Additional arguments may be provided after the username, in which case they are supplied to the user's login shell. In particular, an argument of -c will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in /etc/passwd for the target user.
You can use the -- argument to separate su options from the arguments supplied to the shell.
The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuse of the system.
The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser. This may be changed with the ENV_PATH and ENV_SUPATH definitions in /etc/login.defs.
A subsystem login is indicated by the presence of a "*" as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into.
The options which apply to the su command are:
-c, --command COMMAND
-, -l, --login
When - is used, it must be specified as the last su option. The other forms (-l and --login) do not have this restriction.
-s, --shell SHELL
The invoked shell is chosen from (highest priority first):
If the target user has a restricted shell (i.e. the shell field of this user's entry in /etc/passwd is not listed in /etc/shell), then the --shell option or the $SHELL environment variable won't be taken into account, unless su is called by root.
-m, -p, --preserve-environment
If the target user has a restricted shell, this option has no effect (unless su is called by root).
Note that the default behavior for the environment is the following:
This version of su has many compilation options, only some of which may be in use at any particular site.
The following configuration variables in /etc/login.defs change the behavior of this tool:
Use with caution - it is possible for users to gain permanent access to these groups, even when not logged in on the console.
If set to yes, the user will login in the root (/) directory if it is not possible to cd to her home directory.
On success, su returns the exit value of the command it executed.
If this command was terminated by a signal, su returns the number of this signal plus 128.
If su has to kill the command (because it was asked to terminate, and the command did not terminate in time), su returns 255.
Some exit values from su are independent from the executed command:
login(1), login.defs(5), sg(1), sh(1).