su Command
来源:互联网 发布:python示例程序 编辑:程序博客网 时间:2024/05/21 04:40
su Command su 命令
Purpose 目的
Changes the user ID associated with a session. 更改当前用户ID 关联session
Syntax 语法
su [ - ] [ Name [ Argument ... ] ]
Description 描述
The su command changes user credentials to those of the root user or to the user specified by the Name parameter, and then initiates a new session. The user name may
include a DCE cell specification. Note: The root user is not required to satisfy the Distributed Computing Environment (DCE) authentication when switching to a DCE
user. In this case, the user's DCE credentials are not gained.
Any arguments, such as flags or parameters, that are specified by the Arguments parameter must relate to the login shell defined for the user specified by the Name
parameter. These arguments are passed to the specified user's login shell. For example, if the login shell for user Fred is /usr/bin/csh, you can include any of the
flags for the csh command, such as the -f flag. When the su command runs, it passes the -f flag to the csh command. When the csh command runs, the -f flag omits the
.cshrc startup script.
The following functions are performed by the su command:
account checking
Validates the user account to be certain it exists, that it is enabled for the su command, that the current user is in a group permitted to switch to this account
with the su command, and that it can be used from the current controlling terminal.
user authentication
Validates the user's identity, using the system-defined primary authentication methods for the user. If a password has expired, the user must supply a new
password.
credentials establishment
Establishes initial user credentials, using the values in the user database. These credentials define the user's access rights and accountability on the system.
session initiation
If the - flag is specified, the su command initializes the user environment from the values in the user database and the /etc/environment file. When the - flag is
not used, the su command does not change the directory.
These functions are performed in the sequence shown. If one function is unsuccessful, the succeeding functions are not done. Refer to the ckuseracct, ckuserID,
authenticate, setpcred, and setpenv subroutines for the semantics of these functions.
To restore the previous session, type exit or press the Ctrl-D key sequence. This action ends the shell called by the su command and returns you to the previous shell,
user ID, and environment.
If the su command is run from the /usr/bin/tsh shell, the trusted shell, you exit from that shell. The su command does not change the security characteristics of the
controlling terminal.
Each time the su command is executed, an entry is made in the /var/adm/sulog file. The /var/adm/sulog file records the following information: date, time, system name,
and login name. The /var/adm/sulog file also records whether or not the login attempt was successful: a + (plus sign) indicates a successful login, and a - (minus sign)
indicates an unsuccessful login. Note: Successful use of the su command resets the unsuccessful_login_count attribute in the /etc/security/lastlog file only if the
user's rlogin and login attributes are both set to false in /etc/security/user. Otherwise, the su command doesn't reset the unsuccessful_login_count, because the
administrator often uses the su command to fix user account problems. The user is able to reset the attribute through a local or remote login.
Flags
-
Specifies that the process environment is to be set as if the user had logged in to the system using the login command. Nothing in the current environment is
propagated to the new shell.
Security
The su command is a PAM-enabled application with a service name of su. System-wide configuration to use PAM for authentication is set by modifying the value of the
auth_type attribute, in the usw stanza of /etc/security/login.cfg, to PAM_AUTH as the root user.
The authentication mechanisms used when PAM is enabled depend on the configuration for the su service in /etc/pam.conf. The su command requires /etc/pam.conf entries
for the auth, account, password, and session module types. In order for the su command to exhibit a similar behavior through PAM authentication as seen in standard AIX
authentication, the pam_allowroot module must be used as sufficient and called before pam_aix in both the auth and account su service stacks. Listed below is a
recommended configuration in /etc/pam.conf for the su service:
#
# AIX su configuration
#
su auth sufficient /usr/lib/security/pam_allowroot
su auth required /usr/lib/security/pam_aix
su account sufficient /usr/lib/security/pam_allowroot
su account required /usr/lib/security/pam_aix
su session required /usr/lib/security/pam_aix
su password required /usr/lib/security/pam_aix
Examples
1 To obtain root user authority, type:
su
This command runs a subshell with the effective user ID and privileges of the root user. You will be asked for the root password. Press End-of-File, Ctrl+D key
sequence, to end the subshell and return to your original shell session and privileges.
2 To obtain the privileges of the jim user, type:
su jim
This command runs a subshell with the effective user ID and privileges of jim.
3 To set up the environment as if you had logged in as the jim user, type: su - jim
This starts a subshell using jim's login environment.
4 To run the backup command with root user authority and then return to your original shell, type:
su root "-c /usr/sbin/backup -9 -u"
This runs the backup command with root user authority within root's default shell. You must give the correct root password when queried for the command to execute.
Files
/usr/bin/su
Contains the su command.
/etc/environment
Contains user environment values.
/etc/group
Contains the basic group attributes.
/etc/passwd
Contains the basic user attributes.
/etc/security/user
Contains the extended attributes of users.
/etc/security/environ
Contains the environment attributes of users.
/etc/security/limits
Contains the process resource limits of users.
/etc/security/passwd
Contains password information.
/var/adm/sulog
Contains information about login attempts.
Related Information
The bsh command, csh command, getty command, ksh command, login command, setgroups command, setsenv command, tsh command, and tsm command.
The authenticate subroutine, ckuseracct subroutine, ckuserID subroutine, setpcred subroutine, setpenv subroutine.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security
Administration in AIX 5L Version 5.3 Security Guide.
- su Command
- uBuntu su command
- The su Command
- [root@vhost5 ~]# su - e3base -bash: su: command not found
- 关于su下bash:xxx :command not found
- sudo, su, ls 等常用命令找不到:Command not found
- su
- SU
- Su
- su
- su
- su
- su
- su
- SU
- SU
- su
- su
- XML Schema简介
- viewDidUnload 和 dealloc 的区别
- 在 Ubuntu 下使用 Android NDK r4b 编译 FFmpeg 0.6.3
- C语言的堆栈问题
- undefined reference to `resip::LinkuMsgSocket::LinkuMsgSocket(resip::SipStack*, resip::Fifo<resip::t
- su Command
- dll深入浅出
- ln命令设置硬链接和软链接
- Xenocode混淆方式
- 进程与作业的区别
- 基于ARM的C语言和汇编语言的混合使用
- bt5 note[3]
- iOS消息推送机制详解(Push Notify - APNS)
- Dialog样式小例,以及listview的item和里面的控件焦点共存