1 --- coreutils-6.7/tests/help-version.runuser 2006-12-07 09:06:04.000000000 +0000
2 +++ coreutils-6.7/tests/help-version 2007-01-09 17:31:44.000000000 +0000
7 +runuser_args=--version
9 # I'd rather not run sync, since it spins up disks that I've
10 # deliberately caused to spin down (but not unmounted).
11 --- coreutils-6.7/README.runuser 2006-11-24 21:28:27.000000000 +0000
12 +++ coreutils-6.7/README 2007-01-09 17:32:16.000000000 +0000
14 dd df dir dircolors dirname du echo env expand expr factor false fmt fold
15 ginstall groups head hostid hostname id join kill link ln logname ls
16 md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
17 - printenv printf ptx pwd readlink rm rmdir seq sha1sum sha224sum sha256sum
18 + printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum
19 sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac
20 tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime
21 users vdir wc who whoami yes
22 --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
23 +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
27 /* The official name of this program (e.g., no `g' prefix). */
29 #define PROGRAM_NAME "su"
31 +#define PROGRAM_NAME "runuser"
35 #define AUTHORS "David MacKenzie"
45 +#define CHECKPASSWD 1
48 char *getusershell ();
52 extern char **environ;
54 static void run_shell (char const *, char const *, char **, size_t,
55 - const struct passwd *)
56 + const struct passwd *
58 + , gid_t *groups, int num_groups
65 {"login", no_argument, NULL, 'l'},
66 {"preserve-environment", no_argument, NULL, 'p'},
67 {"shell", required_argument, NULL, 's'},
69 + {"group", required_argument, NULL, 'g'},
70 + {"supp-group", required_argument, NULL, 'G'},
72 {GETOPT_HELP_OPTION_DECL},
73 {GETOPT_VERSION_OPTION_DECL},
76 retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
80 if (getuid() != 0 && !isatty(0)) {
81 fprintf(stderr, "standard in must be a tty\n");
86 caller = getpwuid(getuid());
87 if(caller != NULL && caller->pw_name != NULL) {
89 retval = pam_set_item(pamh, PAM_TTY, tty_name);
93 + if (getuid() != geteuid())
94 + /* safety net: deny operation if we are suid by accident */
95 + error(EXIT_FAIL, 1, "runuser may not be setuid");
97 retval = pam_authenticate(pamh, 0);
99 retval = pam_acct_mgmt(pamh, 0);
105 /* must be authenticated if this point was reached */
108 @@ -398,11 +424,22 @@
109 /* Become the user and group(s) specified by PW. */
112 -change_identity (const struct passwd *pw)
113 +change_identity (const struct passwd *pw
115 + , gid_t *groups, int num_groups
119 #ifdef HAVE_INITGROUPS
122 - if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
125 + rc = setgroups(num_groups, groups);
128 + rc = initgroups(pw->pw_name, pw->pw_gid);
131 pam_close_session(pamh, 0);
132 pam_end(pamh, PAM_ABORT);
136 run_shell (char const *shell, char const *command, char **additional_args,
137 - size_t n_additional_args, const struct passwd *pw)
138 + size_t n_additional_args, const struct passwd *pw
140 + , gid_t *groups, int num_groups
144 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
145 char const **args = xnmalloc (n_args, sizeof *args);
149 if (child == 0) { /* child shell */
150 - change_identity (pw);
151 + change_identity (pw
153 + , groups, num_groups
162 struct passwd pw_copy;
165 + gid_t groups[NGROUPS_MAX];
166 + int num_supp_groups = 0;
170 initialize_main (&argc, &argv);
171 program_name = argv[0];
173 simulate_login = false;
174 change_environment = true;
176 - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
177 + while ((optc = getopt_long (argc, argv, "c:flmps:"
181 + , longopts, NULL)) != -1)
191 + gr = getgrnam(optarg);
193 + error (EXIT_FAIL, 0, _("group %s does not exist"), optarg);
195 + groups[0] = gr->gr_gid;
200 + if (num_supp_groups >= NGROUPS_MAX)
201 + error (EXIT_FAIL, 0,
202 + _("Can't specify more than %d supplemental groups"),
204 + gr = getgrnam(optarg);
206 + error (EXIT_FAIL, 0, _("group %s does not exist"), optarg);
207 + groups[num_supp_groups] = gr->gr_gid;
211 case_GETOPT_HELP_CHAR;
213 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
218 - if (!correct_password (pw))
220 + if (num_supp_groups && !use_gid)
222 + pw->pw_gid = groups[1];
223 + memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
227 + pw->pw_gid = groups[0];
232 + if (CHECKPASSWD && !correct_password (pw))
234 #ifdef SYSLOG_FAILURE
237 modify_environment (pw, shell);
240 - change_identity (pw);
241 + change_identity (pw
243 + , groups, num_supp_groups
248 - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
249 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
251 + , groups, num_supp_groups
255 --- coreutils-6.7/src/Makefile.am.runuser 2007-01-09 17:27:56.000000000 +0000
256 +++ coreutils-6.7/src/Makefile.am 2007-01-09 17:27:56.000000000 +0000
258 ## along with this program; if not, write to the Free Software Foundation,
259 ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
261 -EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who
262 +EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who
265 bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
267 mv_LDADD += $(LIB_ACL)
268 ginstall_LDADD += $(LIB_ACL)
270 +runuser_SOURCES = su.c
271 +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
272 +runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
274 $(PROGRAMS): ../lib/libcoreutils.a
281 -all-local: su$(EXEEXT)
282 +all-local: su$(EXEEXT) runuser
284 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
286 --- coreutils-6.7/AUTHORS.runuser 2006-10-22 17:54:15.000000000 +0100
287 +++ coreutils-6.7/AUTHORS 2007-01-09 17:27:56.000000000 +0000
289 readlink: Dmitry V. Levin
290 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
291 rmdir: David MacKenzie
292 +runuser: David MacKenzie, Dan Walsh
294 sha1sum: Ulrich Drepper, Scott Miller, David Madore
295 sha224sum: Ulrich Drepper, Scott Miller, David Madore
296 --- coreutils-6.7/man/Makefile.am.runuser 2006-11-16 08:49:56.000000000 +0000
297 +++ coreutils-6.7/man/Makefile.am 2007-01-09 17:32:38.000000000 +0000
299 link.1 ln.1 logname.1 \
300 ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nl.1 nohup.1 od.1 \
301 paste.1 pathchk.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \
302 - rm.1 rmdir.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \
303 + rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \
304 shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \
305 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
306 tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \
307 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
308 +++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000
311 +runuser \- run a shell with substitute user and group IDs
313 +.\" Add any additional description here
314 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
315 +++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
317 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
318 +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
320 +runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
323 +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
325 +.\" Add any additional description here
327 +Change the effective user id and group id to that of USER. No PAM hooks
328 +are run, and there will be no password prompt. This command is useful
329 +when run as the root user. If run as a non-root user without privilege
330 +to set user ID, the command will fail.
332 +-, \fB\-l\fR, \fB\-\-login\fR
333 +make the shell a login shell
335 +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
336 +pass a single COMMAND to the shell with \fB\-c\fR
338 +\fB\-f\fR, \fB\-\-fast\fR
339 +pass \fB\-f\fR to the shell (for csh or tcsh)
341 +\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
342 +specify the primary group
344 +\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
345 +specify a supplemental group
347 +\fB\-m\fR, \fB\-\-preserve\-environment\fR
348 +do not reset environment variables
353 +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
354 +run SHELL if /etc/shells allows it
357 +display this help and exit
360 +output version information and exit
362 +A mere - implies \fB\-l\fR. If USER not given, assume root.
364 +Written by David MacKenzie, Dan Walsh.
365 +.SH "REPORTING BUGS"
366 +Report bugs to <bug-coreutils@gnu.org>.
368 +Copyright \(co 2004 Free Software Foundation, Inc.
370 +This is free software; see the source for copying conditions. There is NO
371 +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
373 +Since this command is trimmed down version of su use you can use the su manual.
374 +The full documentation for
376 +is maintained as a Texinfo manual. If the
380 +programs are properly installed at your site, the command
382 +.B info coreutils su
384 +should give you access to the complete manual.