su - run a shell with substitute user and group IDs

su [-flm]... [-] [user [arg]...]

Change the effective user id and group id to that of user.

Frequently used to temporarily switch to root to execute priviledged commands or access restricted files.

Password of target user will be requested and an entry in /var/log will be made.

-c
--command=command
pass a single COMMAND to the shell with -c
--session-command=command pass a single COMMAND to the shell with -c and do not create a new session
-f
--fast
don't read .cshrc for csh or tcsh
-m
-p
‑‑preserve‑environment
do not reset environment variables
> echo $HOME $SHELL $TERM _ $UID $EUID $USER : $GID $GROUPS : $HISTFILE
Users/dgerman /bin/bash xterm-256color _ 501 501 dgerman : 20 : /Users/dgerman/.bash_history
> su
Password:
> echo $HOME $SHELL $TERM _ $UID $EUID $USER : $GID $GROUPS : $HISTFILE
/var/root /bin/sh xterm-256color _ 0 0 dgerman : 0 : /var/root/.sh_history
> exit
> su -m
Password:
> echo $HOME $SHELL $TERM _ $UID $EUID $USER : $GID $GROUPS : $HISTFILE
/Users/dgerman /bin/bash xterm-256color _ 0 0 dgerman : 0 : /Users/dgerman/.bash_history

       
-
-l
--login
make the shell a login shell

-l and -m options are mutually exclusive; the last one specified overrides

-s
--shell=shell
run shell if /etc/shells allows it
--help display this help and exit
--version output version information and exit
A mere - implies -l.
Default user is root.

If PAM is used to set policy, only users in the admin or wheel groups are permitted to switch to UID 0 (root). See pam_group.

Most environment varilables are unmodified, exceptions include USER, HOME, PATH, and SHELL which are set to those of user.

args are passed to the login shell of the target login.

Command line arguments before user are processed by su , everything after user is passed to the shell.

By default the super-user prompt is set to #

FILES

/etc/pam.d/su for BSD and Mac OS X

EXAMPLES

Run catman as user man.
su man -c catman
the target command consists of more than a single word and hence is quoted for use with the -c option being passed to the shell. (Most shells expect the argument to -c to be a single word).
su man -c 'catman /usr/share/man /usr/local/man'
Simulate a login for user dbadmin
su -l dbadmin
su - dbadmin
Simulate a login for root.
su

/etc/shells
Mac OS X 10.8
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.

/bin/bash
/bin/csh
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
linux (cPanel)
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/ksh
/bin/ftpsh
/usr/local/cpanel/bin/jailshell
/usr/local/cpanel/bin/noshell

for Mac OS X or BSD /etc/pam.d/su
# su: auth account session
auth       sufficient     pam_rootok.so 
auth       required       pam_opendirectory.so
account    required       pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account    required       pam_opendirectory.so no_check_shell
password   required       pam_opendirectory.so
session    required       pam_launchd.so

See

sudo csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)