su - substitute user identity
su [-fKLlm] [-a auth-type] [-c login-class] [login [shell
su requests the Kerberos password for login (or for
``login.root'', if no
login is provided), and switches to that user and group ID
a Kerberos ticket granting access. A shell is then executed, and any
additional shell arguments after the login name are passed
to the shell.
su will resort to the local password file to find the password for login
if there is a Kerberos error or if Kerberos is not installed. If su is
executed by root, no password is requested and a shell with
user ID is executed; no additional Kerberos tickets are
By default, the environment is unmodified with the exception
HOME, SHELL, and USER. HOME and SHELL are set to the target
values. LOGNAME and USER are set to the target login,
target login has a user ID of 0 and the -l flag was not
which case it is unmodified. The invoked shell is the target login's.
This is the traditional behavior of su.
If not using -m and the target login has a user ID of 0 then
variable and umask value (see umask(2)) are always set according to the
/etc/login.conf file (see login.conf(5)).
The options are as follows:
- Same as the -l option (deprecated).
-a Specify an authentication type such as ``skey'',
-c Specify a login class. You may only override the
if you're already root.
-f If the invoked shell is csh(1), this option prevents
reading the ``.cshrc'' file.
-L Loop until a correct username and password combination is entered,
similar to login(1). Note that in this mode
must be specified explicitly, either on the command
line or interactively.
Additionally, su will prompt for the
when invoked by root.
-K Do not attempt to use Kerberos to authenticate the
-l Simulate a full login. The environment is discarded
HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME
and SHELL are
modified as above. LOGNAME and USER are set to the
PATH is set to the value specified by the ``path''
login.conf(5). TERM is imported from your current
The invoked shell is the target login's, and su will
to the target login's home directory.
-m Leave the environment unmodified. The invoked shell
is your login
shell, and no directory changes are made. As a
if the target user's shell is a non-standard shell (as
defined by getusershell(3)) and the caller's real
UID is non-zero,
su will fail.
The -l and -m options are mutually exclusive; the last one
overrides any previous ones.
If the optional shell arguments are provided on the command
are passed to the login shell of the target login. This allows it to
pass arbitrary commands via the -c option as understood by
Note that -c usually expects a single argument only; you
have to quote it
when passing multiple words.
If group 0 (normally ``wheel'') has users listed then only
can su to ``root''. It is not sufficient to change a user's
entry to add them to the ``wheel'' group; they must explicitly be listed
in /etc/group. If no one is in the ``wheel'' group, it is
anyone who knows the root password is permitted to su to
By default (unless the prompt is reset by a startup file)
prompt is set to ``#'' to remind one of its awesome power.
HOME Default home directory of real user ID unless modified as specified
LOGNAME The user ID is always the effective ID (the target
user ID) after
an su unless the user ID is 0 (root).
PATH Default search path of real user ID unless modified
TERM Provides terminal type which may be retained for
USER Same as LOGNAME.
$ su bin -c makewhatis
Runs the command makewhatis as user bin. You will be
bin's password unless your real UID is 0.
$ su bin -c 'makewhatis /usr/local/man'
Same as above, but the target command consists of
more than a single
$ su -l foo
Pretend a login for user foo.
$ su -a skey -l foo
Same as above, but use S/Key for authentication.
csh(1), kinit(1), login(1), sh(1), skey(1), setusercontext(3), group(5),
login.conf(5), passwd(5), environ(7), sudo(8)
A su command appeared in Version 7 AT&T UNIX.
There is no direct way to force a particular shell to be
The login name is not optional for root if there are shell
OpenBSD 3.6 July 29, 1991
[ Back ]