System Administration Guide
Chapter 1, Administering user accounts

Accessing other accounts with su(C)

Accessing other accounts with su(C)

The su(C) utility (for ``superuser'') can be used to switch over to another account temporarily. It is primarily used to access the root account, when it is executed without an argument. Otherwise, it is used in this form:

su username

su prompts for the account password, and if it is correct, a Bourne shell is started under the other account. Transitions with su do not affect the login user ID (LUID), so login and audit records remain accurate.

If a dash (-) is included in the command (su -), the environment for that user is executed (including login shell, home directory, and so forth), making it essentially the same as logging in as that user. To exit the shell, enter exit or press <Ctrl>D and you are returned to your own account.

Users can su to an pseudo-user account if they own it. To access the root account (or any other account they are not responsible for), however, the user must have the su authorization. Refer to ``Assigning subsystem authorizations'' for more information.

NOTE: The Low, Traditional, and Improved security profiles assign the su authorization by default. Users can su to any account if they know the password. Under the High security profile, the su authorization is not assigned.

See also: