su 命令
帮助信息
su --help
$ su --help
Usage: su [options] [LOGIN]
Options:
-c, --command COMMAND pass COMMAND to the invoked shell
-h, --help display this help message and exit
-, -l, --login make the shell a login shell
-m, -p,
--preserve-environment do not reset environment variables, and
keep the same shell
-s, --shell SHELL use SHELL instead of the default in passwd
man su
$ man su
SU(1) User Commands SU(1)
NAME
su - change user ID or become superuser
SYNOPSIS
su [options] [username]
DESCRIPTION
The su command is used to become another user during a login session.
Invoked without a username, su defaults to becoming the superuser. The
optional argument - may be used to provide an environment similar to
what the user would expect had the user logged in directly.
Additional arguments may be provided after the username, in which case
they are supplied to the user's login shell. In particular, an argument
of -c will cause the next argument to be treated as a command by most
command interpreters. The command will be executed by the shell
specified in /etc/passwd for the target user.
You can use the -- argument to separate su options from the arguments
supplied to the shell.
The user will be prompted for a password, if appropriate. Invalid
passwords will produce an error message. All attempts, both valid and
invalid, are logged to detect abuse of the system.
The current environment is passed to the new shell. The value of $PATH
is reset to /bin:/usr/bin for normal users, or
/sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed
with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
A subsystem login is indicated by the presence of a "*" as the first
character of the login shell. The given home directory will be used as
the root of a new file system which the user is actually logged into.
OPTIONS
The options which apply to the su command are:
-c, --command COMMAND
Specify a command that will be invoked by the shell using its -c.
The executed command will have no controlling terminal. This option
cannot be used to execute interactive programs which need a
controlling TTY.
-, -l, --login
Provide an environment similar to what the user would expect had
the user logged in directly.
When - is used, it must be specified before any username. For
portability it is recommended to use it as last option, before any
username. The other forms (-l and --login) do not have this
restriction.
-s, --shell SHELL
The shell that will be invoked.
The invoked shell is chosen from (highest priority first):
The shell specified with --shell.
If --preserve-environment is used, the shell specified by the
$SHELL environment variable.
The shell indicated in the /etc/passwd entry for the target
user.
/bin/sh if a shell could not be found by any above method.
If the target user has a restricted shell (i.e. the shell field of
this user's entry in /etc/passwd is not listed in /etc/shells),
then the --shell option or the $SHELL environment variable won't be
taken into account, unless su is called by root.
-m, -p, --preserve-environment
Preserve the current environment, except for:
$PATH
reset according to the /etc/login.defs options ENV_PATH or
ENV_SUPATH (see below);
$IFS
reset to “<space><tab><newline>”, if it was set.
If the target user has a restricted shell, this option has no
effect (unless su is called by root).
Note that the default behavior for the environment is the
following:
The $HOME, $SHELL, $USER, $LOGNAME, $PATH, and $IFS environment
variables are reset.
If --login is not used, the environment is copied, except for
the variables above.
If --login is used, the $TERM, $COLORTERM, $DISPLAY, and
$XAUTHORITY environment variables are copied if they were set.
Other environments might be set by PAM modules.
CAVEATS
This version of su has many compilation options, only some of which may
be in use at any particular site.
CONFIGURATION
The following configuration variables in /etc/login.defs change the
behavior of this tool:
CONSOLE_GROUPS (string)
List of groups to add to the user's supplementary groups set when
logging in on the console (as determined by the CONSOLE setting).
Default is none.
Use with caution - it is possible for users to gain permanent
access to these groups, even when not logged in on the console.
DEFAULT_HOME (boolean)
Indicate if login is allowed if we can't cd to the home directory.
Default is no.
If set to yes, the user will login in the root (/) directory if it
is not possible to cd to her home directory.
ENV_PATH (string)
If set, it will be used to define the PATH environment variable
when a regular user login. The value is a colon separated list of
paths (for example /bin:/usr/bin) and can be preceded by PATH=. The
default value is PATH=/bin:/usr/bin.
ENV_SUPATH (string)
If set, it will be used to define the PATH environment variable
when the superuser login. The value is a colon separated list of
paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be
preceded by PATH=. The default value is
PATH=/sbin:/bin:/usr/sbin:/usr/bin.
SULOG_FILE (string)
If defined, all su activity is logged to this file.
SU_NAME (string)
If defined, the command name to display when running "su -". For
example, if this is defined as "su" then a "ps" will display the
command is "-su". If not defined, then "ps" would display the name
of the shell actually being run, e.g. something like "-sh".
SYSLOG_SU_ENAB (boolean)
Enable "syslog" logging of su activity - in addition to sulog file
logging.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/login.defs
Shadow password suite configuration.
EXIT VALUES
On success, su returns the exit value of the command it executed.
If this command was terminated by a signal, su returns the number of
this signal plus 128.
If su has to kill the command (because it was asked to terminate, and
the command did not terminate in time), su returns 255.
Some exit values from su are independent from the executed command:
0
success (--help only)
1
System or authentication failure
126
The requested command was not found
127
The requested command could not be executed
SEE ALSO
login(1), login.defs(5), sg(1), sh(1).
shadow-utils 4.5 08/21/2019 SU(1)
示例
切换用户
mk@mk-Lenovo-Y430P:~$ whoami // 当前用户
mk
mk@mk-Lenovo-Y430P:~$ pwd // 当前工作目录
/home/mk
mk@mk-Lenovo-Y430P:~$ su root // 切换到 root 用户
Password:
root@mk-Lenovo-Y430P:/home/mk# whoami
root
root@mk-Lenovo-Y430P:/home/mk# pwd
/home/mk
当只切换用户而不改变环境变量时,执行某些命令将受限。例如,查看 Java 的版本信息:
root@mk-Lenovo-Y430P:/home/mk# java -version
Command 'java' not found, but can be installed with:
apt install default-jre
apt install openjdk-11-jre-headless
apt install openjdk-8-jre-headless
切换用户,并改变环境变量
mk@mk-Lenovo-Y430P:~$ whoami
mk
mk@mk-Lenovo-Y430P:~$ pwd
/home/mk
mk@mk-Lenovo-Y430P:~$ su --login root
Password:
root@mk-Lenovo-Y430P:~# whoami
root
root@mk-Lenovo-Y430P:~# pwd
/root
在这种情况下,能正常执行 java -version 命令:
root@mk-Lenovo-Y430P:~# java -version
java version "1.8.0_241"
Java(TM) SE Runtime Environment (build 1.8.0_241-b07)
Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode)
参考
