Purpose
Changes
the user ID that is associated with a session.
Syntax
su [-]
[Name [Argument...]]
Description
The su command
changes user credentials to those of the root user or to the user
specified by the Name parameter, and then initiates a new session.
Any arguments, such as flags or parameters, that are specified
by the Arguments parameter must relate to the login shell defined
for the user specified by the Name parameter. These arguments are
passed to the specified user's login shell. For example, if the login
shell for user Fred is /usr/bin/rksh.
The following functions
are performed by the
su command:
- account checking
- Validates the user account to be certain it exists, that it is
enabled for the su command, that the current user is in a group
permitted to switch to this account with the su command, and
that it can be used from the current controlling terminal.
- user authentication
- Validates the user's identity, using the system-defined primary
authentication methods for the user. If a password has expired, the
user must supply a new password.
- credentials establishment
- Establishes initial user credentials, using the values in the
user database. These credentials define the user's access rights and
accountability on the system.
- session initiation
- If the - flag is specified, the su command initializes
the user environment from the values in the user database and the
/etc/environment file. When the - flag is not used, the su command
does not change the directory.
These functions are performed in the sequence shown.
If one function is unsuccessful, the succeeding functions are not
done.
To restore the previous session, type exit or press
the Ctrl-D key sequence. This action ends the shell called by the su command
and returns you to the previous shell, user ID, and environment.
Each
time the
su command is executed, an entry is made in the /var/adm/sulog
and /home/ios/logs/sulog file. Both log files record the following
information: date, time, system name, and login name. Both log files
also records whether or not the login attempt was successful: a plus
sign indicates a successful login, and a minus sign indicates an unsuccessful
login.
Note: Successful use of the su command resets the
unsuccessful login count attribute in the /etc/security/lastlog file
only if the user's rlogin and login attributes are both set to false
in /etc/security/user. Otherwise, the su command does not reset
the unsuccessful login count, because the administrator often uses
the su command to fix user account problems. The user is able
to reset the attribute through a local or remote login.
Flags
| - |
Specifies that the process environment is to
be set as if the user had logged in to the system using the login
command. Tip: Nothing in the current environment is propagated
to the new shell.
|
| Name |
Specifies user ID. |
| Arguments |
Specifies the clear text password for the bindDN
that is used to bind to the LDAP server. |
Files
| /home/ios/logs/sulog |
Contains the su command log files. Note: A
padmin user can use the vi command to view log files.
|
Examples
To
change the user ID associated to a session, type the following command:
su - bob
Subscribe to this information