← man/system_admin
su — man su — 80×24
ugur@toprak:~/man/system_admin$man su
Bölüm 1 Sistem Yönetimi

su

substitute user identity

Synopsis

     su [-] [-flm] [login [args]]

Description

The su utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is then executed.

PAM is used to set the policy su(1) will use. In particular, by default only users in the “admin” or “wheel” groups can switch to UID 0 (“root”). This group requirement may be changed by modifying the “pam_group” section of /etc/pam.d/su. See pam_group(8) for details on how to modify this setting.

By default, the environment is unmodified with the exception of USER, HOME, and SHELL. HOME and SHELL are set to the target login's default values. USER is set to the target login, unless the target login has a user ID of 0, in which case it is unmodified. The invoked shell is the one belonging to the target login. This is the traditional behavior of su.

The options are as follows:

  • -f: If the invoked shell is csh(1), this option prevents it from reading the “.cshrc” file.

  • -l: Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as above. USER is set to the target login. PATH is set to “/bin:/usr/bin”. TERM is imported from your current environment. The invoked shell is the target login's, and su will change directory to the target login's home directory.

  •    (no letter) The same as -l.

  • -m: Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. As a security precaution, if the target user's shell is a non-standard shell (as defined by getusershell(3)) and the caller's real uid is non- zero, su will fail.

The -l (or -) and -m options are mutually exclusive; the last one specified overrides any previous ones.

If the optional args are provided on the command line, they are passed to the login shell of the target login. Note that all command line arguments before the target login name are processed by su itself, everything after the target login name gets passed to the login shell.

By default (unless the prompt is reset by a startup file) the super-user prompt is set to “#” to remind one of its awesome power.

Environment

Environment variables used by su:

HOME Default home directory of real user ID unless modified as specified above.

PATH Default search path of real user ID unless modified as specified above.

TERM Provides terminal type which may be retained for the substituted user ID.

USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root).

Files

/etc/pam.d/su PAM configuration for su.

Examples

     su -m operator -c poweroff
	    Starts a shell as user operator, and runs the command poweroff.  You will be asked for
	    operator's password unless your real UID is 0.  Note that the -m option is required
	    since user “operator” does not have a valid shell by default.  In this example, -c is
	    passed to the shell of the user “operator”, and is not interpreted as an argument to su.
     su -m operator -c 'shutdown -p now'
	    Same as above, but the target command consists of more than a single word and hence is
	    quoted for use with the -c option being passed to the shell.  (Most shells expect the
	    argument to -c to be a single word).
     su -l foo
	    Simulate a login for user foo.
     su - foo
	    Same as above.
     su -   Simulate a login for root.

See Also

csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)

History

A su command appeared in Version 1 AT&T UNIX.

macOS 26.4 March 26, 2020 macOS 26.4