Provided by: login_4.5-1ubuntu2.5_amd64 bug

NAME

       su - change user ID or become superuser

SYNOPSIS

       su [options] [username]

DESCRIPTION

       The su command is used to become another user during a login session. Invoked without a
       username, su defaults to becoming the superuser. The optional argument - may be used to
       provide an environment similar to what the user would expect had the user logged in
       directly.

       Additional arguments may be provided after the username, in which case they are supplied
       to the user's login shell. In particular, an argument of -c will cause the next argument
       to be treated as a command by most command interpreters. The command will be executed by
       the shell specified in /etc/passwd for the target user.

       You can use the -- argument to separate su options from the arguments supplied to the
       shell.

       The user will be prompted for a password, if appropriate. Invalid passwords will produce
       an error message. All attempts, both valid and invalid, are logged to detect abuse of the
       system.

       The current environment is passed to the new shell. The value of $PATH is reset to
       /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This
       may be changed with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.

       A subsystem login is indicated by the presence of a "*" as the first character of the
       login shell. The given home directory will be used as the root of a new file system which
       the user is actually logged into.

OPTIONS

       The options which apply to the su command are:

       -c, --command COMMAND
           Specify a command that will be invoked by the shell using its -c.

           The executed command will have no controlling terminal. This option cannot be used to
           execute interactive programs which need a controlling TTY.

       -, -l, --login
           Provide an environment similar to what the user would expect had the user logged in
           directly.

           When - is used, it must be specified before any username. For portability it is
           recommended to use it as last option, before any username. The other forms (-l and
           --login) do not have this restriction.

       -s, --shell SHELL
           The shell that will be invoked.

           The invoked shell is chosen from (highest priority first):

               The shell specified with --shell.

               If --preserve-environment is used, the shell specified by the $SHELL environment
               variable.

               The shell indicated in the /etc/passwd entry for the target user.

               /bin/sh if a shell could not be found by any above method.

           If the target user has a restricted shell (i.e. the shell field of this user's entry
           in /etc/passwd is not listed in /etc/shells), then the --shell option or the $SHELL
           environment variable won't be taken into account, unless su is called by root.

       -m, -p, --preserve-environment
           Preserve the current environment, except for:

           $PATH
               reset according to the /etc/login.defs options ENV_PATH or ENV_SUPATH (see below);

           $IFS
               reset to “<space><tab><newline>”, if it was set.

           If the target user has a restricted shell, this option has no effect (unless su is
           called by root).

           Note that the default behavior for the environment is the following:

               The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment variables are
               reset.

               If --login is not used, the environment is copied, except for the variables above.

               If --login is used, the $TERM, $COLORTERM, $DISPLAY, and $XAUTHORITY environment
               variables are copied if they were set.

               Other environments might be set by PAM modules.

CAVEATS

       This version of su has many compilation options, only some of which may be in use at any
       particular site.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

       CONSOLE_GROUPS (string)
           List of groups to add to the user's supplementary groups set when logging in on the
           console (as determined by the CONSOLE setting). Default is none.

           Use with caution - it is possible for users to gain permanent access to these groups,
           even when not logged in on the console.

       DEFAULT_HOME (boolean)
           Indicate if login is allowed if we can't cd to the home directory. Default is no.

           If set to yes, the user will login in the root (/) directory if it is not possible to
           cd to her home directory.

       ENV_PATH (string)
           If set, it will be used to define the PATH environment variable when a regular user
           login. The value is a colon separated list of paths (for example /bin:/usr/bin) and
           can be preceded by PATH=. The default value is PATH=/bin:/usr/bin.

       ENV_SUPATH (string)
           If set, it will be used to define the PATH environment variable when the superuser
           login. The value is a colon separated list of paths (for example
           /sbin:/bin:/usr/sbin:/usr/bin) and can be preceded by PATH=. The default value is
           PATH=/sbin:/bin:/usr/sbin:/usr/bin.

       SULOG_FILE (string)
           If defined, all su activity is logged to this file.

       SU_NAME (string)
           If defined, the command name to display when running "su -". For example, if this is
           defined as "su" then a "ps" will display the command is "-su". If not defined, then
           "ps" would display the name of the shell actually being run, e.g. something like
           "-sh".

       SYSLOG_SU_ENAB (boolean)
           Enable "syslog" logging of su activity - in addition to sulog file logging.

FILES

       /etc/passwd
           User account information.

       /etc/shadow
           Secure user account information.

       /etc/login.defs
           Shadow password suite configuration.

EXIT VALUES

       On success, su returns the exit value of the command it executed.

       If this command was terminated by a signal, su returns the number of this signal plus 128.

       If su has to kill the command (because it was asked to terminate, and the command did not
       terminate in time), su returns 255.

       Some exit values from su are independent from the executed command:

       0
           success (--help only)

       1
           System or authentication failure

       126
           The requested command was not found

       127
           The requested command could not be executed

SEE ALSO

       login(1), login.defs(5), sg(1), sh(1).