su: Run an elevated command or as another user
Usage: su.exe [-.eCLnPStvxwh-] [-c <colors>]
[-o <options>] [-p <password>] [-s <setrows> ]
[-X <errlimit>] [ userid [ command ]]
su is the Windows equivalent of the UNIX "super user"
command. su runs the specified command (by default, the
C shell) as either an elevated command or as another user
(or both) in a new window. By default, it then exits
immediately.
Invoked without any command line arguments, su defaults to
starting an elevated copy of the C shell.
Even though the command will run with new credentials,
it will inherit the parent's environment variables and
current directories. su does this by spawning a copy of
itself with the new credentials to actually run the command
and handshaking with it through shared memory to pass the
environment.
To run as another user, su uses the Secondary Logon
service to start that copy of itself meaning that
system service must be running.
To elevate, su uses a special copy of itself, elevate.exe,
which has been marked for the operating system as
requiring elevation, causing the secure desktop prompt.
To run elevated as another user, su first spawns a copy
of itself as the new user, then elevates.
The userid may be specified as either a simple name or as a
domain\name pair. If no userid is specified, or if "."
is specified, su will interpret that to mean the current
userid. If the current user is specified, a password is not
required because su will already be running as that user.
(In fact, if a password is specified, seemingly for the
current user, that's treated as an error to avoid
accidentally running elevated when that was not the intent.)
For userids other than the current user, if no password is
given, su will try logging in without a password. If that
fails, su will prompt for a password; the password will not
be echoed to the screen.
The command can refer to any executable file or to a C shell
command or alias. If a complete path is not specified, su
will look through the search path. If an extension is not
specified, su will try all the usual possibilities: .csh,
.exe, .com, .cmd and .bat. If a corresponding executable
file cannot be found, su will assume the command is an
internal C shell command or alias. If no command is
specified, su will run the C shell.
Net use drives are inherited only when elevating, not when
running as a different user. Any current directory settings
in the inherited environment that refer to drives that don't
exist under the new credentials are silently ignored.
su will not run under Windows 9x and requests to elevate
are ignored unless running under Vista, Windows 7 or later.
Options:
-. Elevate option. Run the command elevated as the
current userid. No userid or password should
be specified.
-e Elevate. Run the command elevated as the
specified user.
-c <colors> If su is running in a new window because of
elevation, use the screen colors specified
in the next word, overriding whatever is
specified in the COLORS environment variable.
If there is neither a COLORS environment nor
a -c option specifying the colors, the default
is "white on blue".
-C Start up a copy of C shell to run the command.
-L If the C shell is run, make it a login shell.
-n Non-interactive. The password, if not null,
must be passed on the command line. su will
not prompt for it.
-o <options> Options to be passed to the C shell, if su
calls it.
-p <password> Password to be used with the specified userid.
-P Pause always. Prompt for the user to press
Enter before exiting. Implies -w.
-s <setrows> If su is running in a new window because of
elevation, set the window and buffer sizes
to the values specified in the next argument
word. The format is the same as used by the
setrows command. The default, "1000 80 40 80",
means a buffer of 1000 rows x 80 columns and
a display window of 40 rows x 80 columns.
-S Inverse of -L. If the C shell is run, do
not make it a login shell. Let it run
startup.csh only.
-t Trace mode. The command line is written to
stderr just prior to invocation.
-v Verbose. If either su or the child exits
with a return code greater than the error
limit, print the return code and the
corresponding system error message.
-w Wait for the child to exit before returning,
even if it's running in a new window.
-x Exit always. By default, if su is running
in a new window because of elevation, it
pauses and prompts for the user to press Enter
if it writes any messages or if a child exits
with an error to ensure the user gets to read
what's displayed before the window goes away.
This option overrides that default behavior.
-X <errlimit> Error limit. If a child command exits with
a return code greater than the specified
<errlimit>, su will consider that to be an
error. By default, any return code > 1 is
considered an error.
-h Help. (This screen.)
-- End of options.
|
