HP-UX Reference (11i v1 05/09) - 1 User Commands N-Z (vol 2)
s
su(1) su(1)
In order to su using a Smart Card account, the Smart Card from the destination user account must be
inserted into the Smart Card reader. The user is prompted for a PIN instead of a password during authen-
tication.
Enter PIN:
The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is
not necessary to know the password, only the PIN.
The card is locked if an incorrect PIN is entered three consecutive times. It may be unlocked only by the
card issuer.
SECURITY FEATURES
Refer to the /etc/default/security
file in the security(4) manual page for detailed information on
configurable parameters that affect the behavior of this command. Currently, the supported parameters for
the
su command are:
SU_ROOT_GROUP
SU_DEFAULT_PATH
SU_KEEP_ENV_VARS
Except for user root, users on a trusted system cannot use su to change to an account that has been
locked because of expired passwords or other access restrictions.
EXTERNAL INFLUENCES
Environment Variables
HOME User’s home directory
LANG The language in which messages are displayed. If LANG is not specified or is null, it
defaults to C (see lang(5)). If any internationalization variable contains an invalid setting,
all internationalization variables default to
C (see environ(5)).
LOGNAME User’s login name
PATH Command name search path
PS1 Default prompt
SHELL Name of the user’s shell
International Code Set Support
Characters in the 7-bit US-ASCII code sets are supported in login names (see ascii(5)).
EXAMPLES
Become user
bin while retaining the previously exported environment:
su bin
Become user bin but change the environment to what would be expected if bin had originally logged in:
su - bin
Execute command and its arguments using the temporary environment and permissions of user bin:
su - bin -c command arguments
WARNINGS
After a valid password is supplied, su uses information from /etc/passwd and /etc/logingroup to
determine the user’s group ID and group access list. If
/etc/group is linked to /etc/logingroup
,
and group membership for the user trying to log in is managed by the Network Information Service (NIS),
and no NIS server is able to respond,
su waits until a server does respond.
In normal operation, root is able to su to another user’s account without being prompted for a password.
However, DCE (Distributed Computing Environment) credentials for a user cannot be obtained without
that user’s password. Therefore, if DCE is being used as the authentication mechanism, and root wants to
su to another user’s account and get DCE credentials for that user, the -d flag must be specified. With
this flag set, root will be prompted for the user’s password and should supply that user’s password at the
prompt. For example:
HP-UX 11i Version 1: September 2005 − 2 − Hewlett-Packard Company Section 1−−949