diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm .Op Fl -.Op Fl c Ar class +.Op Fl c Ar class | Fl g Ar class .Op Fl flms .Op Ar login Op Ar args .Sh DESCRIPTION @@ -81,18 +81,24 @@ are also normally retained unless the target login has a user ID of 0. .Pp The options are as follows: -.Bl -tag -width Ds +.Bl -tag -width "-c class" .It Fl c Ar class Use the settings of the specified login class. The login class must be defined in .Xr login.conf 5 . Only allowed for the super-user. +.It Fl g Ar class +Same as above. +Useful to avoid confusion with the +.Fl c +argument provided by most shells. .It Fl f If the invoked shell is .Xr csh 1 , this option prevents it from reading the .Dq Pa .cshrc file. +.Fl l . .It Fl l Simulate a full login. The environment is discarded except for @@ -112,7 +118,7 @@ is set to .Dq Pa /bin:/usr/bin . .Ev TERM -is imported from your current environment. +is imported from the current environment. Environment variables may be set or overridden from the login class capabilities database according to the class of the target login. The invoked shell is the target login's, and @@ -125,8 +131,8 @@ .Fl l . .It Fl m Leave the environment unmodified. -The invoked shell is your login shell, and no directory changes are made. -As a security precaution, if the target user's shell is a non-standard +The invoked shell is the current login shell, and no directory changes are made. +As a security precaution, if the shell of the target user is a non-standard shell (as defined by .Xr getusershell 3 ) and the caller's real uid is @@ -159,9 +165,27 @@ Note that all command line arguments before the target login name are processed by .Nm -itself, everything after the target login name gets passed to the login +itself. +Everything after the target login name gets passed to the login shell. .Pp +For example, +.D1 su -c daemon root +starts a new shell as root with the settings of the daemon login class, +while +.D1 su root -c daemon +starts +.Xr daemon 8 +as root with its default login class +which is roughly equivalent to +.Dl csh -c "daemon" +.Pp +To avoid confusion the +.Fl g +flag can be used instead of +.Fl c +when specifying a login class. +.Pp By default (unless the prompt is reset by a startup file) the super-user prompt is set to .Dq Sy \&# @@ -193,21 +217,27 @@ .Bl -tag -width 5n -compact .It Li "su -m operator -c poweroff" Starts a shell as user -.Li operator , +.Dq operator , and runs the command .Li poweroff . -You will be asked for operator's password unless your real UID is 0. +.Li poweroff +will ask for operator's password unless the user's real UID is 0. Note that the .Fl m option is required since user .Dq operator -does not have a valid shell by default. +does not have a valid shell by default +.Po it is set to +.Xr nologin 8 Pc . In this example, +the shell of the current user is used to execute the command. +Also, .Fl c -is passed to the shell of the user -.Dq operator , -and is not interpreted as an argument to -.Nm . +is an argument to the shell as it is specified after the login +.Po +.Dq operator +in this case +.Pc . .It Li "su -m operator -c 'shutdown -p now'" Same as above, but the target command consists of more than a single word and hence is quoted for use with the @@ -216,15 +246,10 @@ (Most shells expect the argument to .Fl c to be a single word). -.It Li "su -m -c staff operator -c 'shutdown -p now'" +.It Li "su -m -g staff operator -c 'shutdown -p now'" Same as above, but the target command is run with the resource limits of the login class .Dq staff . -Note: in this example, the first -.Fl c -option applies to -.Nm -while the second is an argument to the shell being invoked. .It Li "su -l foo" Simulate a login for user foo. .It Li "su - foo" @@ -236,6 +261,7 @@ .Xr csh 1 , .Xr mdo 1 , .Xr sh 1 , +.Xr getusershell 3 , .Xr group 5 , .Xr login.conf 5 , .Xr passwd 5 , diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -165,7 +165,7 @@ iscsh = UNSET; setmaclabel = 0; - while ((ch = getopt(argc, argv, "-flmsc:")) != -1) + while ((ch = getopt(argc, argv, "-flmsc:g:")) != -1) switch ((char)ch) { case 'f': fastlogin = 1; @@ -183,6 +183,7 @@ setmaclabel = 1; break; case 'c': + case 'g': class = optarg; break; case '?':