Section: User Commands (1)
Return to Main Contents
su - change user ID or become superuser
su [options] [username]
command is used to become another user during a login session. Invoked without a
defaults to becoming the superuser. The optional argument
may be used to provide an environment similar to what the user would expect had the user logged in directly.
Additional arguments may be provided after the username, in which case they are supplied to the user's login shell. In particular, an argument of
will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in
for the target user.
You can use the
argument to separate
options from the arguments supplied to the shell.
The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuse of the system.
The current environment is passed to the new shell. The value of
is reset to
for normal users, or
for the superuser. This may be changed with the
A subsystem login is indicated by the presence of a "*" as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into.
The options which apply to the
-c, --command COMMAND
Specify a command that will be invoked by the shell using its
The executed command will have no controlling terminal. This option cannot be used to execute interractive programs which need a controlling TTY.
-, -l, --login
Provide an environment similar to what the user would expect had the user logged in directly.
is used, it must be specified before any
username. For portability it is recommended to use it as last option, before any
username. The other forms (-l
--login) do not have this restriction.
-s, --shell SHELL
The shell that will be invoked.
The invoked shell is chosen from (highest priority first):
The shell specified with --shell.
is used, the shell specified by the
The shell indicated in the
entry for the target user.
if a shell could not be found by any above method.
If the target user has a restricted shell (i.e. the shell field of this user's entry in
is not listed in
/etc/shells), then the
option or the
environment variable won't be taken into account, unless
is called by root.
-m, -p, --preserve-environment
Preserve the current environment, except for:
reset according to the
"<space><tab><newline>", if it was set.
If the target user has a restricted shell, this option has no effect (unless
is called by root).
Note that the default behavior for the environment is the following:
environment variables are reset.
is not used, the environment is copied, except for the variables above.
is used, the
environment variables are copied if they were set.
Other environments might be set by PAM modules.
This version of
has many compilation options, only some of which may be in use at any particular site.
The following configuration variables in
change the behavior of this tool:
List of groups to add to the user's supplementary groups set when logging in on the console (as determined by the CONSOLE setting). Default is none.
Use with caution - it is possible for users to gain permanent access to these groups, even when not logged in on the console.
Indicate if login is allowed if we can't cd to the home directory. Default is no.
If set to
yes, the user will login in the root (/) directory if it is not possible to cd to her home directory.
If set, it will be used to define the PATH environment variable when a regular user login. The value is a colon separated list of paths (for example
/bin:/usr/bin) and can be preceded by
PATH=. The default value is
If set, it will be used to define the PATH environment variable when the superuser login. The value is a colon separated list of paths (for example
/sbin:/bin:/usr/sbin:/usr/bin) and can be preceded by
PATH=. The default value is
If defined, all su activity is logged to this file.
If defined, the command name to display when running "su -". For example, if this is defined as "su" then a "ps" will display the command is "-su". If not defined, then "ps" would display the name of the shell actually being run, e.g. something like "-sh".
Enable "syslog" logging of
activity - in addition to sulog file logging.
User account information.
Secure user account information.
Shadow password suite configuration.
returns the exit value of the command it executed.
If this command was terminated by a signal,
returns the number of this signal plus 128.
If su has to kill the command (because it was asked to terminate, and the command did not terminate in time),
Some exit values from
are independent from the executed command:
System or authentication failure
The requested command was not found
The requested command could not be executed
- EXIT VALUES
- SEE ALSO