su - run a shell with substitute user and group IDs

su [-flm]... [-] [user [arg]...]

Change the effective user id and group id to that of user.

Frequently used to temporarily switch to root to execute priviledged commands or access restricted files.

Password of target user will be requested and an entry in /var/log will be made.

pass a single COMMAND to the shell with -c
--session-command=command pass a single COMMAND to the shell with -c and do not create a new session
don't read .cshrc for csh or tcsh
do not reset environment variables
Users/dgerman /bin/bash xterm-256color _ 501 501 dgerman : 20 : /Users/dgerman/.bash_history
> su
/var/root /bin/sh xterm-256color _ 0 0 dgerman : 0 : /var/root/.sh_history
> exit
> su -m
/Users/dgerman /bin/bash xterm-256color _ 0 0 dgerman : 0 : /Users/dgerman/.bash_history

make the shell a login shell

-l and -m options are mutually exclusive; the last one specified overrides

run shell if /etc/shells allows it
--help display this help and exit
--version output version information and exit
A mere - implies -l.
Default user is root.

If PAM is used to set policy, only users in the admin or wheel groups are permitted to switch to UID 0 (root). See pam_group.

Most environment varilables are unmodified, exceptions include USER, HOME, PATH, and SHELL which are set to those of user.

args are passed to the login shell of the target login.

Command line arguments before user are processed by su , everything after user is passed to the shell.

By default the super-user prompt is set to #


/etc/pam.d/su for BSD and Mac OS X


Run catman as user man.
su man -c catman
the target command consists of more than a single word and hence is quoted for use with the -c option being passed to the shell. (Most shells expect the argument to -c to be a single word).
su man -c 'catman /usr/share/man /usr/local/man'
Simulate a login for user dbadmin
su -l dbadmin
su - dbadmin
Simulate a login for root.

Mac OS X 10.8
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.

linux (cPanel)

for Mac OS X or BSD /etc/pam.d/su
# su: auth account session
auth       sufficient 
auth       required
account    required no_warn group=admin,wheel ruser root_only fail_safe
account    required no_check_shell
password   required
session    required


sudo csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)