| @@ -1,391 +1,390 @@ | | | @@ -1,391 +1,390 @@ |
1 | .\" Copyright (c) 1988, 1990, 1993, 1994 | | 1 | .\" Copyright (c) 1988, 1990, 1993, 1994 |
2 | .\" The Regents of the University of California. All rights reserved. | | 2 | .\" The Regents of the University of California. All rights reserved. |
3 | .\" | | 3 | .\" |
4 | .\" Redistribution and use in source and binary forms, with or without | | 4 | .\" Redistribution and use in source and binary forms, with or without |
5 | .\" modification, are permitted provided that the following conditions | | 5 | .\" modification, are permitted provided that the following conditions |
6 | .\" are met: | | 6 | .\" are met: |
7 | .\" 1. Redistributions of source code must retain the above copyright | | 7 | .\" 1. Redistributions of source code must retain the above copyright |
8 | .\" notice, this list of conditions and the following disclaimer. | | 8 | .\" notice, this list of conditions and the following disclaimer. |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 9 | .\" 2. Redistributions in binary form must reproduce the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer in the | | 10 | .\" notice, this list of conditions and the following disclaimer in the |
11 | .\" documentation and/or other materials provided with the distribution. | | 11 | .\" documentation and/or other materials provided with the distribution. |
12 | .\" 3. Neither the name of the University nor the names of its contributors | | 12 | .\" 3. Neither the name of the University nor the names of its contributors |
13 | .\" may be used to endorse or promote products derived from this software | | 13 | .\" may be used to endorse or promote products derived from this software |
14 | .\" without specific prior written permission. | | 14 | .\" without specific prior written permission. |
15 | .\" | | 15 | .\" |
16 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | | 16 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
17 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 17 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
18 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 18 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
19 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 19 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
20 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 20 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
21 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 21 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
22 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 22 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
23 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 23 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
24 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 24 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
25 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 25 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
26 | .\" SUCH DAMAGE. | | 26 | .\" SUCH DAMAGE. |
27 | .\" | | 27 | .\" |
28 | .\" from: @(#)su.1 8.2 (Berkeley) 4/18/94 | | 28 | .\" from: @(#)su.1 8.2 (Berkeley) 4/18/94 |
29 | .\" $NetBSD: su.1,v 1.53 2019/09/01 18:37:44 sevan Exp $ | | 29 | .\" $NetBSD: su.1,v 1.54 2019/09/01 19:12:16 wiz Exp $ |
30 | .\" | | 30 | .\" |
31 | .Dd September 1, 2019 | | 31 | .Dd September 1, 2019 |
32 | .Dt SU 1 | | 32 | .Dt SU 1 |
33 | .Os | | 33 | .Os |
34 | .Sh NAME | | 34 | .Sh NAME |
35 | .Nm su | | 35 | .Nm su |
36 | .Nd substitute user identity | | 36 | .Nd substitute user identity |
37 | .Sh SYNOPSIS | | 37 | .Sh SYNOPSIS |
38 | .Nm | | 38 | .Nm |
39 | .Op Fl dfKlm | | 39 | .Op Fl dfKlm |
40 | .Op Fl c Ar login-class | | 40 | .Op Fl c Ar login-class |
41 | .Oo | | 41 | .Oo |
42 | .Ar login Ns Op : Ns Ar group | | 42 | .Ar login Ns Op : Ns Ar group |
43 | .Op Ar "shell arguments" | | 43 | .Op Ar "shell arguments" |
44 | .Oc | | 44 | .Oc |
45 | .Nm | | 45 | .Nm |
46 | .Op Fl dfKlm | | 46 | .Op Fl dfKlm |
47 | .Op Fl c Ar login-class | | 47 | .Op Fl c Ar login-class |
48 | .Oo | | 48 | .Oo : Ns Ar group |
49 | .Ns : Ns Ar group | | | |
50 | .Op Ar "shell arguments" | | 49 | .Op Ar "shell arguments" |
51 | .Oc | | 50 | .Oc |
52 | .Sh DESCRIPTION | | 51 | .Sh DESCRIPTION |
53 | .Nm | | 52 | .Nm |
54 | allows one user to become another user | | 53 | allows one user to become another user |
55 | .Ar login | | 54 | .Ar login |
56 | without logging out and in as | | 55 | without logging out and in as |
57 | the new user. | | 56 | the new user. |
58 | If a | | 57 | If a |
59 | .Ar group | | 58 | .Ar group |
60 | is specified and | | 59 | is specified and |
61 | .Ar login | | 60 | .Ar login |
62 | is a member of | | 61 | is a member of |
63 | .Ar group , | | 62 | .Ar group , |
64 | then the group is changed to | | 63 | then the group is changed to |
65 | .Ar group | | 64 | .Ar group |
66 | rather than to | | 65 | rather than to |
67 | .Ar login Ns 's | | 66 | .Ar login Ns 's |
68 | primary group. | | 67 | primary group. |
69 | If | | 68 | If |
70 | .Ar login | | 69 | .Ar login |
71 | is omitted and | | 70 | is omitted and |
72 | .Ar group | | 71 | .Ar group |
73 | is provided (form two above), then | | 72 | is provided (form two above), then |
74 | .Ar login | | 73 | .Ar login |
75 | is assumed to be the current username. | | 74 | is assumed to be the current username. |
76 | .Pp | | 75 | .Pp |
77 | When executed by a user, the | | 76 | When executed by a user, the |
78 | .Ar login | | 77 | .Ar login |
79 | user's password is requested. | | 78 | user's password is requested. |
80 | When using Kerberos, the password for | | 79 | When using Kerberos, the password for |
81 | .Ar login | | 80 | .Ar login |
82 | (or for | | 81 | (or for |
83 | .Dq Ar login Ns .root , | | 82 | .Dq Ar login Ns .root , |
84 | if no login is provided) is requested, and | | 83 | if no login is provided) is requested, and |
85 | .Nm | | 84 | .Nm |
86 | switches to that user and group ID after obtaining a Kerberos ticket | | 85 | switches to that user and group ID after obtaining a Kerberos ticket |
87 | granting ticket. | | 86 | granting ticket. |
88 | A shell is then executed, and any additional | | 87 | A shell is then executed, and any additional |
89 | .Ar "shell arguments" | | 88 | .Ar "shell arguments" |
90 | after the login name are passed to the shell. | | 89 | after the login name are passed to the shell. |
91 | .Nm | | 90 | .Nm |
92 | will resort to the local password file to find the password for | | 91 | will resort to the local password file to find the password for |
93 | .Ar login | | 92 | .Ar login |
94 | if there is a Kerberos error. | | 93 | if there is a Kerberos error. |
95 | If | | 94 | If |
96 | .Nm | | 95 | .Nm |
97 | is executed by root, no password is requested and a shell | | 96 | is executed by root, no password is requested and a shell |
98 | with the appropriate user ID is executed; no additional Kerberos tickets | | 97 | with the appropriate user ID is executed; no additional Kerberos tickets |
99 | are obtained. | | 98 | are obtained. |
100 | .Pp | | 99 | .Pp |
101 | Alternatively, if the user enters the password "s/key", authentication | | 100 | Alternatively, if the user enters the password "s/key", authentication |
102 | will use the S/Key one-time password system as described in | | 101 | will use the S/Key one-time password system as described in |
103 | .Xr skey 1 . | | 102 | .Xr skey 1 . |
104 | S/Key is a Trademark of Bellcore. | | 103 | S/Key is a Trademark of Bellcore. |
105 | .Pp | | 104 | .Pp |
106 | By default, the environment is unmodified with the exception of | | 105 | By default, the environment is unmodified with the exception of |
107 | .Ev LOGNAME , | | 106 | .Ev LOGNAME , |
108 | .Ev USER , | | 107 | .Ev USER , |
109 | .Ev HOME , | | 108 | .Ev HOME , |
110 | .Ev SHELL , | | 109 | .Ev SHELL , |
111 | and | | 110 | and |
112 | .Ev SU_FROM . | | 111 | .Ev SU_FROM . |
113 | .Ev HOME | | 112 | .Ev HOME |
114 | and | | 113 | and |
115 | .Ev SHELL | | 114 | .Ev SHELL |
116 | are set to the target login's default values. | | 115 | are set to the target login's default values. |
117 | .Ev LOGNAME | | 116 | .Ev LOGNAME |
118 | and | | 117 | and |
119 | .Ev USER | | 118 | .Ev USER |
120 | are set to the target login, unless the target login has a user ID of 0, | | 119 | are set to the target login, unless the target login has a user ID of 0, |
121 | in which case they are unmodified. | | 120 | in which case they are unmodified. |
122 | .Ev SU_FROM | | 121 | .Ev SU_FROM |
123 | is set to the caller's login. | | 122 | is set to the caller's login. |
124 | The invoked shell is the target login's. | | 123 | The invoked shell is the target login's. |
125 | With the exception of | | 124 | With the exception of |
126 | .Ev SU_FROM | | 125 | .Ev SU_FROM |
127 | this is the traditional behavior of | | 126 | this is the traditional behavior of |
128 | .Nm . | | 127 | .Nm . |
129 | .Pp | | 128 | .Pp |
130 | The options are as follows: | | 129 | The options are as follows: |
131 | .Bl -tag -width Ds | | 130 | .Bl -tag -width Ds |
132 | .It Fl c | | 131 | .It Fl c |
133 | Specify a login class. | | 132 | Specify a login class. |
134 | You may only override the default class if you're already root. | | 133 | You may only override the default class if you're already root. |
135 | See | | 134 | See |
136 | .Xr login.conf 5 | | 135 | .Xr login.conf 5 |
137 | for details. | | 136 | for details. |
138 | .It Fl d | | 137 | .It Fl d |
139 | Same as | | 138 | Same as |
140 | .Fl l , | | 139 | .Fl l , |
141 | but does not change the current directory. | | 140 | but does not change the current directory. |
142 | .It Fl f | | 141 | .It Fl f |
143 | If the invoked shell is | | 142 | If the invoked shell is |
144 | .Xr csh 1 , | | 143 | .Xr csh 1 , |
145 | this option prevents it from reading the | | 144 | this option prevents it from reading the |
146 | .Dq Pa .cshrc | | 145 | .Dq Pa .cshrc |
147 | file. | | 146 | file. |
148 | If the invoked shell is | | 147 | If the invoked shell is |
149 | .Xr sh 1 , | | 148 | .Xr sh 1 , |
150 | or | | 149 | or |
151 | .Xr ksh 1 , | | 150 | .Xr ksh 1 , |
152 | this option unsets | | 151 | this option unsets |
153 | .Ev ENV , | | 152 | .Ev ENV , |
154 | thus preventing the shell from executing the startup file pointed to by | | 153 | thus preventing the shell from executing the startup file pointed to by |
155 | this variable. | | 154 | this variable. |
156 | .It Fl K | | 155 | .It Fl K |
157 | Do not attempt to use Kerberos to authenticate the user. | | 156 | Do not attempt to use Kerberos to authenticate the user. |
158 | .It Fl l | | 157 | .It Fl l |
159 | Simulate a full login. | | 158 | Simulate a full login. |
160 | The environment is discarded except for | | 159 | The environment is discarded except for |
161 | .Ev HOME , | | 160 | .Ev HOME , |
162 | .Ev SHELL , | | 161 | .Ev SHELL , |
163 | .Ev PATH , | | 162 | .Ev PATH , |
164 | .Ev TERM , | | 163 | .Ev TERM , |
165 | .Ev LOGNAME , | | 164 | .Ev LOGNAME , |
166 | .Ev USER , | | 165 | .Ev USER , |
167 | and | | 166 | and |
168 | .Ev SU_FROM . | | 167 | .Ev SU_FROM . |
169 | .Ev HOME , | | 168 | .Ev HOME , |
170 | .Ev SHELL , | | 169 | .Ev SHELL , |
171 | and | | 170 | and |
172 | .Ev SU_FROM | | 171 | .Ev SU_FROM |
173 | are modified as above. | | 172 | are modified as above. |
174 | .Ev LOGNAME | | 173 | .Ev LOGNAME |
175 | and | | 174 | and |
176 | .Ev USER | | 175 | .Ev USER |
177 | are set to the target login. | | 176 | are set to the target login. |
178 | .Ev PATH | | 177 | .Ev PATH |
179 | is set to the path specified in the | | 178 | is set to the path specified in the |
180 | .Pa /etc/login.conf | | 179 | .Pa /etc/login.conf |
181 | file (or to the default of | | 180 | file (or to the default of |
182 | .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin | | 181 | .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin |
183 | ). | | 182 | ). |
184 | .Ev TERM | | 183 | .Ev TERM |
185 | is imported from your current environment. | | 184 | is imported from your current environment. |
186 | The invoked shell is the target login's, and | | 185 | The invoked shell is the target login's, and |
187 | .Nm | | 186 | .Nm |
188 | will change directory to the target login's home directory. | | 187 | will change directory to the target login's home directory. |
189 | The | | 188 | The |
190 | .Xr utmp 5 , | | 189 | .Xr utmp 5 , |
191 | .Xr wtmp 5 , | | 190 | .Xr wtmp 5 , |
192 | and | | 191 | and |
193 | .Xr lastlog 5 | | 192 | .Xr lastlog 5 |
194 | databases are not updated. | | 193 | databases are not updated. |
195 | .It Fl | | 194 | .It Fl |
196 | Same as | | 195 | Same as |
197 | .Fl l . | | 196 | .Fl l . |
198 | .It Fl m | | 197 | .It Fl m |
199 | Leave the environment unmodified. | | 198 | Leave the environment unmodified. |
200 | The invoked shell is your login shell, and no directory changes are made. | | 199 | The invoked shell is your login shell, and no directory changes are made. |
201 | As a security precaution, if the target user's shell is a non-standard | | 200 | As a security precaution, if the target user's shell is a non-standard |
202 | shell (as defined by | | 201 | shell (as defined by |
203 | .Xr getusershell 3 ) | | 202 | .Xr getusershell 3 ) |
204 | and the caller's real uid is | | 203 | and the caller's real uid is |
205 | non-zero, | | 204 | non-zero, |
206 | .Nm | | 205 | .Nm |
207 | will fail. | | 206 | will fail. |
208 | .El | | 207 | .El |
209 | .Pp | | 208 | .Pp |
210 | The | | 209 | The |
211 | .Fl l | | 210 | .Fl l |
212 | and | | 211 | and |
213 | .Fl m | | 212 | .Fl m |
214 | options are mutually exclusive; the last one specified | | 213 | options are mutually exclusive; the last one specified |
215 | overrides any previous ones. | | 214 | overrides any previous ones. |
216 | .Pp | | 215 | .Pp |
217 | Only users in group | | 216 | Only users in group |
218 | .Dq wheel | | 217 | .Dq wheel |
219 | (normally gid 0), | | 218 | (normally gid 0), |
220 | as listed in | | 219 | as listed in |
221 | .Pa /etc/group , | | 220 | .Pa /etc/group , |
222 | can | | 221 | can |
223 | .Nm | | 222 | .Nm |
224 | to | | 223 | to |
225 | .Dq root , | | 224 | .Dq root , |
226 | unless group wheel does not exist or has no members. | | 225 | unless group wheel does not exist or has no members. |
227 | (If you do not want anybody to be able to | | 226 | (If you do not want anybody to be able to |
228 | .Nm | | 227 | .Nm |
229 | to | | 228 | to |
230 | .Dq root , | | 229 | .Dq root , |
231 | make | | 230 | make |
232 | .Dq root | | 231 | .Dq root |
233 | the only member of group | | 232 | the only member of group |
234 | .Dq wheel , | | 233 | .Dq wheel , |
235 | which is the default.) | | 234 | which is the default.) |
236 | .Pp | | 235 | .Pp |
237 | For sites with very large user populations, group | | 236 | For sites with very large user populations, group |
238 | .Dq wheel | | 237 | .Dq wheel |
239 | can contain the names of other groups that will be considered authorized | | 238 | can contain the names of other groups that will be considered authorized |
240 | to | | 239 | to |
241 | .Nm | | 240 | .Nm |
242 | to | | 241 | to |
243 | .Dq root . | | 242 | .Dq root . |
244 | .Pp | | 243 | .Pp |
245 | By default (unless the prompt is reset by a startup file) the super-user | | 244 | By default (unless the prompt is reset by a startup file) the super-user |
246 | prompt is set to | | 245 | prompt is set to |
247 | .Dq Sy \&# | | 246 | .Dq Sy \&# |
248 | to remind one of its awesome power. | | 247 | to remind one of its awesome power. |
249 | .Sh CUSTOMIZATION | | 248 | .Sh CUSTOMIZATION |
250 | .Bl -tag -width "" | | 249 | .Bl -tag -width "" |
251 | .It Changing required group | | 250 | .It Changing required group |
252 | For the | | 251 | For the |
253 | .Xr pam 8 | | 252 | .Xr pam 8 |
254 | version of | | 253 | version of |
255 | .Nm | | 254 | .Nm |
256 | the name of the required group can be changed by setting | | 255 | the name of the required group can be changed by setting |
257 | .Ar gname | | 256 | .Ar gname |
258 | in | | 257 | in |
259 | .Xr pam.conf 5 : | | 258 | .Xr pam.conf 5 : |
260 | .Bd -literal | | 259 | .Bd -literal |
261 | auth requisite pam_group.so no_warn group=gname root_only fail_safe | | 260 | auth requisite pam_group.so no_warn group=gname root_only fail_safe |
262 | .Ed | | 261 | .Ed |
263 | .Pp | | 262 | .Pp |
264 | For the non | | 263 | For the non |
265 | .Xr pam 8 | | 264 | .Xr pam 8 |
266 | version of | | 265 | version of |
267 | .Nm | | 266 | .Nm |
268 | the same can be achieved by compiling with | | 267 | the same can be achieved by compiling with |
269 | .Dv SU_GROUP | | 268 | .Dv SU_GROUP |
270 | set to the desired group name. | | 269 | set to the desired group name. |
271 | .It Supplying own password | | 270 | .It Supplying own password |
272 | .Nm | | 271 | .Nm |
273 | can be configured so that users in a particular group can supply their | | 272 | can be configured so that users in a particular group can supply their |
274 | own password to become | | 273 | own password to become |
275 | .Dq root . | | 274 | .Dq root . |
276 | For the | | 275 | For the |
277 | .Xr pam 8 | | 276 | .Xr pam 8 |
278 | version of | | 277 | version of |
279 | .Nm | | 278 | .Nm |
280 | this can be done by adding a line to | | 279 | this can be done by adding a line to |
281 | .Xr pam.conf 5 | | 280 | .Xr pam.conf 5 |
282 | such as: | | 281 | such as: |
283 | .Bd -literal | | 282 | .Bd -literal |
284 | auth sufficient pam_group.so no_warn group=gname root_only authenticate | | 283 | auth sufficient pam_group.so no_warn group=gname root_only authenticate |
285 | .Ed | | 284 | .Ed |
286 | .Pp | | 285 | .Pp |
287 | where | | 286 | where |
288 | .Ar gname | | 287 | .Ar gname |
289 | is the name of the desired group. | | 288 | is the name of the desired group. |
290 | For the non | | 289 | For the non |
291 | .Xr pam 8 | | 290 | .Xr pam 8 |
292 | version of | | 291 | version of |
293 | .Nm | | 292 | .Nm |
294 | the same can be achieved by compiling with | | 293 | the same can be achieved by compiling with |
295 | .Dv SU_ROOTAUTH | | 294 | .Dv SU_ROOTAUTH |
296 | set to the desired group name. | | 295 | set to the desired group name. |
297 | .It Indirect groups | | 296 | .It Indirect groups |
298 | This option is not available with the | | 297 | This option is not available with the |
299 | .Xr pam 8 | | 298 | .Xr pam 8 |
300 | version of | | 299 | version of |
301 | .Nm . | | 300 | .Nm . |
302 | For the non | | 301 | For the non |
303 | .Xr pam 8 | | 302 | .Xr pam 8 |
304 | version of | | 303 | version of |
305 | .Nm , | | 304 | .Nm , |
306 | if | | 305 | if |
307 | .Dv SU_INDIRECT_GROUP | | 306 | .Dv SU_INDIRECT_GROUP |
308 | is defined, the | | 307 | is defined, the |
309 | .Ar SU_GROUP | | 308 | .Ar SU_GROUP |
310 | and | | 309 | and |
311 | .Ar SU_ROOTAUTH | | 310 | .Ar SU_ROOTAUTH |
312 | groups are treated as indirect groups. | | 311 | groups are treated as indirect groups. |
313 | The group members of those two groups are treated as groups themselves. | | 312 | The group members of those two groups are treated as groups themselves. |
314 | .El | | 313 | .El |
315 | .Sh ENVIRONMENT | | 314 | .Sh ENVIRONMENT |
316 | Environment variables used by | | 315 | Environment variables used by |
317 | .Nm : | | 316 | .Nm : |
318 | .Bl -tag -width "HOME" | | 317 | .Bl -tag -width "HOME" |
319 | .It Ev HOME | | 318 | .It Ev HOME |
320 | Default home directory of real user ID unless modified as | | 319 | Default home directory of real user ID unless modified as |
321 | specified above. | | 320 | specified above. |
322 | .It Ev LOGNAME | | 321 | .It Ev LOGNAME |
323 | The user ID is always the effective ID (the target user ID) after an | | 322 | The user ID is always the effective ID (the target user ID) after an |
324 | .Nm | | 323 | .Nm |
325 | unless the user ID is 0 (root). | | 324 | unless the user ID is 0 (root). |
326 | .It Ev PATH | | 325 | .It Ev PATH |
327 | Default search path of real user ID unless modified as specified above. | | 326 | Default search path of real user ID unless modified as specified above. |
328 | .It Ev TERM | | 327 | .It Ev TERM |
329 | Provides terminal type which may be retained for the substituted | | 328 | Provides terminal type which may be retained for the substituted |
330 | user ID. | | 329 | user ID. |
331 | .It Ev USER | | 330 | .It Ev USER |
332 | The user ID is always the effective ID (the target user ID) after an | | 331 | The user ID is always the effective ID (the target user ID) after an |
333 | .Nm | | 332 | .Nm |
334 | unless the user ID is 0 (root). | | 333 | unless the user ID is 0 (root). |
335 | .El | | 334 | .El |
336 | .Sh EXIT STATUS | | 335 | .Sh EXIT STATUS |
337 | .Nm | | 336 | .Nm |
338 | returns the exit status of the executed subshell, or 1 if any error | | 337 | returns the exit status of the executed subshell, or 1 if any error |
339 | occurred while switching privileges. | | 338 | occurred while switching privileges. |
340 | .Sh EXAMPLES | | 339 | .Sh EXAMPLES |
341 | To become user username and use the same environment as in original shell, execute: | | 340 | To become user username and use the same environment as in original shell, execute: |
342 | .Bd -literal -offset indent | | 341 | .Bd -literal -offset indent |
343 | su username | | 342 | su username |
344 | .Ed | | 343 | .Ed |
345 | .Pp | | 344 | .Pp |
346 | To become user username and use environment as if full login would be performed, | | 345 | To become user username and use environment as if full login would be performed, |
347 | execute: | | 346 | execute: |
348 | .Bd -literal -offset indent | | 347 | .Bd -literal -offset indent |
349 | su -l username | | 348 | su -l username |
350 | .Ed | | 349 | .Ed |
351 | .Pp | | 350 | .Pp |
352 | When a | | 351 | When a |
353 | .Fl c | | 352 | .Fl c |
354 | option is included | | 353 | option is included |
355 | .Em after | | 354 | .Em after |
356 | the | | 355 | the |
357 | .Ar login | | 356 | .Ar login |
358 | name it is not a | | 357 | name it is not a |
359 | .Nm | | 358 | .Nm |
360 | option, because any arguments after the | | 359 | option, because any arguments after the |
361 | .Ar login | | 360 | .Ar login |
362 | are passed to the shell. | | 361 | are passed to the shell. |
363 | (See | | 362 | (See |
364 | .Xr csh 1 , | | 363 | .Xr csh 1 , |
365 | .Xr ksh 1 | | 364 | .Xr ksh 1 |
366 | or | | 365 | or |
367 | .Xr sh 1 | | 366 | .Xr sh 1 |
368 | for details.) | | 367 | for details.) |
369 | To execute arbitrary command with privileges of user | | 368 | To execute arbitrary command with privileges of user |
370 | .Em username , | | 369 | .Em username , |
371 | execute: | | 370 | execute: |
372 | .Bd -literal -offset indent | | 371 | .Bd -literal -offset indent |
373 | su username -c "command args" | | 372 | su username -c "command args" |
374 | .Ed | | 373 | .Ed |
375 | .Sh SEE ALSO | | 374 | .Sh SEE ALSO |
376 | .Xr csh 1 , | | 375 | .Xr csh 1 , |
377 | .Xr kinit 1 , | | 376 | .Xr kinit 1 , |
378 | .Xr login 1 , | | 377 | .Xr login 1 , |
379 | .Xr sh 1 , | | 378 | .Xr sh 1 , |
380 | .Xr skey 1 , | | 379 | .Xr skey 1 , |
381 | .Xr setusercontext 3 , | | 380 | .Xr setusercontext 3 , |
382 | .Xr group 5 , | | 381 | .Xr group 5 , |
383 | .Xr login.conf 5 , | | 382 | .Xr login.conf 5 , |
384 | .Xr passwd 5 , | | 383 | .Xr passwd 5 , |
385 | .Xr environ 7 , | | 384 | .Xr environ 7 , |
386 | .Xr kerberos 8 | | 385 | .Xr kerberos 8 |
387 | .Sh HISTORY | | 386 | .Sh HISTORY |
388 | An | | 387 | An |
389 | .Nm | | 388 | .Nm |
390 | utility appeared in | | 389 | utility appeared in |
391 | .At v1 | | 390 | .At v1 |