svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
su(8)
System Administration Commands su(8)
NAME
su - become superuser or another user
SYNOPSIS
su [-] [username [arg...]]
DESCRIPTION
The su command allows one to become another user without logging off or
to assume a role. The default user name is root (superuser).
To use su, the appropriate password must be supplied (unless the
invoker is already root). If the password is correct, su creates a new
shell process that has the real and effective user ID, group IDs, and
supplementary group list set to those of the specified username. Addi‐
tionally, the new shell's project ID is set to the default project ID
of the specified user. See getprojent(3PROJECT), setproject(3PROJECT).
The new shell will be the shell specified in the shell field of user‐
name's password file entry (see passwd(5)). If no shell is specified,
/usr/bin/sh is used (see sh(1)). If superuser privilege is requested
and the shell for the superuser cannot be invoked using exec(2),
/sbin/sh is used as a fallback. To return to normal user ID privileges,
type an EOF character (CTRL-D) to exit the new shell.
Any additional arguments given on the command line are passed to the
new shell. When using programs such as sh, an arg of the form -c
string executes string using the shell and an arg of -r gives the user
a restricted shell.
To create a login environment, the command "su -" does the following:
o In addition to what is already propagated, the LC* and LANG
environment variables from the specified user's environment
are also propagated.
o Set MAIL to /var/mail/new_user.
If the first argument to su is a dash (-), the environment will be
changed to what would be expected if the user actually logged in as the
specified user. Otherwise, the environment is passed along, with the
exception of $PATH, which is controlled by PATH and SUPATH in
/etc/default/su.
All attempts to become another user using su are logged in the log file
/var/adm/sulog (see sulog(5)).
SECURITY
su uses pam(3PAM) with the service name su for authentication, account
management, and credential establishment.
EXAMPLES
Example 1 Becoming User bin While Retaining Your Previously Exported
Environment
To become user bin while retaining your previously exported environ‐
ment, execute:
example% su bin
Example 2 Becoming User bin and Changing to bin's Login Environment
To become user bin but change the environment to what would be expected
if bin had originally logged in, execute:
example% su - bin
Example 3 Executing command with user bin's Environment and Permissions
To execute command with the temporary environment and permissions of
user bin, type:
example% su - bin -c "command args"
ENVIRONMENT VARIABLES
Variables with LD_ prefix are removed for security reasons. Thus, su
bin will not retain previously exported variables with LD_ prefix while
becoming user bin.
If any of the LC_* variables (LC_CTYPE, LC_MESSAGES, LC_TIME, LC_COL‐
LATE, LC_NUMERIC, and LC_MONETARY) (see environ(7)) are not set in the
environment, the operational behavior of su for each corresponding
locale category is determined by the value of the LANG environment
variable. If LC_ALL is set, its contents are used to override both the
LANG and the other LC_* variables. If none of the above variables are
set in the environment, the "C" (U.S. style) locale determines how su
behaves.
LC_CTYPE Determines how su handles characters. When LC_CTYPE is
set to a valid value, su can display and handle text and
filenames containing valid characters for that locale.
su can display and handle Extended UNIX Code (EUC) char‐
acters where any individual character can be 1, 2, or 3
bytes wide. su can also handle EUC characters of 1, 2,
or more column widths. In the "C" locale, only charac‐
ters from ISO 8859-1 are valid.
LC_MESSAGES Determines how diagnostic and informative messages are
presented. This includes the language and style of the
messages, and the correct form of affirmative and nega‐
tive responses. In the "C" locale, the messages are pre‐
sented in the default form found in the program itself
(in most cases, U.S. English).
FILES
$HOME/.profile
user's login commands for sh and ksh
/etc/passwd
system's password file
/etc/profile
system-wide sh and ksh login commands
/var/adm/sulog
log file
/etc/default/su
This file is obsolete. However, you can use the svc:/system/secu‐
rity/account-policy:default service to set the corresponding SMF
properties.
The following table lists the mapping between the properties in the
/etc/default/su and the SMF properties:
tab() box; lw(NaNi) |lw(NaNi) lw(NaNi) |lw(NaNi) Property in
/etc/default/loginCorresponding SMF Property _ SULOGsu/log/logfile
_ CONSOLEsu/log/device _ PATHsu/environment/path _ SUPATHsu/envi‐
ronment/root_path _ SYSLOGsu/log/syslog _ SLEEPTIMElogin_pol‐
icy/sleeptime
For information on managing the SMF properties, see the account-
policy(8S) man page.
The descriptions of the properties in the /etc/default/su file are
as follows:
SULOG If defined, all attempts to su to another user are
logged in the indicated file.
CONSOLE If defined, all attempts to su to root are logged on the
console.
PATH Default path. (/usr/bin:)
SUPATH Default path for a user invoking su to root.
(/usr/sbin:/usr/bin)
SYSLOG Determines whether the syslog(3C) LOG_AUTH facility
should be used to log all su attempts. LOG_NOTICE mes‐
sages are generated for su's to root, LOG_INFO messages
are generated for su's to other users, and LOG_CRIT mes‐
sages are generated for failed su attempts.
/etc/default/login
the default parameters in this file are:
SLEEPTIME If present, sets the number of seconds to wait before
login failure is printed to the screen and another
login attempt is allowed. Default is 4 seconds. Mini‐
mum is 0 seconds. Maximum is 5 seconds.
Both su and login(1) are affected by the value of
SLEEPTIME.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os
SEE ALSO
csh(1), env(1), ksh(1), login(1), roles(1), sh(1), exec(2), syslog(3C),
pam(3PAM), pam_acct_mgmt(3PAM), pam_authenticate(3PAM), pam_set‐
cred(3PAM), getprojent(3PROJECT), setproject(3PROJECT), pam.conf(5),
passwd(5), profile(5), sulog(5), attributes(7), environ(7), syslogd(8),
account-policy(8S)
Oracle Solaris 11.4 11 May 2021 su(8)