shadow/man/su.1.xml
nekral-guest 15989f16f7 * man/pwconv.8.xml: Fix typos.
* man/chpasswd.8.xml, man/chgpasswd.8.xml: Document the NONE crypt
  method.
* man/login.defs.d/MAIL_DIR.xml: Add comment regarding useradd not
  using MAIL_FILE.
* man/login.defs.d/ERASECHAR.xml, man/login.defs.d/KILLCHAR.xml,
  man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/ENV_HZ.xml,
  man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
  These variables are also used by some tools when compiled with PAM
  support.
* man/login.defs.d/ENV_HZ.xml: Add note that it is only used by
  sulogin when compiled with PAM support.
* man/login.defs.d/ENV_SUPATH.xml: Typos: ENV_PATH -> ENV_SUPATH,
  and mention sbin in the path.
* man/login.defs.d/LOGIN_STRING.xml: Fix typo: confition ->
  condition.
* man/sg.1.xml: Add CONFIGURATION section (SYSLOG_SG_ENAB).
* man/su.1.xml: ENV_HZ, LOGIN_STRING, MAIL_DIR, USERGROUPS_ENAB
  are only used when su is compiled without PAM support.
* man/login.defs.5.xml: Added variables: OBSCURE_CHECKS_ENAB
  PASS_ALWAYS_WARN PASS_CHANGE_TRIES SULOG_FILE SU_NAME
  SU_WHEEL_ONLY SYSLOG_SG_ENAB SYSLOG_SU_ENAB.
* man/login.defs.5.xml: ENVIRON_FILE is only used when compiled
  without PAM support.
* man/login.defs.5.xml: sulogin uses variables even when compiled
  with PAM support.
* man/login.1.xml: ENV_HZ ENV_PATH ENV_SUPATH MAIL_DIR UMASK are
  only used when login is not compiled with PAM support.
2007-12-09 14:50:14 +00:00

258 lines
8.3 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
<!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
<!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
<!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
]>
<refentry id='su.1'>
<!-- $Id$ -->
<refmeta>
<refentrytitle>su</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>su</refname>
<refpurpose>change user ID or become superuser</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>su</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='opt'>
<arg choice='plain'>
<replaceable>LOGIN</replaceable>
</arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>su</command> command is used to become another user during
a login session. Invoked without a <option>username</option>,
<command>su</command> defaults to
becoming the superuser. The optional argument <option>-</option> may
be used to provide an environment similar to what the user would
expect had the user logged in directly.
</para>
<para>
Additional arguments may be provided after the username, in which case
they are supplied to the user's login shell. In particular, an
argument of <option>-c</option> will cause the next argument to be
treated as a command by most command interpreters. The command will be
executed by the shell specified in <filename>/etc/passwd</filename>
for the target user.
</para>
<para>
You can use the <option>--</option> argument to separate
<command>su</command> options from the arguments supplied to the shell.
</para>
<para>The user will be prompted for a password, if appropriate. Invalid
passwords will produce an error message. All attempts, both valid and
invalid, are logged to detect abuse of the system.
</para>
<para>
The current environment is passed to the new shell. The value of
<envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename>
for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename>
for the superuser. This may be changed with the
<emphasis>ENV_PATH</emphasis> and <emphasis>ENV_SUPATH</emphasis>
definitions in <filename>/etc/login.defs</filename>.
</para>
<para>
A subsystem login is indicated by the presence of a "*" as the first
character of the login shell. The given home directory will be used as
the root of a new file system which the user is actually logged into.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>The options which apply to the <command>su</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-c</option>, <option>--command</option>
<replaceable>COMMAND</replaceable>
</term>
<listitem>
<para>
Specify a command that will be invoked by the shell using its
<option>-c</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-</option>, <option>-l</option>, <option>--login</option>
</term>
<listitem>
<para>
Provide an environment similar to what the user would expect had
the user logged in directly.
</para>
<para>
When <option>-</option> is used, it must be specified as the last
<command>su</command> option.
The other forms (<option>-l</option> and <option>--login</option>)
do not have this restriction.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>The shell that will be invoked.</para>
<para>
The invoked shell is chosen from (highest priority first):
<itemizedlist>
<listitem>
<para>The shell specified with --shell.</para>
</listitem>
<listitem>
<para>
If <option>--preserve-environment</option> is used, the
shell specified by the <envar>$SHELL</envar> environment
variable.
</para>
</listitem>
<listitem>
<para>
The shell indicated in the <filename>/etc/passwd</filename>
entry for the target user.
</para>
</listitem>
<listitem>
<para>
<filename>/bin/sh</filename> if a shell could not be
found by any above method.
</para>
</listitem>
</itemizedlist>
</para>
<para>
If the target user has a restricted shell (i.e. the shell field of
this user's entry in <filename>/etc/passwd</filename> is not
listed in <filename>/etc/shell</filename>), then the
<option>--shell</option> option or the <envar>$SHELL</envar>
environment variable won't be taken into account, unless
<command>su</command> is called by root.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>-p</option>,
<option>--preserve-environment</option>
</term>
<listitem>
<para>Preserve the current environment.</para>
<para>
If the target user has a restricted shell, this option has no
effect (unless <command>su</command> is called by root).
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This version of <command>su</command> has many compilation options,
only some of which may be in use at any particular site.
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&CONSOLE;
&CONSOLE_GROUPS;
&DEFAULT_HOME;
<phrase condition="no_pam">&ENV_HZ;</phrase>
&ENVIRON_FILE;
&ENV_PATH;
&ENV_SUPATH;
&ENV_TZ;
<phrase condition="no_pam">&LOGIN_STRING;</phrase>
&MAIL_CHECK_ENAB;
<phrase condition="no_pam">&MAIL_DIR;</phrase>
&QUOTAS_ENAB;
&SULOG_FILE;
&SU_NAME;
&SU_WHEEL_ONLY;
&SYSLOG_SU_ENAB;
<phrase condition="no_pam">&USERGROUPS_ENAB;</phrase>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>User account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>Secure user account information.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sg</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>