su(8) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

su(8)

System Administration Commands                                           su(8)



NAME
       su - become superuser or another user

SYNOPSIS
       su [-] [username [arg...]]

DESCRIPTION
       The su command allows one to become another user without logging off or
       to assume a role. The default user name is root (superuser).


       To use su, the  appropriate  password  must  be  supplied  (unless  the
       invoker  is already root). If the password is correct, su creates a new
       shell process that has the real and effective user ID, group  IDs,  and
       supplementary  group list set to those of the specified username. Addi‐
       tionally, the new shell's project ID is set to the default  project  ID
       of  the specified user. See getprojent(3PROJECT), setproject(3PROJECT).
       The new shell will be the shell specified in the shell field  of  user‐
       name's  password  file entry (see passwd(5)). If no shell is specified,
       /usr/bin/sh is used (see sh(1)). If superuser  privilege  is  requested
       and  the  shell  for  the  superuser  cannot  be invoked using exec(2),
       /sbin/sh is used as a fallback. To return to normal user ID privileges,
       type an EOF character (CTRL-D) to exit the new shell.


       Any  additional  arguments  given on the command line are passed to the
       new shell. When using programs such as  sh,  an  arg  of  the  form  -c
       string  executes string using the shell and an arg of -r gives the user
       a restricted shell.


       To create a login environment, the command "su -" does the following:

           o      In addition to what is already propagated, the LC* and  LANG
                  environment  variables from the specified user's environment
                  are also propagated.


           o      Set MAIL to /var/mail/new_user.



       If the first argument to su is a dash  (-),  the  environment  will  be
       changed to what would be expected if the user actually logged in as the
       specified user. Otherwise, the environment is passed  along,  with  the
       exception  of  $PATH,  which  is  controlled  by  PATH  and  SUPATH  in
       /etc/default/su.


       All attempts to become another user using su are logged in the log file
       /var/adm/sulog (see sulog(5)).

SECURITY
       su  uses pam(3PAM) with the service name su for authentication, account
       management, and credential establishment.

EXAMPLES
       Example 1 Becoming User bin While Retaining  Your  Previously  Exported
       Environment



       To  become  user  bin while retaining your previously exported environ‐
       ment, execute:


         example% su bin



       Example 2 Becoming User bin and Changing to bin's Login Environment



       To become user bin but change the environment to what would be expected
       if bin had originally logged in, execute:


         example% su - bin



       Example 3 Executing command with user bin's Environment and Permissions



       To  execute  command  with the temporary environment and permissions of
       user bin, type:


         example% su - bin -c "command args"



ENVIRONMENT VARIABLES
       Variables with LD_ prefix are removed for security  reasons.  Thus,  su
       bin will not retain previously exported variables with LD_ prefix while
       becoming user bin.


       If any of the LC_* variables (LC_CTYPE, LC_MESSAGES,  LC_TIME,  LC_COL‐
       LATE,  LC_NUMERIC, and LC_MONETARY) (see environ(7)) are not set in the
       environment, the operational behavior  of  su  for  each  corresponding
       locale  category  is  determined  by  the value of the LANG environment
       variable. If LC_ALL is set, its contents are used to override both  the
       LANG  and  the other LC_* variables. If none of the above variables are
       set in the environment, the "C" (U.S. style) locale determines  how  su
       behaves.

       LC_CTYPE       Determines  how  su handles characters. When LC_CTYPE is
                      set to a valid value, su can display and handle text and
                      filenames  containing  valid characters for that locale.
                      su can display and handle Extended UNIX Code (EUC) char‐
                      acters  where any individual character can be 1, 2, or 3
                      bytes wide. su can also handle EUC characters of  1,  2,
                      or  more  column widths. In the "C" locale, only charac‐
                      ters from ISO 8859-1 are valid.


       LC_MESSAGES    Determines how diagnostic and informative  messages  are
                      presented.  This  includes the language and style of the
                      messages, and the correct form of affirmative and  nega‐
                      tive responses. In the "C" locale, the messages are pre‐
                      sented in the default form found in the  program  itself
                      (in most cases, U.S. English).


FILES
       $HOME/.profile

           user's login commands for sh and ksh


       /etc/passwd

           system's password file


       /etc/profile

           system-wide sh and ksh login commands


       /var/adm/sulog

           log file


       /etc/default/su

           This  file  is obsolete. However, you can use the svc:/system/secu‐
           rity/account-policy:default service to set  the  corresponding  SMF
           properties.

           The following table lists the mapping between the properties in the
           /etc/default/su and the SMF properties:



           tab()  box;  lw(NaNi)  |lw(NaNi)  lw(NaNi)  |lw(NaNi)  Property  in
           /etc/default/loginCorresponding  SMF Property _ SULOGsu/log/logfile
           _ CONSOLEsu/log/device _ PATHsu/environment/path  _  SUPATHsu/envi‐
           ronment/root_path   _   SYSLOGsu/log/syslog  _  SLEEPTIMElogin_pol‐
           icy/sleeptime

           For information on managing the SMF properties,  see  the  account-
           policy(8S) man page.

           The  descriptions of the properties in the /etc/default/su file are
           as follows:

           SULOG      If defined, all attempts  to  su  to  another  user  are
                      logged in the indicated file.


           CONSOLE    If defined, all attempts to su to root are logged on the
                      console.


           PATH       Default path. (/usr/bin:)


           SUPATH     Default  path  for  a  user   invoking   su   to   root.
                      (/usr/sbin:/usr/bin)


           SYSLOG     Determines  whether  the  syslog(3C)   LOG_AUTH facility
                      should be used to log all su attempts.  LOG_NOTICE  mes‐
                      sages  are generated for su's to root, LOG_INFO messages
                      are generated for su's to other users, and LOG_CRIT mes‐
                      sages are generated for failed su attempts.



       /etc/default/login

           the default parameters in this file are:

           SLEEPTIME    If  present, sets the number of seconds to wait before
                        login failure is printed to  the  screen  and  another
                        login  attempt is allowed. Default is 4 seconds. Mini‐
                        mum is 0 seconds. Maximum is 5 seconds.

                        Both su and login(1) are  affected  by  the  value  of
                        SLEEPTIME.



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os


SEE ALSO
       csh(1), env(1), ksh(1), login(1), roles(1), sh(1), exec(2), syslog(3C),
       pam(3PAM),    pam_acct_mgmt(3PAM),   pam_authenticate(3PAM),   pam_set‐
       cred(3PAM),  getprojent(3PROJECT),  setproject(3PROJECT),  pam.conf(5),
       passwd(5), profile(5), sulog(5), attributes(7), environ(7), syslogd(8),
       account-policy(8S)



Oracle Solaris 11.4               11 May 2021                            su(8)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3