su allows one user to temporarily become another user. It runs a command (often an interactive shell) with the real and effective user ID, group ID, and supplemental groups of a given user. Synopsis:
su [option]... [user [arg]...]
If no user is given, the default is root
, the super-user.
The shell to use is taken from user's passwd
entry, or
/bin/sh if none is specified there. If user has a
password, su prompts for the password unless run by a user with
effective user ID of zero (the super-user).
By default, su does not change the current directory. It sets the environment variables HOME and SHELL from the password entry for user, and if user is not the super-user, sets USER and LOGNAME to user. By default, the shell is not a login shell.
Any additional args are passed as additional arguments to the shell.
GNU su does not treat /bin/sh or any other shells specially
(e.g., by setting argv[0]
to -su, passing -c only
to certain shells, etc.).
su can optionally be compiled to use syslog
to report
failed, and optionally successful, su attempts. (If the system
supports syslog
.) However, GNU su does not check if the
user is a member of the wheel
group; see below.
The program accepts the following options. Also see Common options.
125 if su itself fails
126 if subshell is found but cannot be invoked
127 if subshell cannot be found
the exit status of the subshell otherwise
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group” feature would make this impossible, and thus cement the power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.