head 1.55; access; symbols netbsd-11-0-RC4:1.55 netbsd-11-0-RC3:1.55 netbsd-11-0-RC2:1.55 netbsd-11-0-RC1:1.55 perseant-exfatfs-base-20250801:1.55 netbsd-11:1.55.0.4 netbsd-11-base:1.55 netbsd-10-1-RELEASE:1.54 perseant-exfatfs-base-20240630:1.55 perseant-exfatfs:1.55.0.2 perseant-exfatfs-base:1.55 netbsd-8-3-RELEASE:1.52 netbsd-9-4-RELEASE:1.52.12.1 netbsd-10-0-RELEASE:1.54 netbsd-10-0-RC6:1.54 netbsd-10-0-RC5:1.54 netbsd-10-0-RC4:1.54 netbsd-10-0-RC3:1.54 netbsd-10-0-RC2:1.54 netbsd-10-0-RC1:1.54 netbsd-10:1.54.0.8 netbsd-10-base:1.54 netbsd-9-3-RELEASE:1.52.12.1 cjep_sun2x-base1:1.54 cjep_sun2x:1.54.0.6 cjep_sun2x-base:1.54 cjep_staticlib_x-base1:1.54 netbsd-9-2-RELEASE:1.52.12.1 cjep_staticlib_x:1.54.0.4 cjep_staticlib_x-base:1.54 netbsd-9-1-RELEASE:1.52.12.1 phil-wifi-20200421:1.54 phil-wifi-20200411:1.54 is-mlppp:1.54.0.2 is-mlppp-base:1.54 phil-wifi-20200406:1.54 netbsd-8-2-RELEASE:1.52 netbsd-9-0-RELEASE:1.52.12.1 netbsd-9-0-RC2:1.52.12.1 netbsd-9-0-RC1:1.52.12.1 phil-wifi-20191119:1.54 netbsd-9:1.52.0.12 netbsd-9-base:1.52 phil-wifi-20190609:1.52 netbsd-8-1-RELEASE:1.52 netbsd-8-1-RC1:1.52 pgoyette-compat-merge-20190127:1.52 pgoyette-compat-20190127:1.52 pgoyette-compat-20190118:1.52 pgoyette-compat-1226:1.52 pgoyette-compat-1126:1.52 pgoyette-compat-1020:1.52 pgoyette-compat-0930:1.52 pgoyette-compat-0906:1.52 netbsd-7-2-RELEASE:1.50 pgoyette-compat-0728:1.52 netbsd-8-0-RELEASE:1.52 phil-wifi:1.52.0.10 phil-wifi-base:1.52 pgoyette-compat-0625:1.52 netbsd-8-0-RC2:1.52 pgoyette-compat-0521:1.52 pgoyette-compat-0502:1.52 pgoyette-compat-0422:1.52 netbsd-8-0-RC1:1.52 pgoyette-compat-0415:1.52 pgoyette-compat-0407:1.52 pgoyette-compat-0330:1.52 pgoyette-compat-0322:1.52 pgoyette-compat-0315:1.52 netbsd-7-1-2-RELEASE:1.50 pgoyette-compat:1.52.0.8 pgoyette-compat-base:1.52 netbsd-7-1-1-RELEASE:1.50 matt-nb8-mediatek:1.52.0.6 matt-nb8-mediatek-base:1.52 perseant-stdc-iso10646:1.52.0.4 perseant-stdc-iso10646-base:1.52 netbsd-8:1.52.0.2 netbsd-8-base:1.52 prg-localcount2-base3:1.52 prg-localcount2-base2:1.51 prg-localcount2-base1:1.51 prg-localcount2:1.51.0.6 prg-localcount2-base:1.51 pgoyette-localcount-20170426:1.51 bouyer-socketcan-base1:1.51 pgoyette-localcount-20170320:1.51 netbsd-7-1:1.50.0.14 netbsd-7-1-RELEASE:1.50 netbsd-7-1-RC2:1.50 netbsd-7-nhusb-base-20170116:1.50 bouyer-socketcan:1.51.0.4 bouyer-socketcan-base:1.51 pgoyette-localcount-20170107:1.51 netbsd-7-1-RC1:1.50 pgoyette-localcount-20161104:1.51 netbsd-7-0-2-RELEASE:1.50 localcount-20160914:1.51 netbsd-7-nhusb:1.50.0.12 netbsd-7-nhusb-base:1.50 pgoyette-localcount-20160806:1.51 pgoyette-localcount-20160726:1.51 pgoyette-localcount:1.51.0.2 pgoyette-localcount-base:1.51 netbsd-7-0-1-RELEASE:1.50 netbsd-7-0:1.50.0.10 netbsd-7-0-RELEASE:1.50 netbsd-7-0-RC3:1.50 netbsd-7-0-RC2:1.50 netbsd-7-0-RC1:1.50 netbsd-5-2-3-RELEASE:1.48 netbsd-5-1-5-RELEASE:1.48 netbsd-6-0-6-RELEASE:1.49 netbsd-6-1-5-RELEASE:1.49 netbsd-7:1.50.0.8 netbsd-7-base:1.50 yamt-pagecache-base9:1.50 yamt-pagecache-tag8:1.49.6.1 netbsd-6-1-4-RELEASE:1.49 netbsd-6-0-5-RELEASE:1.49 tls-earlyentropy:1.50.0.6 tls-earlyentropy-base:1.50 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.50 riastradh-drm2-base3:1.50 netbsd-6-1-3-RELEASE:1.49 netbsd-6-0-4-RELEASE:1.49 netbsd-5-2-2-RELEASE:1.48 netbsd-5-1-4-RELEASE:1.48 netbsd-6-1-2-RELEASE:1.49 netbsd-6-0-3-RELEASE:1.49 netbsd-5-2-1-RELEASE:1.48 netbsd-5-1-3-RELEASE:1.48 netbsd-6-1-1-RELEASE:1.49 riastradh-drm2-base2:1.50 riastradh-drm2-base1:1.50 riastradh-drm2:1.50.0.2 riastradh-drm2-base:1.50 netbsd-6-1:1.49.0.16 netbsd-6-0-2-RELEASE:1.49 netbsd-6-1-RELEASE:1.49 netbsd-6-1-RC4:1.49 netbsd-6-1-RC3:1.49 agc-symver:1.50.0.4 agc-symver-base:1.50 netbsd-6-1-RC2:1.49 netbsd-6-1-RC1:1.49 yamt-pagecache-base8:1.50 netbsd-5-2:1.48.0.24 netbsd-6-0-1-RELEASE:1.49 yamt-pagecache-base7:1.50 netbsd-5-2-RELEASE:1.48 netbsd-5-2-RC1:1.48 matt-nb6-plus-nbase:1.49 yamt-pagecache-base6:1.49 netbsd-6-0:1.49.0.14 netbsd-6-0-RELEASE:1.49 netbsd-6-0-RC2:1.49 tls-maxphys:1.49.0.12 tls-maxphys-base:1.50 matt-nb6-plus:1.49.0.10 matt-nb6-plus-base:1.49 netbsd-6-0-RC1:1.49 yamt-pagecache-base5:1.49 yamt-pagecache-base4:1.49 netbsd-6:1.49.0.8 netbsd-6-base:1.49 netbsd-5-1-2-RELEASE:1.48 netbsd-5-1-1-RELEASE:1.48 yamt-pagecache-base3:1.49 yamt-pagecache-base2:1.49 yamt-pagecache:1.49.0.6 yamt-pagecache-base:1.49 cherry-xenmp:1.49.0.4 cherry-xenmp-base:1.49 bouyer-quota2-nbase:1.49 bouyer-quota2:1.49.0.2 bouyer-quota2-base:1.49 matt-mips64-premerge-20101231:1.49 matt-nb5-mips64-premerge-20101231:1.48 matt-nb5-pq3:1.48.0.22 matt-nb5-pq3-base:1.48 netbsd-5-1:1.48.0.20 netbsd-5-1-RELEASE:1.48 netbsd-5-1-RC4:1.48 matt-nb5-mips64-k15:1.48 netbsd-5-1-RC3:1.48 netbsd-5-1-RC2:1.48 netbsd-5-1-RC1:1.48 netbsd-5-0-2-RELEASE:1.48 matt-nb5-mips64-premerge-20091211:1.48 matt-premerge-20091211:1.49 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.48 matt-nb4-mips64-k7-u2a-k9b:1.48 matt-nb5-mips64-u1-k1-k5:1.48 matt-nb5-mips64:1.48.0.18 netbsd-5-0-1-RELEASE:1.48 jym-xensuspend-nbase:1.48 netbsd-5-0:1.48.0.16 netbsd-5-0-RELEASE:1.48 netbsd-5-0-RC4:1.48 netbsd-5-0-RC3:1.48 netbsd-5-0-RC2:1.48 jym-xensuspend:1.48.0.14 jym-xensuspend-base:1.48 netbsd-5-0-RC1:1.48 netbsd-5:1.48.0.12 netbsd-5-base:1.48 matt-mips64-base2:1.48 matt-mips64:1.45.0.16 mjf-devfs2:1.48.0.10 mjf-devfs2-base:1.48 netbsd-4-0-1-RELEASE:1.45 wrstuden-revivesa-base-3:1.48 wrstuden-revivesa-base-2:1.48 wrstuden-fixsa-newbase:1.45 wrstuden-revivesa-base-1:1.48 yamt-pf42-base4:1.48 yamt-pf42-base3:1.48 hpcarm-cleanup-nbase:1.48 yamt-pf42-baseX:1.48 yamt-pf42-base2:1.48 wrstuden-revivesa:1.48.0.8 wrstuden-revivesa-base:1.48 yamt-pf42:1.48.0.6 yamt-pf42-base:1.48 keiichi-mipv6-nbase:1.48 keiichi-mipv6:1.48.0.4 keiichi-mipv6-base:1.48 matt-armv6-nbase:1.48 matt-armv6-prevmlocking:1.45.12.1 wrstuden-fixsa-base-1:1.45 netbsd-4-0:1.45.0.14 netbsd-4-0-RELEASE:1.45 cube-autoconf:1.48.0.2 cube-autoconf-base:1.48 netbsd-4-0-RC5:1.45 netbsd-4-0-RC4:1.45 netbsd-4-0-RC3:1.45 netbsd-4-0-RC2:1.45 netbsd-4-0-RC1:1.45 matt-armv6:1.45.0.12 matt-armv6-base:1.48 matt-mips64-base:1.45 hpcarm-cleanup:1.45.0.10 hpcarm-cleanup-base:1.48 netbsd-3-1-1-RELEASE:1.40.2.2 netbsd-3-0-3-RELEASE:1.40.2.1 wrstuden-fixsa:1.45.0.8 wrstuden-fixsa-base:1.45 abandoned-netbsd-4-base:1.45 abandoned-netbsd-4:1.45.0.4 netbsd-3-1:1.40.2.2.0.2 netbsd-3-1-RELEASE:1.40.2.2 netbsd-3-0-2-RELEASE:1.40.2.1 netbsd-3-1-RC4:1.40.2.2 netbsd-3-1-RC3:1.40.2.2 netbsd-3-1-RC2:1.40.2.2 netbsd-3-1-RC1:1.40.2.2 netbsd-4:1.45.0.6 netbsd-4-base:1.45 chap-midi-nbase:1.45 netbsd-3-0-1-RELEASE:1.40.2.1 chap-midi:1.45.0.2 chap-midi-base:1.45 netbsd-3-0:1.40.2.1.0.2 netbsd-3-0-RELEASE:1.40.2.1 netbsd-3-0-RC6:1.40.2.1 netbsd-3-0-RC5:1.40.2.1 netbsd-3-0-RC4:1.40.2.1 netbsd-3-0-RC3:1.40.2.1 netbsd-3-0-RC2:1.40.2.1 netbsd-3-0-RC1:1.40.2.1 netbsd-2-0-3-RELEASE:1.36.2.2 netbsd-2-1:1.36.2.1.2.1.0.2 netbsd-2-1-RELEASE:1.36.2.1.2.1 netbsd-2-1-RC6:1.36.2.1.2.1 netbsd-2-1-RC5:1.36.2.1.2.1 netbsd-2-1-RC4:1.36.2.1.2.1 netbsd-2-1-RC3:1.36.2.1.2.1 netbsd-2-1-RC2:1.36.2.1.2.1 netbsd-2-1-RC1:1.36.2.1.2.1 netbsd-2-0-2-RELEASE:1.36.2.1 netbsd-3:1.40.0.2 netbsd-3-base:1.40 netbsd-2-0-1-RELEASE:1.36.2.1 netbsd-2:1.36.2.1.0.2 netbsd-2-base:1.36.2.1 netbsd-2-0-RELEASE:1.36.2.1 netbsd-2-0-RC5:1.36.2.1 netbsd-2-0-RC4:1.36.2.1 netbsd-2-0-RC3:1.36.2.1 netbsd-2-0-RC2:1.36.2.1 netbsd-2-0-RC1:1.36.2.1 netbsd-2-0:1.36.0.2 netbsd-2-0-base:1.36 netbsd-1-6-PATCH002-RELEASE:1.23 netbsd-1-6-PATCH002:1.23 netbsd-1-6-PATCH002-RC4:1.23 netbsd-1-6-PATCH002-RC3:1.23 netbsd-1-6-PATCH002-RC2:1.23 netbsd-1-6-PATCH002-RC1:1.23 netbsd-1-6-PATCH001:1.23 netbsd-1-6-PATCH001-RELEASE:1.23 netbsd-1-6-PATCH001-RC3:1.23 netbsd-1-6-PATCH001-RC2:1.23 netbsd-1-6-PATCH001-RC1:1.23 fvdl_fs64_base:1.25 netbsd-1-6-RELEASE:1.23 netbsd-1-6-RC3:1.23 netbsd-1-6-RC2:1.23 netbsd-1-6-RC1:1.23 netbsd-1-6:1.23.0.2 netbsd-1-6-base:1.23 netbsd-1-5-PATCH003:1.19.4.1 netbsd-1-5-PATCH002:1.19.4.1 netbsd-1-5-PATCH001:1.19.4.1 netbsd-1-5-RELEASE:1.19 netbsd-1-5-BETA2:1.19 netbsd-1-5-BETA:1.19 netbsd-1-4-PATCH003:1.14.4.2 netbsd-1-5-ALPHA2:1.19 netbsd-1-5:1.19.0.4 netbsd-1-5-base:1.19 minoura-xpg4dl-base:1.19 minoura-xpg4dl:1.19.0.2 netbsd-1-4-PATCH002:1.14.4.2 wrstuden-devbsize-19991221:1.16 wrstuden-devbsize:1.15.0.2 wrstuden-devbsize-base:1.16 comdex-fall-1999:1.16.0.2 comdex-fall-1999-base:1.16 netbsd-1-4-PATCH001:1.14 netbsd-1-4-RELEASE:1.14 netbsd-1-4:1.14.0.4 netbsd-1-4-base:1.14 netbsd-1-3-PATCH003:1.14 netbsd-1-3-PATCH003-CANDIDATE2:1.14 netbsd-1-3-PATCH003-CANDIDATE1:1.14 netbsd-1-3-PATCH003-CANDIDATE0:1.14 netbsd-1-3-PATCH002:1.14 netbsd-1-3-PATCH001:1.14 netbsd-1-3-RELEASE:1.14 netbsd-1-3-BETA:1.14 netbsd-1-3:1.14.0.2 netbsd-1-3-base:1.14 netbsd-1-2-PATCH001:1.7 lite-2:1.1.1.2 netbsd-1-2-RELEASE:1.7 netbsd-1-2-BETA:1.7 netbsd-1-2:1.7.0.6 netbsd-1-2-base:1.7 netbsd-1-1-PATCH001:1.7 netbsd-1-1-RELEASE:1.7 netbsd-1-1:1.7.0.2 netbsd-1-1-base:1.7 lite-1:1.1.1.2 CSRG:1.1.1 netbsd-1-0-PATCH06:1.6 netbsd-1-0-PATCH05:1.6 netbsd-1-0-PATCH04:1.6 netbsd-1-0-PATCH03:1.6 netbsd-1-0-PATCH02:1.6 netbsd-1-0-PATCH1:1.6 netbsd-1-0-PATCH0:1.6 netbsd-1-0-RELEASE:1.6 netbsd-1-0:1.6.0.2 netbsd-1-0-base:1.6 netbsd-0-9-RELEASE:1.1.1.1 netbsd-0-9-BETA:1.1.1.1 netbsd-0-9-ALPHA2:1.1.1.1 netbsd-0-9-ALPHA:1.1.1.1 netbsd-0-9:1.1.1.1.0.2 netbsd-0-9-base:1.1.1.1 netbsd-0-8:1.1.1.1 netbsd-alpha-1:1.1.1.1 patchkit-0-2-2:1.1.1.1 WFJ-386bsd-01:1.1.1.1 WFJ-920714:1.1.1; locks; strict; comment @.\" @; 1.55 date 2023.03.24.14.34.17; author kre; state Exp; branches; next 1.54; commitid KPOtTVUfPCFdXniE; 1.54 date 2019.09.01.19.12.16; author wiz; state Exp; branches; next 1.53; commitid bCPJZt41dZE5ilBB; 1.53 date 2019.09.01.18.37.44; author sevan; state Exp; branches; next 1.52; commitid JUFDc3KpZrc86lBB; 1.52 date 2017.05.18.16.33.57; author abhinav; state Exp; branches 1.52.10.1 1.52.12.1; next 1.51; commitid oJi3gJfMfaABhTRz; 1.51 date 2014.09.19.16.02.58; author wiz; state Exp; branches 1.51.6.1; next 1.50; commitid 2xdNxJviEv8ZlYQx; 1.50 date 2012.11.21.19.30.53; author pgoyette; state Exp; branches; next 1.49; 1.49 date 2009.05.18.09.37.44; author wiz; state Exp; branches 1.49.6.1 1.49.12.1; next 1.48; 1.48 date 2007.10.27.18.43.37; author christos; state Exp; branches; next 1.47; 1.47 date 2007.10.27.18.42.42; author christos; state Exp; branches; next 1.46; 1.46 date 2007.10.17.21.05.39; author christos; state Exp; branches; next 1.45; 1.45 date 2005.12.15.05.26.36; author hubertf; state Exp; branches 1.45.12.1; next 1.44; 1.44 date 2005.07.05.20.15.13; author kleink; state Exp; branches; next 1.43; 1.43 date 2005.06.19.17.34.03; author wiz; state Exp; branches; next 1.42; 1.42 date 2005.06.19.17.26.30; author wiz; state Exp; branches; next 1.41; 1.41 date 2005.04.05.18.46.33; author christos; state Exp; branches; next 1.40; 1.40 date 2005.02.28.02.30.54; author christos; state Exp; branches 1.40.2.1; next 1.39; 1.39 date 2005.02.01.22.54.33; author christos; state Exp; branches; next 1.38; 1.38 date 2004.04.27.10.26.22; author kleink; state Exp; branches; next 1.37; 1.37 date 2004.04.27.10.12.51; author cjep; state Exp; branches; next 1.36; 1.36 date 2003.09.17.05.34.15; author atatat; state Exp; branches 1.36.2.1; next 1.35; 1.35 date 2003.08.23.22.31.24; author wiz; state Exp; branches; next 1.34; 1.34 date 2003.08.20.14.11.17; author christos; state Exp; branches; next 1.33; 1.33 date 2003.08.07.11.15.56; author agc; state Exp; branches; next 1.32; 1.32 date 2003.04.27.11.09.29; author wiz; state Exp; branches; next 1.31; 1.31 date 2003.04.27.08.46.25; author jmmv; state Exp; branches; next 1.30; 1.30 date 2003.04.24.12.19.06; author wiz; state Exp; branches; next 1.29; 1.29 date 2003.04.20.20.13.20; author christos; state Exp; branches; next 1.28; 1.28 date 2003.02.25.10.35.56; author wiz; state Exp; branches; next 1.27; 1.27 date 2003.02.21.11.17.50; author jmmv; state Exp; branches; next 1.26; 1.26 date 2003.01.19.19.15.38; author jmmv; state Exp; branches; next 1.25; 1.25 date 2002.10.13.00.55.17; author wiz; state Exp; branches; next 1.24; 1.24 date 2002.10.05.14.07.04; author hubertf; state Exp; branches; next 1.23; 1.23 date 2001.12.08.19.17.03; author wiz; state Exp; branches; next 1.22; 1.22 date 2001.04.04.09.44.35; author wiz; state Exp; branches; next 1.21; 1.21 date 2001.03.08.02.59.25; author fair; state Exp; branches; next 1.20; 1.20 date 2001.01.10.21.33.13; author sjg; state Exp; branches; next 1.19; 1.19 date 2000.05.10.19.04.36; author jdolecek; state Exp; branches 1.19.4.1; next 1.18; 1.18 date 2000.02.11.00.30.07; author abs; state Exp; branches; next 1.17; 1.17 date 2000.01.14.02.39.14; author mjl; state Exp; branches; next 1.16; 1.16 date 99.09.27.19.41.33; author mjl; state Exp; branches; next 1.15; 1.15 date 99.05.02.18.35.30; author kleink; state Exp; branches 1.15.2.1; next 1.14; 1.14 date 97.10.19.23.31.52; author lukem; state Exp; branches 1.14.4.1; next 1.13; 1.13 date 97.07.02.05.42.12; author lukem; state Exp; branches; next 1.12; 1.12 date 97.06.27.17.01.53; author lukem; state Exp; branches; next 1.11; 1.11 date 97.03.08.14.21.16; author mouse; state Exp; branches; next 1.10; 1.10 date 97.01.31.23.12.17; author ghudson; state Exp; branches; next 1.9; 1.9 date 97.01.20.07.14.35; author cjs; state Exp; branches; next 1.8; 1.8 date 97.01.09.11.43.06; author tls; state Exp; branches; next 1.7; 1.7 date 94.09.05.00.27.10; author mycroft; state Exp; branches; next 1.6; 1.6 date 94.05.24.06.52.19; author deraadt; state Exp; branches; next 1.5; 1.5 date 94.01.11.18.38.03; author jtc; state Exp; branches; next 1.4; 1.4 date 93.08.01.07.28.22; author mycroft; state Exp; branches; next 1.3; 1.3 date 93.07.28.20.22.53; author jtc; state Exp; branches; next 1.2; 1.2 date 93.07.28.17.53.26; author jtc; state Exp; branches; next 1.1; 1.1 date 93.03.21.09.45.37; author cgd; state Exp; branches 1.1.1.1; next ; 1.52.10.1 date 2020.04.13.08.05.48; author martin; state Exp; branches; next ; commitid X01YhRUPVUDaec4C; 1.52.12.1 date 2019.09.05.08.19.41; author martin; state Exp; branches; next ; commitid t4bPHIBvxA0fyNBB; 1.51.6.1 date 2017.05.19.00.23.00; author pgoyette; state Exp; branches; next ; commitid QNTxgGjVagwoSVRz; 1.49.6.1 date 2013.01.16.05.34.08; author yamt; state Exp; branches; next ; 1.49.12.1 date 2013.02.25.00.30.39; author tls; state Exp; branches; next ; 1.45.12.1 date 2007.11.06.23.36.15; author matt; state Exp; branches; next ; 1.40.2.1 date 2005.07.09.23.03.17; author tron; state Exp; branches; next 1.40.2.2; 1.40.2.2 date 2005.12.29.16.17.47; author riz; state Exp; branches; next ; 1.36.2.1 date 2004.04.29.04.13.18; author jmc; state Exp; branches 1.36.2.1.2.1; next 1.36.2.2; 1.36.2.2 date 2005.07.18.03.45.41; author riz; state Exp; branches; next ; 1.36.2.1.2.1 date 2005.07.18.03.36.17; author riz; state Exp; branches; next ; 1.19.4.1 date 2001.04.26.08.51.06; author he; state Exp; branches; next ; 1.15.2.1 date 99.12.27.18.37.11; author wrstuden; state Exp; branches; next ; 1.14.4.1 date 2000.01.08.18.35.58; author he; state Exp; branches; next 1.14.4.2; 1.14.4.2 date 2000.02.18.19.31.12; author he; state Exp; branches; next ; 1.1.1.1 date 93.03.21.09.45.37; author cgd; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 94.12.10.12.10.03; author jtc; state Exp; branches; next ; desc @@ 1.55 log @ PR misc/57287 from Nan Xiao While it has always been assumed that everyone "just knew" that a simple "su' meant "su root" perhaps the man page really should make that explicit. Do that (using slightly different wording than suggested in the PR). @ text @.\" Copyright (c) 1988, 1990, 1993, 1994 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" from: @@(#)su.1 8.2 (Berkeley) 4/18/94 .\" $NetBSD: su.1,v 1.54 2019/09/01 19:12:16 wiz Exp $ .\" .Dd September 1, 2019 .Dt SU 1 .Os .Sh NAME .Nm su .Nd substitute user identity .Sh SYNOPSIS .Nm .Op Fl dfKlm .Op Fl c Ar login-class .Oo .Ar login Ns Op : Ns Ar group .Op Ar "shell arguments" .Oc .Nm .Op Fl dfKlm .Op Fl c Ar login-class .Oo : Ns Ar group .Op Ar "shell arguments" .Oc .Sh DESCRIPTION .Nm allows one user to become another user .Ar login without logging out and in as the new user. If a .Ar group is specified and .Ar login is a member of .Ar group , then the group is changed to .Ar group rather than to .Ar login Ns 's primary group. If .Ar login is omitted and .Ar group is provided (form two above), then .Ar login is assumed to be the current username. If neither .Ar login nor .Ar group is provided, .Dq root is used for .Ar login . .Pp When executed by a user, the .Ar login user's password is requested. When using Kerberos, the password for .Ar login (or for .Dq Ar login Ns .root , if no login is provided) is requested, and .Nm switches to that user and group ID after obtaining a Kerberos ticket granting ticket. A shell is then executed, and any additional .Ar "shell arguments" after the login name are passed to the shell. .Nm will resort to the local password file to find the password for .Ar login if there is a Kerberos error. If .Nm is executed by root, no password is requested and a shell with the appropriate user ID is executed; no additional Kerberos tickets are obtained. .Pp Alternatively, if the user enters the password "s/key", authentication will use the S/Key one-time password system as described in .Xr skey 1 . S/Key is a Trademark of Bellcore. .Pp By default, the environment is unmodified with the exception of .Ev LOGNAME , .Ev USER , .Ev HOME , .Ev SHELL , and .Ev SU_FROM . .Ev HOME and .Ev SHELL are set to the target login's default values. .Ev LOGNAME and .Ev USER are set to the target login, unless the target login has a user ID of 0, in which case they are unmodified. .Ev SU_FROM is set to the caller's login. The invoked shell is the target login's. With the exception of .Ev SU_FROM this is the traditional behavior of .Nm . .Pp The options are as follows: .Bl -tag -width Ds .It Fl c Specify a login class. You may only override the default class if you're already root. See .Xr login.conf 5 for details. .It Fl d Same as .Fl l , but does not change the current directory. .It Fl f If the invoked shell is .Xr csh 1 , this option prevents it from reading the .Dq Pa .cshrc file. If the invoked shell is .Xr sh 1 , or .Xr ksh 1 , this option unsets .Ev ENV , thus preventing the shell from executing the startup file pointed to by this variable. .It Fl K Do not attempt to use Kerberos to authenticate the user. .It Fl l Simulate a full login. The environment is discarded except for .Ev HOME , .Ev SHELL , .Ev PATH , .Ev TERM , .Ev LOGNAME , .Ev USER , and .Ev SU_FROM . .Ev HOME , .Ev SHELL , and .Ev SU_FROM are modified as above. .Ev LOGNAME and .Ev USER are set to the target login. .Ev PATH is set to the path specified in the .Pa /etc/login.conf file (or to the default of .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin ). .Ev TERM is imported from your current environment. The invoked shell is the target login's, and .Nm will change directory to the target login's home directory. The .Xr utmp 5 , .Xr wtmp 5 , and .Xr lastlog 5 databases are not updated. .It Fl Same as .Fl l . .It Fl m Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. As a security precaution, if the target user's shell is a non-standard shell (as defined by .Xr getusershell 3 ) and the caller's real uid is non-zero, .Nm will fail. .El .Pp The .Fl l and .Fl m options are mutually exclusive; the last one specified overrides any previous ones. .Pp Only users in group .Dq wheel (normally gid 0), as listed in .Pa /etc/group , can .Nm to .Dq root , unless group wheel does not exist or has no members. (If you do not want anybody to be able to .Nm to .Dq root , make .Dq root the only member of group .Dq wheel , which is the default.) .Pp For sites with very large user populations, group .Dq wheel can contain the names of other groups that will be considered authorized to .Nm to .Dq root . .Pp By default (unless the prompt is reset by a startup file) the super-user prompt is set to .Dq Sy \&# to remind one of its awesome power. .Sh CUSTOMIZATION .Bl -tag -width "" .It Changing required group For the .Xr pam 8 version of .Nm the name of the required group can be changed by setting .Ar gname in .Xr pam.conf 5 : .Bd -literal auth requisite pam_group.so no_warn group=gname root_only fail_safe .Ed .Pp For the non .Xr pam 8 version of .Nm the same can be achieved by compiling with .Dv SU_GROUP set to the desired group name. .It Supplying own password .Nm can be configured so that users in a particular group can supply their own password to become .Dq root . For the .Xr pam 8 version of .Nm this can be done by adding a line to .Xr pam.conf 5 such as: .Bd -literal auth sufficient pam_group.so no_warn group=gname root_only authenticate .Ed .Pp where .Ar gname is the name of the desired group. For the non .Xr pam 8 version of .Nm the same can be achieved by compiling with .Dv SU_ROOTAUTH set to the desired group name. .It Indirect groups This option is not available with the .Xr pam 8 version of .Nm . For the non .Xr pam 8 version of .Nm , if .Dv SU_INDIRECT_GROUP is defined, the .Ar SU_GROUP and .Ar SU_ROOTAUTH groups are treated as indirect groups. The group members of those two groups are treated as groups themselves. .El .Sh ENVIRONMENT Environment variables used by .Nm : .Bl -tag -width "HOME" .It Ev HOME Default home directory of real user ID unless modified as specified above. .It Ev LOGNAME The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). .It Ev PATH Default search path of real user ID unless modified as specified above. .It Ev TERM Provides terminal type which may be retained for the substituted user ID. .It Ev USER The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). .El .Sh EXIT STATUS .Nm returns the exit status of the executed subshell, or 1 if any error occurred while switching privileges. .Sh EXAMPLES To become user username and use the same environment as in original shell, execute: .Bd -literal -offset indent su username .Ed .Pp To become user username and use environment as if full login would be performed, execute: .Bd -literal -offset indent su -l username .Ed .Pp When a .Fl c option is included .Em after the .Ar login name it is not a .Nm option, because any arguments after the .Ar login are passed to the shell. (See .Xr csh 1 , .Xr ksh 1 or .Xr sh 1 for details.) To execute arbitrary command with privileges of user .Em username , execute: .Bd -literal -offset indent su username -c "command args" .Ed .Sh SEE ALSO .Xr csh 1 , .Xr kinit 1 , .Xr login 1 , .Xr sh 1 , .Xr skey 1 , .Xr setusercontext 3 , .Xr group 5 , .Xr login.conf 5 , .Xr passwd 5 , .Xr environ 7 , .Xr kerberos 8 .Sh HISTORY An .Nm utility appeared in .At v1 @ 1.54 log @Remove superfluous Ns. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.53 2019/09/01 18:37:44 sevan Exp $ d75 8 @ 1.53 log @su was in v1 https://www.bell-labs.com/usr/dmr/www/man13.pdf @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.52 2017/05/18 16:33:57 abhinav Exp $ d48 1 a48 2 .Oo .Ns : Ns Ar group @ 1.52 log @Correct the man page reference @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.51 2014/09/19 16:02:58 wiz Exp $ d31 1 a31 1 .Dd November 20, 2012 d388 1 a388 1 A d390 2 a391 3 command existed in .At v5 (and probably earlier). @ 1.52.10.1 log @Mostly merge changes from HEAD upto 20200411 @ text @d29 1 a29 1 .\" $NetBSD$ d31 1 a31 1 .Dd September 1, 2019 d48 2 a49 1 .Oo : Ns Ar group d388 1 a388 1 An d390 3 a392 2 utility appeared in .At v1 @ 1.52.12.1 log @Pull up following revision(s) (requested by sevan in ticket #174): lib/libc/sys/chmod.2: revision 1.48 lib/libc/sys/stat.2: revision 1.59 lib/libc/sys/unlink.2: revision 1.30 lib/libc/sys/lseek.2: revision 1.25 lib/libc/sys/getuid.2: revision 1.18 lib/libc/sys/chown.2: revision 1.37 lib/libm/man/exp.3: revision 1.32 lib/libm/man/log.3: revision 1.7 lib/libc/sys/open.2: revision 1.60 lib/libc/stdio/fopen.3: revision 1.36 lib/libc/stdio/putc.3: revision 1.14 lib/libc/sys/mount.2: revision 1.51 share/man/man9/copy.9: revision 1.22 share/man/man9/uiomove.9: revision 1.20 lib/libc/sys/setuid.2: revision 1.23 lib/libc/sys/close.2: revision 1.18 sbin/init/init.8: revision 1.61 lib/libc/sys/write.2: revision 1.36 lib/libc/sys/read.2: revision 1.39 sbin/init/init.8: revision 1.62 lib/libc/sys/wait.2: revision 1.40 usr.bin/tty/tty.1: revision 1.10 lib/libc/sys/link.2: revision 1.33 usr.bin/du/du.1: revision 1.24 lib/libc/stdlib/exit.3: revision 1.17 usr.bin/su/su.1: revision 1.53 usr.bin/mail/mail.1: revision 1.66 lib/libc/sys/fork.2: revision 1.25 usr.bin/su/su.1: revision 1.54 usr.bin/mail/mail.1: revision 1.67 lib/libm/man/sin.3: revision 1.15 share/man/man9/intro.9: revision 1.26 share/man/man5/utmp.5: revision 1.17 lib/libc/compat-43/creat.3: revision 1.17 lib/libc/time/ctime.3: revision 1.61 lib/libcompat/4.1/stty.3: revision 1.10 usr.bin/dc/dc.1: revision 1.3 lib/libm/man/cos.3: revision 1.17 lib/libc/sys/chdir.2: revision 1.23 lib/libc/gen/exec.3: revision 1.30 lib/libc/gen/exec.3: revision 1.31 games/bcd/bcd.6: revision 1.18 games/bcd/bcd.6: revision 1.19 usr.bin/write/write.1: revision 1.7 usr.bin/wc/wc.1: revision 1.18 usr.bin/pr/pr.1: revision 1.24 usr.bin/who/who.1: revision 1.25 lib/libc/sys/mkdir.2: revision 1.30 lib/libc/stdio/getc.3: revision 1.13 usr.bin/sort/sort.1: revision 1.40 usr.bin/mesg/mesg.1: revision 1.11 share/man/man5/passwd.5: revision 1.34 sort was there since v1 https://www.bell-labs.com/usr/dmr/www/man61.pdf dc was in v1 https://www.bell-labs.com/usr/dmr/www/man12.pdf du was in v1 https://www.bell-labs.com/usr/dmr/www/man12.pdf mail was in v1 https://www.bell-labs.com/usr/dmr/www/man12.pdf mesg was in v1 https://www.bell-labs.com/usr/dmr/www/man12.pdf Document history https://www.bell-labs.com/usr/dmr/www/man13.pdf su was in v1 https://www.bell-labs.com/usr/dmr/www/man13.pdf Document history https://www.bell-labs.com/usr/dmr/www/man13.pdf Document history https://www.bell-labs.com/usr/dmr/www/man14.pdf Update URL write was in v1 https://www.bell-labs.com/usr/dmr/www/man14.pdf grammar passwd(5) was in v1 https://www.bell-labs.com/usr/dmr/www/man51.pdf utmp(5) was present in v1 https://www.bell-labs.com/usr/dmr/www/man51.pdf Earliest version of wtmp I could find was in v3 https://minnie.tuhs.org/cgi-bin/utree.pl?file=V3/man/man5/wtmp.5 Document history of chdir(2) https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history of chmod(2) https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history of chown(2) https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history https://www.bell-labs.com/usr/dmr/www/man21.pdf create was present in v1 https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history of exec() Move statement on execlpe() & execvpe() to HISTORY section. Document history https://www.bell-labs.com/usr/dmr/www/man21.pdf fork was present in v1 https://www.bell-labs.com/usr/dmr/www/man21.pdf stat() was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf document history of fstat() https://www.bell-labs.com/usr/dmr/www/man21.pdf getuid was present in v1 https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history https://www.bell-labs.com/usr/dmr/www/man21.pdf Document history https://www.bell-labs.com/usr/dmr/www/man21.pdf stty & gtty were around since v1 https://www.bell-labs.com/usr/dmr/www/man21.pdf https://www.bell-labs.com/usr/dmr/www/man22.pdf mount & umount were present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf Open was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf read was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf seek was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf setuid was in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf unlink was presen in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf wait was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf write was present in v1 https://www.bell-labs.com/usr/dmr/www/man22.pdf start documenting history exp was present in v1 https://www.bell-labs.com/usr/dmr/www/man31.pdf Start documenting history https://www.bell-labs.com/usr/dmr/www/man31.pdf Start documenting history https://www.bell-labs.com/usr/dmr/www/man31.pdf log appeared in v1 https://www.bell-labs.com/usr/dmr/www/man31.pdf putc & putw were in v1 https://www.bell-labs.com/usr/dmr/www/man31.pdf putchar was in v4 https://minie.tuhs.org/cgi-bin/utree.pl?file=V4/man/man3/putchr.3 Start documenting history https://www.bell-labs.com/usr/dmr/www/man31.pdf Document history. https://www.bell-labs.com/usr/dmr/www/man11.pdf Between v1 & v6 UNIX, bcd was rewritten in C, but I don't know if which version, hence I've skipped mentioning it. End sentence with a dot. Remove superfluous Pp. Remove superfluous Pp. Remove superfluous Ns. Remove superfluous Pp. fetch(9) -> ufetch(9) fetch(9) -> ufetch(9). Remove superfluous Pp. fetch(9) -> ufetch(9). Remove reference to unimplemented ppi(9). @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.52 2017/05/18 16:33:57 abhinav Exp $ d31 1 a31 1 .Dd September 1, 2019 d48 2 a49 1 .Oo : Ns Ar group d388 1 a388 1 An d390 3 a392 2 utility appeared in .At v1 @ 1.51 log @Sort sections. From Henning Petersen in PR 49222. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.50 2012/11/21 19:30:53 pgoyette Exp $ d193 1 a193 1 .Xr lastlogin 5 @ 1.51.6.1 log @Resolve conflicts from previous merge (all resulting from $NetBSD keywork expansion) @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.52 2017/05/18 16:33:57 abhinav Exp $ d193 1 a193 1 .Xr lastlog 5 @ 1.50 log @Note that 'su -l' does not update utmp and related databases. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.49 2009/05/18 09:37:44 wiz Exp $ a314 4 .Sh EXIT STATUS .Nm returns the exit status of the executed subshell, or 1 if any error occurred while switching privileges. d336 4 @ 1.49 log @Sort options. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.48 2007/10/27 18:43:37 christos Exp $ d31 1 a31 1 .Dd October 27, 2007 d189 6 @ 1.49.12.1 log @resync with head @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.49 2009/05/18 09:37:44 wiz Exp $ d31 1 a31 1 .Dd November 20, 2012 a188 6 The .Xr utmp 5 , .Xr wtmp 5 , and .Xr lastlogin 5 databases are not updated. @ 1.49.6.1 log @sync with (a bit old) head @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.49 2009/05/18 09:37:44 wiz Exp $ d31 1 a31 1 .Dd November 20, 2012 a188 6 The .Xr utmp 5 , .Xr wtmp 5 , and .Xr lastlogin 5 databases are not updated. @ 1.48 log @bump date. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.47 2007/10/27 18:42:42 christos Exp $ d39 1 a39 1 .Op Fl Kdflm d46 1 a46 1 .Op Fl Kdflm a131 2 .It Fl K Do not attempt to use Kerberos to authenticate the user. d156 2 @ 1.47 log @uncomment the group handling documentation. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.45 2005/12/15 05:26:36 hubertf Exp $ d31 1 a31 1 .Dd December 15, 2005 @ 1.46 log @From Anon Ymous: - general cleanup [e-funcs, lint fixes, exit values, more error checking] - add the ability to change the primary group group as login:group, or :group *disabled*, until it is discussed. - remove krb4 code since there is no more krb4 code in the tree. - also make the old su behave like the pam su: su to the same user, does not ask for a password. - split out shared code into a separate file. @ text @d41 11 a51 14 .\" Delete me if yet .Op Ar login Op Ar "shell arguments" .\" Not yet .\" .Oo .\" .Ar login Ns Op : Ns Ar group .\" .Op Ar "shell arguments" .\" .Oc .\" .Nm .\" .Op Fl Kdflm .\" .Op Fl c Ar login-class .\" .Oo .\" .Ns : Ns Ar group .\" .Op Ar "shell arguments" .\" .Oc d58 18 a75 19 .\" Not yet .\" If a .\" .Ar group .\" is specified and .\" .Ar login .\" is a member of .\" .Ar group , .\" then the group is changed to .\" .Ar group .\" rather than to .\" .Ar login Ns 's .\" primary group. .\" If .\" .Ar login .\" is omitted and .\" .Ar group .\" is provided (form two above), then .\" .Ar login .\" is assumed to be the current username. @ 1.45 log @Give a general description what this command does before going into all the details. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.44 2005/07/05 20:15:13 kleink Exp $ d41 1 d43 12 d60 20 a79 1 the new user. d81 2 a82 2 When executed by a user, the .Ar login @ 1.45.12.1 log @sync with HEAD @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.48 2007/10/27 18:43:37 christos Exp $ d31 1 a31 1 .Dd October 27, 2007 d41 1 a41 11 .Oo .Ar login Ns Op : Ns Ar group .Op Ar "shell arguments" .Oc .Nm .Op Fl Kdflm .Op Fl c Ar login-class .Oo .Ns : Ns Ar group .Op Ar "shell arguments" .Oc d47 1 a47 19 the new user. If a .Ar group is specified and .Ar login is a member of .Ar group , then the group is changed to .Ar group rather than to .Ar login Ns 's primary group. If .Ar login is omitted and .Ar group is provided (form two above), then .Ar login is assumed to be the current username. d49 2 a50 2 When executed by a user, the .Ar login @ 1.44 log @Set LOGNAME in the new environment (in addition to USER); fixes PR bin/30670 from Pavel Cahyna. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.43 2005/06/19 17:34:03 wiz Exp $ d31 1 a31 1 .Dd July 5, 2005 d44 9 a52 1 requests the Kerberos password for d56 4 a59 2 if no login is provided), and switches to that user and group ID after obtaining a Kerberos ticket granting ticket. @ 1.43 log @Use groff macros instead of troff ones. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.42 2005/06/19 17:26:30 wiz Exp $ d31 1 a31 1 .Dd April 5, 2005 d69 1 d79 2 d82 2 a83 2 is set to the target login, unless the target login has a user ID of 0, in which case it is unmodified. d127 1 d136 2 d139 1 a139 1 is set to the target login. d282 4 @ 1.42 log @Drop trailing whitespace. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.41 2005/04/05 18:46:33 christos Exp $ d210 4 a213 5 .sp .nf auth requisite pam_group.so no_warn group=gname root_only fail_safe .fi .sp d233 4 a236 5 .sp .nf auth sufficient pam_group.so no_warn group=gname root_only authenticate .fi .sp @ 1.41 log @Update with pam descriptions. XXX: needs more work. 1. code needs to be added in pam_group.so to handle indirect groups and documented. 2. the indirect group description outside before the customization section does not work with pam, but could be made to work once [1] is implemented. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.40 2005/02/28 02:30:54 christos Exp $ d208 1 a208 1 in d231 1 a231 1 this can be done by adding a line to d258 1 a258 1 if @ 1.40 log @Fix unmatched .El warning. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.39 2005/02/01 22:54:33 christos Exp $ d31 1 a31 1 .Dd August 20, 2003 d199 62 a260 23 .Sh COMPILATION OPTIONS Several compilation time options are available that alter the program's behavior. These options are: .Bl -tag -width "SU_INDIRECT_GROUP" .It SU_GROUP If defined, it changes the default group that is allowed to become .Dq root from .Dq wheel to the specified string. .\" For pam this can be done by adding a line to /etc/pam.d/su such as: .\" auth requisite pam_group.so no_warn group=groupname root_only fail_safe .It SU_ROOTAUTH If defined, it specifies a group whose members are allowed to become .Dq root by supplying their own password instead of the .Dq root one. .\" For pam this can be done by adding a line to /etc/pam.d/su such as .\" auth sufficient pam_group.so no_warn group=rootauth root_only fail_safe authenticate .It SU_INDIRECT_GROUP If defined, the a265 1 .\" This option is not supported under pam. @ 1.40.2.1 log @Pull up revision 1.44 via patch (requested by kleink in ticket #551): Set LOGNAME in the new environment (in addition to USER); fixes PR bin/30670 from Pavel Cahyna. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.40 2005/02/28 02:30:54 christos Exp $ a68 1 .Ev LOGNAME , a77 2 .Ev LOGNAME and d79 2 a80 2 are set to the target login, unless the target login has a user ID of 0, in which case they are unmodified. a123 1 .Ev LOGNAME , a131 2 .Ev LOGNAME and d133 1 a133 1 are set to the target login. a239 4 .It Ev LOGNAME The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). @ 1.40.2.2 log @Pull up following revision(s) (requested by hubertf in ticket #1060): usr.bin/su/su.1: revision 1.45 via patch Give a general description what this command does before going into all the details. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.40.2.1 2005/07/09 23:03:17 tron Exp $ d31 1 a31 1 .Dd December 15, 2005 d44 1 a44 9 allows one user to become another user .Ar login without logging out and in as the new user. .Pp When executed by a user, the .Ar login user's password is requested. When using Kerberos, the password for d48 2 a49 4 if no login is provided) is requested, and .Nm switches to that user and group ID after obtaining a Kerberos ticket granting ticket. @ 1.39 log @Add commented out notes on how we support the special compilation options under pam. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.38 2004/04/27 10:26:22 kleink Exp $ d228 1 a232 1 .El @ 1.38 log @Remove a leftover line apparently from rev. 1.17; also from Juha Hyttinen in PR bin/25347. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.37 2004/04/27 10:12:51 cjep Exp $ d210 2 d218 2 d227 1 @ 1.37 log @Fix typo (SU_INDIRECT_GROOP -> SU_INDIRECT_GROUP). PR#25347 from Juha Hyttinen. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.36 2003/09/17 05:34:15 atatat Exp $ a134 1 is set to @ 1.36 log @Hey, wiz! Doesn't this need a comma? @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.35 2003/08/23 22:31:24 wiz Exp $ d217 1 a217 1 .It SU_INDIRECT_GROOP @ 1.36.2.1 log @Pullup rev 1.37-1.38 (requested by cjep in ticket #210) Fix typo's @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.36 2003/09/17 05:34:15 atatat Exp $ d135 1 d217 1 a217 1 .It SU_INDIRECT_GROUP @ 1.36.2.2 log @Pull up revision 1.44 via patch (requested by kleink in ticket #2070): Set LOGNAME in the new environment (in addition to USER); fixes PR bin/30670 from Pavel Cahyna. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.36.2.1 2004/04/29 04:13:18 jmc Exp $ a68 1 .Ev LOGNAME , a77 2 .Ev LOGNAME and d79 2 a80 2 are set to the target login, unless the target login has a user ID of 0, in which case they are unmodified. a123 1 .Ev LOGNAME , a131 2 .Ev LOGNAME and d133 1 a133 1 are set to the target login. a234 4 .It Ev LOGNAME The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). @ 1.36.2.1.2.1 log @Pull up revision 1.44 via patch (requested by kleink in ticket #2070): Set LOGNAME in the new environment (in addition to USER); fixes PR bin/30670 from Pavel Cahyna. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.36.2.1 2004/04/29 04:13:18 jmc Exp $ a68 1 .Ev LOGNAME , a77 2 .Ev LOGNAME and d79 2 a80 2 are set to the target login, unless the target login has a user ID of 0, in which case they are unmodified. a123 1 .Ev LOGNAME , a131 2 .Ev LOGNAME and d133 1 a133 1 are set to the target login. a234 4 .It Ev LOGNAME The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). @ 1.35 log @Comma and Pp police. Bump date for last. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.34 2003/08/20 14:11:17 christos Exp $ d127 1 a127 1 .Ev HOME @ 1.34 log @Normalize the program's compilation options so they are all of the form SU_ and document them. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.33 2003/08/07 11:15:56 agc Exp $ d31 1 a31 1 .Dd April 27, 2003 a200 1 .Pp d207 1 a207 1 .Dq root , d213 1 a213 1 .Dq root , d220 1 a220 1 and d223 1 a223 1 The group members of those two groups, are treated as groups themselves. @ 1.33 log @Move UCB-licensed code from 4-clause to 3-clause licence. Patches provided by Joel Baker in PR 22365, verified by myself. @ text @d29 1 a29 1 .\" $NetBSD: su.1,v 1.32 2003/04/27 11:09:29 wiz Exp $ d200 25 d229 1 @ 1.32 log @Drop trailing space. @ text @d12 1 a12 5 .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the University of .\" California, Berkeley and its contributors. .\" 4. Neither the name of the University nor the names of its contributors d29 1 a29 1 .\" $NetBSD: su.1,v 1.31 2003/04/27 08:46:25 jmmv Exp $ @ 1.31 log @Implement the `-d' option, which behaves as `-l' but does not change the current directory. Idea suggested by dsl@@ in source-changes. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.30 2003/04/24 12:19:06 wiz Exp $ d115 1 a115 1 or @ 1.30 log @Bump date for last. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.29 2003/04/20 20:13:20 christos Exp $ d35 1 a35 1 .Dd April 20, 2003 d43 1 a43 1 .Op Fl Kflm d103 4 @ 1.29 log @PR/5803: Gregg A. Woods: su doesn't support it's "-f" option for sh and/or ksh fixed by unsetenv("ENV") when -f is set and the shell is not csh. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.28 2003/02/25 10:35:56 wiz Exp $ d35 1 a35 1 .Dd January 19, 2003 @ 1.28 log @.Nm does not need a dummy argument ("") before punctuation or for correct formatting of the SYNOPSIS any longer. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.27 2003/02/21 11:17:50 jmmv Exp $ d109 8 @ 1.27 log @Add missing dot to the `-' option. Ok'ed by wiz. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.26 2003/01/19 19:15:38 jmmv Exp $ d91 1 a91 1 .Nm "" . d198 1 a198 1 .Nm "" : @ 1.26 log @Add EXIT STATUS section. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.25 2002/10/13 00:55:17 wiz Exp $ d140 1 a140 1 .Fl l @ 1.25 log @New sentence, new line; drop trailing whitespace. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.24 2002/10/05 14:07:04 hubertf Exp $ d35 1 a35 1 .Dd March 7, 2001 d192 4 @ 1.24 log @Make example clearer, that the -c _after_ the login is passed to the shell. Addresses PR 18538 by reed@@reedmedia.net @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.23 2001/12/08 19:17:03 wiz Exp $ d56 1 a56 2 after the login name are passed to the shell. d231 2 a232 1 are passed to the shell. (See d238 1 a238 1 To execute arbitrary command with privileges of user @ 1.23 log @Sort sections, sort SEE ALSO, use .Pp instead of empty lines. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.22 2001/04/04 09:44:35 wiz Exp $ d101 3 d222 19 a240 1 To execute arbitrary command with privileges of user username, execute: @ 1.22 log @kerberos(1) -> (8). Sort SEE ALSO. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.21 2001/03/08 02:59:25 fair Exp $ d190 17 d212 1 a212 1 d218 1 a218 1 d230 1 a232 1 .Xr group 5 , a234 17 .Sh ENVIRONMENT Environment variables used by .Nm "" : .Bl -tag -width "HOME" .It Ev HOME Default home directory of real user ID unless modified as specified above. .It Ev PATH Default search path of real user ID unless modified as specified above. .It Ev TERM Provides terminal type which may be retained for the substituted user ID. .It Ev USER The user ID is always the effective ID (the target user ID) after an .Nm unless the user ID is 0 (root). .El @ 1.21 log @Correct the HISTORY section, per PR 11192 and Robert Elz. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.20 2001/01/10 21:33:13 sjg Exp $ d208 1 a211 2 .Xr kinit 1 , .Xr kerberos 1 , d216 2 a217 1 .Xr environ 7 @ 1.20 log @If SU_INDIRECT_GROUP is defined (it is by default), then su will consider that SUGROUP and ROOTAUTH group contain the names of users and groups. If user is not found in the list check_ingroup() recurses on each member until either user is found or end of chain is reached. The above allows su's use of the wheel group to be extended to a large number of users without necessarily putting them in group wheel, and in a way that will work over NIS that simply extending the line length limit in getgrent.c cannot. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.19 2000/05/10 19:04:36 jdolecek Exp $ d35 1 a35 1 .Dd January 14, 2000 d129 1 a129 1 .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin d191 1 a191 1 To become user username and use the same environment as in original shell, execute: d238 3 a240 2 command appeared in .At v7 . @ 1.19 log @Add some examples of usage. Modelled after what is in Solaris manpage, though no text has been actually copied from there (for legal reasons). @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.18 2000/02/11 00:30:07 abs Exp $ d177 8 @ 1.19.4.1 log @Pull up revision 1.22 (requested by wiz): Correct kerberos reference to kerberos(8). Sort SEE ALSO section. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.19 2000/05/10 19:04:36 jdolecek Exp $ a199 1 .Xr kinit 1 , d203 2 d209 1 a209 2 .Xr environ 7 , .Xr kerberos 8 @ 1.18 log @Set SU_FROM environment variable. This can be used to determine a 'su -' shell from a real login shell (but only if you care). @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.17 2000/01/14 02:39:14 mjl Exp $ d182 16 @ 1.17 log @Implement login_cap capability lookup. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.16 1999/09/27 19:41:33 mjl Exp $ d76 1 d78 1 a78 1 .Ev SHELL . d86 2 d89 3 a91 1 This is the traditional behavior of d114 1 d116 1 a116 1 .Ev USER . d118 1 d120 1 a120 1 .Ev SHELL @ 1.16 log @Mention "-" is the same as "-l". Closes PR/8499 by Matthew Aldous. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.15 1999/05/02 18:35:30 kleink Exp $ d35 1 a35 1 .Dd April 18, 1994 d44 1 d93 3 d119 5 a123 1 .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin . d182 2 @ 1.15 log @Bring $PATH information in sync with _PATH_DEFPATH. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.14 1997/10/19 23:31:52 lukem Exp $ d121 3 @ 1.15.2.1 log @Pull up to last week's -current. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.16 1999/09/27 19:41:33 mjl Exp $ a120 3 .It Fl Same as .Fl l @ 1.14 log @WARNSify, fix .Nm usage, deprecate register, getopt returns -1 not EOF @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.13 1997/07/02 05:42:12 lukem Exp $ d115 1 a115 1 .Dq Pa /bin:/usr/bin . @ 1.14.4.1 log @Pull up revisions 1.15-1.16 (requested by kim): Apply two minor corrections, one fixes PR#8499. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.14 1997/10/19 23:31:52 lukem Exp $ d115 1 a115 1 .Dq Pa /usr/bin:/bin:/usr/pkg/bin:/usr/local/bin . a120 3 .It Fl Same as .Fl l @ 1.14.4.2 log @Pull up revision 1.18 (requested by abs): Have su set SU_FROM environment variable, and use to avoid incorrect 'use su' warning in root's .login. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.14.4.1 2000/01/08 18:35:58 he Exp $ a74 1 .Ev SHELL , d76 1 a76 1 .Ev SU_FROM . a83 2 .Ev SU_FROM is set to the caller's login. d85 1 a85 3 With the exception of .Ev SU_FROM this is the traditional behavior of a104 1 .Ev USER , d106 1 a106 1 .Ev SU_FROM . a107 1 .Ev SHELL , d109 1 a109 1 .Ev SU_FROM @ 1.13 log @As per discussion with mrg, back out parts of previous change. The appropriate entry in /etc/group as returned by getgrnam() is used to determine if 'su root' may be permitted, rather than checking if membership exists in the result of getgroups(). The following changes were made regarding the behaviour of the special group for 'su root' * allow for definition of SUGROUP (defaults to "wheel") to override group name. * use getgrnam(SUGROUP) instead of getgrgid(0). * only scan getgrnam(SUGROUP)->gr_mem when checking for group membership. * be more specific as to why 'su root' failed NOTE: If a user's primary group is SUGROUP, and they're not a member of SUGROUP in /etc/group, they will not be able to su. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.12 1997/06/27 17:01:53 lukem Exp $ d86 1 a86 1 .Nm su . d176 1 a176 1 .Nm su : @ 1.12 log @* Notify of impending password or account expiry (check against _PASSWORD_WARNDAYS from ). For non-root users, enforce expiry when it happens. From Simon Gerraty in [bin/935]. * Check for group 0 in process's current group membership (as returned by getgroups(2)), instead of just looking at the entry for wheel in /etc/group. Based on code by Dan Caresone in [bin/792], and also solves [bin/2466]. * Clean up to pass -Wall @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.11 1997/03/08 14:21:16 mouse Exp $ d42 1 a42 1 .Nm su d46 1 a46 1 .Nm Su d57 1 a57 1 .Nm Su d62 1 a62 1 .Nm su d119 1 a119 1 .Nm su d129 1 a129 1 .Nm su d140 5 a144 2 Only users in group 0 (normally .Dq wheel ) d146 1 a146 1 .Nm su d149 3 a151 3 unless group 0 does not exist or has no members. (If you want nobody to be able to .Nm su d177 1 a177 1 .Bl -tag -width HOME d188 1 a188 1 .Nm su a195 3 .Sh BUGS There should be a way of setting policy so that users can su to root without being a member of group 0, if the sysadmin wishes. @ 1.11 log @alternate -> alternative, per PR 2643 @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.10 1997/01/31 23:12:17 ghudson Exp $ a193 6 Being a member of group 0 as set in .Pa /etc/passwd is not enough; the login ID must be listed in the group 0 line of .Pa /etc/group to be allowed to su to root. .Pp @ 1.10 log @Document the recent change in group wheel semantics. Also, it wasn't previously documented that anyone could su to root if group 0 didn't exist. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.9 1997/01/20 07:14:35 cjs Exp $ d67 2 a68 2 Alternately, if the user enters the password "s/key", they will be authenticated using the S/Key one-time password system as described in @ 1.9 log @Add list of bugs: relies only on /etc/group for group membership, sets policy in code. @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.8 1997/01/09 11:43:06 tls Exp $ d145 11 a155 1 .Dq root . @ 1.8 log @Sync to 4.4BSD-Lite2 @ text @d33 1 a33 1 .\" $NetBSD: su.1,v 1.7 1994/09/05 00:27:10 mycroft Exp $ d183 9 @ 1.7 log @Document usage of additional arguments after login name, as suggested by Peter da Silva (slightly edited). @ text @d1 2 a2 2 .\" Copyright (c) 1988, 1990 The Regents of the University of California. .\" All rights reserved. d32 2 a33 2 .\" from: @@(#)su.1 6.12 (Berkeley) 7/29/91 .\" $Id: su.1,v 1.6 1994/05/24 06:52:19 deraadt Exp $ d35 1 a35 1 .Dd July 29, 1991 a182 4 The version described here is an adaptation of the .Tn MIT Athena Kerberos command. @ 1.6 log @add skey support @ text @d33 1 a33 1 .\" $Id: su.1,v 1.5 1994/01/11 18:38:03 jtc Exp $ d44 1 a44 1 .Op Ar login d53 4 a56 1 A shell is then executed. @ 1.5 log @Fix spelling errors. @ text @d33 1 a33 1 .\" $Id: su.1,v 1.4 1993/08/01 07:28:22 mycroft Exp $ d64 5 d152 1 @ 1.4 log @Add RCS indentifiers. @ text @d33 1 a33 1 .\" $Id: $ d174 1 a174 1 The version desribed @ 1.3 log @Back out last change until I can get an official interpretation. @ text @d32 2 a33 1 .\" @@(#)su.1 6.12 (Berkeley) 7/29/91 @ 1.2 log @Update LOGNAME as well as USER environment variables to keep POSIX utilities that only understand LOGNAME happy. @ text @a63 1 .Ev LOGNAME a71 2 .Ev LOGNAME and d73 2 a74 2 are set to the target login, unless the target login has a user ID of 0, in which case they are unmodified. a95 1 .Ev LOGNAME , a101 2 .Ev LOGNAME and d103 1 a103 1 are set to the target login. d154 1 a154 1 .Bl -tag -width indent d163 1 a163 1 .It Ev LOGNAME , USER @ 1.1 log @Initial revision @ text @d64 1 d73 2 d76 2 a77 2 is set to the target login, unless the target login has a user ID of 0, in which case it is unmodified. d99 1 d106 2 d109 1 a109 1 is set to the target login. d160 1 a160 1 .Bl -tag -width HOME d169 1 a169 1 .It Ev USER @ 1.1.1.1 log @initial import of 386bsd-0.1 sources @ text @@ 1.1.1.2 log @imported from 4.4lite @ text @d1 2 a2 2 .\" Copyright (c) 1988, 1990, 1993, 1994 .\" The Regents of the University of California. All rights reserved. d32 1 a32 1 .\" @@(#)su.1 8.2 (Berkeley) 4/18/94 d34 1 a34 1 .Dd April 18, 1994 d173 4 @