To use su, the appropriate password for the login name specified must be supplied (unless one is already root). The default password validation behavior can be altered via the PROMPT default parameter found in /etc/default/su.
Upon successful execution, su will execute a new shell with the real and effective user and group IDs and supplementary group list set to that of the specified user. The new shell will be the optional program named in the shell field of the specified user's password file entry (see passwd(4)) or /usr/bin/sh if none is specified (see sh(1)).
To restore the normal user ID environment, type an EOF character (<Ctrl><D>) to the new shell.
Any additional arguments given on the command line are
passed to the program invoked as the shell.
When using programs such as
of the form:
executes string via the shell and an arg of -r gives the user a restricted shell.
The following statements are true only if the optional program named in the shell field of the specified user's password file entry is like sh. If the first argument to su is a -, the environment will be changed to what would be expected if the user actually logged in as the specified user. This is done by invoking the program used as the shell with an arg0 value whose first character is -, thus causing first the system's profile (/etc/profile for sh or ksh, or /etc/.login for csh) and then the specified user's profile (.profile in the new HOME directory) to be executed. Otherwise, the environment is passed along with the possible exception of PATH, which is set to ``/sbin:/usr/sbin:/usr/bin:/etc'' for root. Note that if the optional program used as the shell is /usr/bin/sh, the user's .profile can check arg0 for -sh or -su to determine if it was invoked by login or su, respectively. If the user's program is other than /usr/bin/sh, then .profile is invoked with an arg0 of -program by both login and su.
Note that if you are using csh, /etc/profile is replaced by /etc/.login and $HOME/.profile is replaced by $HOME/.login.
All attempts to become another user using su are logged in the log file /var/adm/sulog.
Become user bin but change the environment
to what would be expected if bin had originally logged in:
su - bin
Execute command with the temporary environment and permissions of
su - bin -c "command args"