is called by root).
           Note that the default behavior for the environment is the
           following:
               The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS
               environment variables are reset.
               If --login is not used, the environment is copied, except for
               the variables above.
               If --login is used, the $TERM, $COLORTERM, $DISPLAY, and
               $XAUTHORITY environment variables are copied if they were
               set.
               Other environments might be set by PAM modules.

CAVEATS         top

       This version of su has many compilation options, only some of which
       may be in use at any particular site.

CONFIGURATION         top

       The following configuration variables in /etc/login.defs change the
       behavior of this tool:
       CONSOLE_GROUPS (string)
           List of groups to add to the user's supplementary groups set when
           logging in on the console (as determined by the CONSOLE setting).
           Default is none.
           Use with caution - it is possible for users to gain permanent
           access to these groups, even when not logged in on the console.
       DEFAULT_HOME (boolean)
           Indicate if login is allowed if we can't cd to the home
           directory. Default is no.
           If set to yes, the user will login in the root (/) directory if
           it is not possible to cd to her home directory.
       ENV_PATH (string)
           If set, it will be used to define the PATH environment variable
           when a regular user login. The value is a colon separated list of
           paths (for example /bin:/usr/bin) and can be preceded by PATH=.
           The default value is PATH=/bin:/usr/bin.
       ENV_SUPATH (string)
           If set, it will be used to define the PATH environment variable
           when the superuser login. The value is a colon separated list of
           paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be
           preceded by PATH=. The default value is
           PATH=/sbin:/bin:/usr/sbin:/usr/bin.
       SULOG_FILE (string)
           If defined, all su activity is logged to this file.
       SU_NAME (string)
           If defined, the command name to display when running "su -". For
           example, if this is defined as "su" then a "ps" will display the
           command is "-su". If not defined, then "ps" would display the
           name of the shell actually being run, e.g. something like "-sh".
       SYSLOG_SU_ENAB (boolean)
           Enable "syslog" logging of su activity - in addition to sulog
           file logging.

FILES         top

       /etc/passwd
           User account information.
       /etc/shadow
           Secure user account information.
       /etc/login.defs
           Shadow password suite configuration.

EXIT VALUES         top

       On success, su returns the exit value of the command it executed.
       If this command was terminated by a signal, su returns the number of
       this signal plus 128.
       If su has to kill the command (because it was asked to terminate, and
       the command did not terminate in time), su returns 255.
       Some exit values from su are independent from the executed command:
       0
           success (--help only)
       1
           System or authentication failure
       126
           The requested command was not found
       127
           The requested command could not be executed

SEE ALSO         top

       login(1), login.defs(5), sg(1), sh(1).

COLOPHON         top

       This page is part of the shadow-utils (utilities for managing
       accounts and shadow password files) project.  Information about the
       project can be found at ⟨http://pkg-shadow.alioth.debian.org/⟩.  If
       you have a bug report for this manual page, see 
       ⟨http://pkg-shadow.alioth.debian.org/getinvolved.php⟩.  This page was
       obtained from the project's upstream Git repository 
       ⟨git://anonscm.debian.org/git/pkg-shadow/shadow.git⟩ on 2017-07-05.
       If you discover any rendering problems in this HTML version of the
       page, or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to man-pages@man7.org
shadow-utils 4.4                 07/05/2017                            SU(1)