Home Explore Blog CI



man-pages
2nd chunk of `su.man`
4f1918dedbcefbdc2186f092b898e0f47dadcc23176c747c0000000100000acc
 -p, --preserve-environment
           Preserve the entire environment, i.e., do not set HOME, SHELL, USER
           or LOGNAME. This option is ignored if the option --login is
           specified.

       -P, --pty
           Create a pseudo-terminal for the session. The independent terminal
           provides better security as the user does not share a terminal with
           the original session. This can be used to avoid TIOCSTI ioctl
           terminal injection and other security attacks against terminal file
           descriptors. The entire session can also be moved to the background
           (e.g., su --pty - username -c application &). If the pseudo-terminal
           is enabled, then su works as a proxy between the sessions (sync
           stdin and stdout).

           This feature is mostly designed for interactive sessions. If the
           standard input is not a terminal, but for example a pipe (e.g., echo
           "date" | su --pty), then the ECHO flag for the pseudo-terminal is
           disabled to avoid messy output.

       -s, --shell=shell
           Run the specified shell instead of the default. The shell to run is
           selected according to the following rules, in order:

           •   the shell specified with --shell

           •   the shell specified in the environment variable SHELL, if the
               --preserve-environment option is used

           •   the shell listed in the passwd entry of the target user

           •   /bin/sh

       If the target user has a restricted shell (i.e., not listed in
       /etc/shells), the --shell option and the SHELL environment variables are
       ignored unless the calling user is root.

       --session-command=command
           Same as -c, but do not create a new session. (Discouraged.)

       -w, --whitelist-environment=list
           Don’t reset the environment variables specified in the
           comma-separated list when clearing the environment for --login. The
           whitelist is ignored for the environment variables HOME, SHELL,
           USER, LOGNAME, and PATH.

       -h, --help
           Display help text and exit.

       -V, --version
           Print version and exit.

SIGNALS
       Upon receiving either SIGINT, SIGQUIT or SIGTERM, su terminates its
       child and afterwards terminates itself with the received signal. The
       child is terminated by SIGTERM, after unsuccessful attempt and 2 seconds
       of delay the child is killed by SIGKILL.

CONFIG FILES
       su reads the /etc/default/su and /etc/login.defs configuration files.
       The following configuration items are relevant for su:

       FAIL_DELAY (number)
           Delay in seconds in case of an authentication
Title: su Command Options: Environment, Shell, and Signals
Summary
This section details various options for the `su` command, including preserving the environment (`-p`), creating a pseudo-terminal (`-P`), specifying a shell (`-s`), whitelisting environment variables for `--login` (`-w`), and displaying help or version information (`-h`, `-V`). It also describes how `su` handles signals like SIGINT, SIGQUIT, and SIGTERM by terminating its child process. Finally, it mentions the configuration files `/etc/default/su` and `/etc/login.defs` and the `FAIL_DELAY` setting.