NAME

       calife — becomes root (or another user) legally.

SYNOPSIS

       calife [-] [login]

              or

       ... [-] [login] for some sites (check with your administrator).

DESCRIPTION

       Calife  requests  user's own password for becoming login (or root, if no login is provided), and switches
       to that user and group ID after verifying proper rights to do so.  A shell is then executed.   If  calife
       is executed by root, no password is requested and a shell with the appropriate user ID is executed.

       The  invoked  shell  is  the  user's  own  except  when  a  shell  is specified in the configuration file
       calife.auth.

       If ``-'' is specified on the command line, user's profile files are read as if it was a login shell.

       This is not the traditional behavior of su.

       Only users specified in calife.auth can use calife to become another one with this method.

       You can specify in the calife.auth file the list of logins allowed for  users  when  using  calife.   See
       calife.auth(5) for more details.

       calife.auth is installed as /etc/calife.auth.

FILES

       /etc/calife.auth  List of users authorized to use calife and the users they can become.
       /etc/calife.out   This script is executed just after getting out of calife.

SEE ALSO

       su(1), calife.auth(5), group(5), environ(7)

ENVIRONMENT

       The  original  environment  is  kept.  This is not a security problem as you have to be yourself at login
       (i.e. it does not have the same security implications as in su(1) ).

       Environment variables used by calife:

       HOME  Default home directory of real user ID.

       PATH  Default search path of real user ID unless modified as specified above.

       TERM  Provides terminal type which may be retained for the substituted user ID.

       USER  The user ID is always the effective ID (the target user ID) after an su unless the  user  ID  is  0
             (root).

BUGS

       The  MD5-based  crypt(3) function is slower and probably stronger than the DES-based one but it is usable
       only among FreeBSD 2.0+ systems.

HISTORY

       A calife command appeared in DG/UX, written for Antenne 2 in 1991. It has evolved considerably since this
       period with more OS support, user lists handling and improved logging.

       PAM support was introduced in 2005 to port it to MacOS X variants (Panther and up).

AUTHOR

       Ollivier Robert <roberto@keltia.freenix.fr>

Debian                                         September 25, 1994                                      CALIFE(1)