su - Substitutes user ID temporarily
su [- | -f] [user] [shell_option] [shell_command]
-f Prevents the user's shell initialization file from being executed by
passing the -f option to the user's shell, thus making su start up fas-
ter. The -f option is supported by the csh family of shells.
- Simulates a full login by executing the commands in either the .cshrc
and .login files for csh or the .profile file for sh and ksh and by
setting the current working directory to the user's home directory.
Passes the specified shell option flag to the newly invoked user's
shell for execution. The shell_option must be supported by the invoked
shell. The csh, sh, ksh, and any other interactive command shell sup-
port the commonly used -c shell option. By default (no "shell_option"),
the shell is opened with the -i (interactive) shell option. See the
reference page for the shell you are using for more information on the
Passes the specified command to the newly invoked user's shell for exe-
cution. The shell_command must be supported by the invoked shell.
The su command demands the password of the specified user, and if it is
given, changes to that user and invokes the user's shell without changing
the current directory.
Except in a case where the - option is used, the user environment is
unchanged except for HOME, SHELL, USER, and LOGNAME which are taken from
the password file for the user being substituted (see environ). The new
user ID stays in force until the shell exits.
If no user is specified, root is assumed. Only users who belong to group
number 0 (system) can issue su to become root, even with the root password.
To remind superusers of their responsibilities, the shell substitutes a #
(number sign) for its usual prompt.
Shell commands may be passed to the shell that is spawned by su by includ-
ing them on the command line after the su flags and arguments. After the
flags recognized by su and the user argument are processed, unrecognized
command line flags (shell_options) and/or arguments (shell_commands) are
passed to the shell for execution. If the spawned shell does not support
the command or the format of the command, the command is not executed and
the resulting shell behavior and error messages are determined by the
The su command fails if any lock conditions exist on the target account.
Specifically, if the destination account was retired, if the number of
unsuccessful login attempts exceeds the maximum allowed, if the administra-
tive lock was applied, or the password's lifetime was exceeded, the Infor-
mation System Security Officer (ISSO) must unlock the destination account
before any user can log in to it or use su to transition to it.
This security-sensitive command uses SIA (Security Integration Architec-
ture) as an interface to the security mechanism(s) that perform the actual
user validation. See the matrix.conf(4) reference page for more informa-
The following environment variables affect the behavior of su:
Commands: csh(1), ksh(1), sh(1)