World Library  
Flag as Inappropriate
Email this Article

Su (Unix)

Article Id: WHEBN0000459280
Reproduction Date:

Title: Su (Unix)  
Author: World Heritage Encyclopedia
Language: English
Subject: Passwd, Linux security software, SU, Runas, Comparison of privilege authorization features
Collection: System Administration, Unix User Management and Support-Related Utilities
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Su (Unix)

The Unix command su, derived from set user , is used by a computer user to execute a command with the privileges of another user account. When executed it invokes a shell without changing the current working directory or the user environment.

When the command is used without specifying the new user id as a command line argument, it defaults to using the superuser account (user id 0) of the system.

Contents

  • History 1
  • Usage 2
  • See also 3
  • References 4
  • External links 5

History

The command su, including the Unix permissions system and the setuid system call, was part of Version 1 Unix. Encrypted passwords appeared in Version 3.[1]

Usage

When run from the command line, su asks for the target user's password, and if authenticated, grants the operator access to that account and the files and directories that account is permitted to access.

john@localhost:~$ su jane
Password:
jane@localhost:/home/john$ exit
logout
john@localhost:~$ 

When used with a hyphen (su -) it can be used to start a login shell. In this mode users can assume the user environment of the target user:

john@localhost:~$ su - jane
Password:
jane@localhost:~$

The command sudo is related, and executes a command as another user but observes a set of constraints about which users can execute which commands as which other users (generally in a configuration file named /etc/sudoers, best editable by the command visudo). Unlike su, sudo authenticates users against their own password rather than that of the target user (to allow the delegation of specific commands to specific users on specific hosts without sharing passwords among them and while mitigating the risk of any unattended terminals).

Some Unix-like systems have a wheel group of users, and only allow these users to su to root.[2] This may or may not mitigate these security concerns, since an intruder might first simply break into one of those accounts. GNU su, however, does not support a wheel group for philosophical reasons. Richard Stallman argues that because a wheel group would prevent users from utilizing root passwords leaked to them, the group would allow existing admins to ride roughshod over ordinary users.[3]

See also

References

  1. ^  
  2. ^ Levi, Bozidar (2002). UNIX Administration: A Comprehensive Sourcebook for Effective Systems and Network Management. CRC Press. p. 207.  
  3. ^ "Why GNU su does not support the wheel group". 

External links

  • su — manual pages from GNU coreutils.
  •  – Linux User Commands Manual
  •  – FreeBSD General Commands Manual
  •  – Solaris 10 System Administration Commands Reference Manual
  • The su command — by The Linux Information Project (LINFO)
  • Definition of su — dictionary.die.net
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.