Linux "su" Command Line Options and Examples
change user ID or become superuser
The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser. The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly.
su [options] [username]
Command Line Options:
Specify a command that will be invoked by the shell using its -c.The executed command will have no controlling terminal. This option cannot be used to execute interactiveprograms which need a controlling TTY.
su -c ...
Provide an environment similar to what the user would expect had the user logged in directly.When - is used, it must be specified before any username. For portability it is recommended to use it aslast option, before any username. The other forms (-l and --login) do not have this restriction.
su - ...
The shell that will be invoked.The invoked shell is chosen from (highest priority first):The shell specified with --shell.If --preserve-environment is used, the shell specified by the $SHELL environment variable.The shell indicated in the /etc/passwd entry for the target user./bin/sh if a shell could not be found by any above method.If the target user has a restricted shell (i.e. the shell field of this user's entry in /etc/passwd is notlisted in /etc/shells), then the --shell option or the $SHELL environment variable won't be taken intoaccount, unless su is called by root.
su -s ...
Preserve the current environment, except for:$PATHreset according to the /etc/login.defs options ENV_PATH or ENV_SUPATH (see below);$IFSreset to “<space><tab><newline>”, if it was set.If the target user has a restricted shell, this option has no effect (unless su is called by root).Note that the default behavior for the environment is the following:The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment variables are reset.If --login is not used, the environment is copied, except for the variables above.If --login is used, the $TERM, $COLORTERM, $DISPLAY, and $XAUTHORITY environment variables are copiedif they were set.Other environments might be set by PAM modules.CAVEATSThis version of su has many compilation options, only some of which may be in use at any particular site.CONFIGURATIONThe following configuration variables in /etc/login.defs change the behavior of this tool:CONSOLE_GROUPS (string)List of groups to add to the user's supplementary groups set when logging in on the console (as determinedby the CONSOLE setting). Default is none.Use with caution - it is possible for users to gain permanent access to these groups, even when not loggedin on the console.DEFAULT_HOME (boolean)Indicate if login is allowed if we can't cd to the home directory. Default is no.If set to yes, the user will login in the root (/) directory if it is not possible to cd to her homedirectory.ENV_PATH (string)If set, it will be used to define the PATH environment variable when a regular user login. The value is acolon separated list of paths (for example /bin:/usr/bin) and can be preceded by PATH=. The default valueis PATH=/bin:/usr/bin.ENV_SUPATH (string)If set, it will be used to define the PATH environment variable when the superuser login. The value is acolon separated list of paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be preceded by PATH=.The default value is PATH=/sbin:/bin:/usr/sbin:/usr/bin.SULOG_FILE (string)If defined, all su activity is logged to this file.SU_NAME (string)If defined, the command name to display when running "su -". For example, if this is defined as "su" thena "ps" will display the command is "-su". If not defined, then "ps" would display the name of the shellactually being run, e.g. something like "-sh".SYSLOG_SU_ENAB (boolean)Enable "syslog" logging of su activity - in addition to sulog file logging.FILES/etc/passwdUser account information./etc/shadowSecure user account information./etc/login.defsShadow password suite configuration.EXIT VALUESOn success, su returns the exit value of the command it executed.If this command was terminated by a signal, su returns the number of this signal plus 128.If su has to kill the command (because it was asked to terminate, and the command did not terminate in time),su returns 255.Some exit values from su are independent from the executed command:0success (--help only)1System or authentication failure126The requested command was not found127The requested command could not be executed
su -m ...