The reason is that su changes both the real and the effective UIDs via a setuid system call. It accomplishes this as it was effectively root at invocation due it being a setuid file. -Ron