1 /* su for GNU. Run a shell with substitute user and group IDs.
2 Copyright (C) 92, 93, 94, 1995 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
18 /* Run a shell with the real and effective UID and GID and groups
19 of USER, default `root'.
21 The shell run is taken from USER's password entry, /bin/sh if
22 none is specified there. If the account has a password, su
23 prompts for a password unless run by a user with real UID 0.
25 Does not change the current directory.
26 Sets `HOME' and `SHELL' from the password entry for USER, and if
27 USER is not root, sets `USER' and `LOGNAME' to USER.
28 The subshell is not a login shell.
30 If one or more ARGs are given, they are passed as additional
31 arguments to the subshell.
33 Does not handle /bin/sh or other shells specially
34 (setting argv[0] to "-su", passing -c only to certain shells, etc.).
35 I don't see the point in doing that, and it's ugly.
37 This program intentionally does not support a "wheel group" that
38 restricts who can su to UID 0 accounts. RMS considers that to
42 -, -l, --login Make the subshell a login shell.
43 Unset all environment variables except
44 TERM, HOME and SHELL (set as above), and USER
45 and LOGNAME (set unconditionally as above), and
46 set PATH to a default value.
47 Change to USER's home directory.
48 Prepend "-" to the shell's name.
49 -c, --commmand=COMMAND
50 Pass COMMAND to the subshell with a -c option
51 instead of starting an interactive shell.
52 -f, --fast Pass the -f option to the subshell.
53 -m, -p, --preserve-environment
54 Do not change HOME, USER, LOGNAME, SHELL.
55 Run $SHELL instead of USER's shell from /etc/passwd
56 unless not the superuser and USER's shell is
58 Overridden by --login and --shell.
59 -s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
60 unless not the superuser and USER's shell is
64 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
65 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
67 -DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
68 Never logs attempted su's to nonexistent accounts.
70 Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
75 #include <sys/types.h>
80 #if defined(HAVE_SYSLOG_H) && defined(HAVE_SYSLOG)
82 static void log_su ();
83 #else /* !HAVE_SYSLOG_H */
90 #ifdef SYSLOG_NON_ROOT
91 #undef SYSLOG_NON_ROOT
93 #endif /* !HAVE_SYSLOG_H */
97 #else /* not _POSIX_VERSION */
98 struct passwd *getpwuid ();
99 struct group *getgrgid ();
101 #include <sys/param.h>
102 #endif /* not _POSIX_VERSION */
104 #ifndef HAVE_ENDGRENT
105 # define endgrent() ((void) 0)
108 #ifndef HAVE_ENDPWENT
109 # define endpwent() ((void) 0)
119 /* The default PATH for simulated logins to non-superuser accounts. */
120 #define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin"
122 /* The default PATH for simulated logins to superuser accounts. */
123 #define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
125 /* The shell to run if none is given in the user's passwd entry. */
126 #define DEFAULT_SHELL "/bin/sh"
128 /* The user to become if none is specified. */
129 #define DEFAULT_USER "root"
133 char *getusershell ();
134 void endusershell ();
135 void setusershell ();
142 static char *concat ();
143 static int correct_password ();
144 static int elements ();
145 static int restricted_shell ();
146 static void change_identity ();
147 static void modify_environment ();
148 static void run_shell ();
149 static void usage ();
150 static void xputenv ();
152 extern char **environ;
154 /* The name this program was run with. */
157 /* If nonzero, display usage information and exit. */
158 static int show_help;
160 /* If nonzero, print the version on standard output and exit. */
161 static int show_version;
163 /* If nonzero, pass the `-f' option to the subshell. */
164 static int fast_startup;
166 /* If nonzero, simulate a login instead of just starting a shell. */
167 static int simulate_login;
169 /* If nonzero, change some environment vars to indicate the user su'd to. */
170 static int change_environment;
172 static struct option const longopts[] =
174 {"command", required_argument, 0, 'c'},
175 {"fast", no_argument, &fast_startup, 1},
176 {"help", no_argument, &show_help, 1},
177 {"login", no_argument, &simulate_login, 1},
178 {"preserve-environment", no_argument, &change_environment, 0},
179 {"shell", required_argument, 0, 's'},
180 {"version", no_argument, &show_version, 1},
190 const char *new_user = DEFAULT_USER;
192 char **additional_args = 0;
195 struct passwd pw_copy;
197 program_name = argv[0];
200 change_environment = 1;
202 while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, (int *) 0))
224 change_environment = 0;
238 printf ("su - %s\n", version_string);
245 if (optind < argc && !strcmp (argv[optind], "-"))
251 new_user = argv[optind++];
253 additional_args = argv + optind;
255 pw = getpwnam (new_user);
257 error (1, 0, _("user %s does not exist"), new_user);
260 /* Make a copy of the password information and point pw at the local
261 copy instead. Otherwise, some systems (e.g. Linux) would clobber
262 the static data through the getlogin call from log_su. */
265 pw->pw_name = xstrdup (pw->pw_name);
266 pw->pw_dir = xstrdup (pw->pw_dir);
267 pw->pw_shell = xstrdup (pw->pw_shell);
269 if (!correct_password (pw))
271 #ifdef SYSLOG_FAILURE
274 error (1, 0, _("incorrect password"));
276 #ifdef SYSLOG_SUCCESS
283 if (pw->pw_shell == 0 || pw->pw_shell[0] == 0)
284 pw->pw_shell = (char *) DEFAULT_SHELL;
285 if (shell == 0 && change_environment == 0)
286 shell = getenv ("SHELL");
287 if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
289 /* The user being su'd to has a nonstandard shell, and so is
290 probably a uucp account or has restricted access. Don't
291 compromise the account by allowing access with a standard
293 error (0, 0, _("using restricted shell %s"), pw->pw_shell);
298 shell = xstrdup (pw->pw_shell);
300 modify_environment (pw, shell);
302 change_identity (pw);
303 if (simulate_login && chdir (pw->pw_dir))
304 error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
306 run_shell (shell, command, additional_args);
309 /* Ask the user for a password.
310 Return 1 if the user gives the correct password for entry PW,
311 0 if not. Return 1 without asking for a password if run by UID 0
312 or if PW has an empty password. */
315 correct_password (pw)
318 char *unencrypted, *encrypted, *correct;
320 /* Shadow passwd stuff for SVR3 and maybe other systems. */
321 struct spwd *sp = getspnam (pw->pw_name);
325 correct = sp->sp_pwdp;
328 correct = pw->pw_passwd;
330 if (getuid () == 0 || correct == 0 || correct[0] == '\0')
333 unencrypted = getpass (_("Password:"));
334 if (unencrypted == NULL)
336 error (0, 0, _("getpass: cannot open /dev/tty"));
339 encrypted = crypt (unencrypted, correct);
340 memset (unencrypted, 0, strlen (unencrypted));
341 return strcmp (encrypted, correct) == 0;
344 /* Update `environ' for the new shell based on PW, with SHELL being
345 the value for the SHELL environment variable. */
348 modify_environment (pw, shell)
356 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
357 Unset all other environment variables. */
358 term = getenv ("TERM");
359 environ = (char **) xmalloc (2 * sizeof (char *));
362 xputenv (concat ("TERM", "=", term));
363 xputenv (concat ("HOME", "=", pw->pw_dir));
364 xputenv (concat ("SHELL", "=", shell));
365 xputenv (concat ("USER", "=", pw->pw_name));
366 xputenv (concat ("LOGNAME", "=", pw->pw_name));
367 xputenv (concat ("PATH", "=", pw->pw_uid
368 ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH));
372 /* Set HOME, SHELL, and if not becoming a super-user,
374 if (change_environment)
376 xputenv (concat ("HOME", "=", pw->pw_dir));
377 xputenv (concat ("SHELL", "=", shell));
380 xputenv (concat ("USER", "=", pw->pw_name));
381 xputenv (concat ("LOGNAME", "=", pw->pw_name));
387 /* Become the user and group(s) specified by PW. */
393 #ifdef HAVE_INITGROUPS
395 if (initgroups (pw->pw_name, pw->pw_gid) == -1)
396 error (1, errno, _("cannot set groups"));
399 if (setgid (pw->pw_gid))
400 error (1, errno, _("cannot set group id"));
401 if (setuid (pw->pw_uid))
402 error (1, errno, _("cannot set user id"));
405 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
406 If COMMAND is nonzero, pass it to the shell with the -c option.
407 If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
411 run_shell (shell, command, additional_args)
414 char **additional_args;
420 args = (const char **) xmalloc (sizeof (char *)
421 * (10 + elements (additional_args)));
423 args = (const char **) xmalloc (sizeof (char *) * 10);
427 char *shell_basename;
429 shell_basename = basename (shell);
430 arg0 = xmalloc (strlen (shell_basename) + 2);
432 strcpy (arg0 + 1, shell_basename);
436 args[0] = basename (shell);
438 args[argno++] = "-f";
441 args[argno++] = "-c";
442 args[argno++] = command;
445 for (; *additional_args; ++additional_args)
446 args[argno++] = *additional_args;
448 execv (shell, (char **) args);
449 error (1, errno, _("cannot run %s"), shell);
452 #if defined (SYSLOG_SUCCESS) || defined (SYSLOG_FAILURE)
453 /* Log the fact that someone has run su to the user given by PW;
454 if SUCCESSFUL is nonzero, they gave the correct password, etc. */
457 log_su (pw, successful)
461 const char *new_user, *old_user, *tty;
463 #ifndef SYSLOG_NON_ROOT
467 new_user = pw->pw_name;
468 /* The utmp entry (via getlogin) is probably the best way to identify
469 the user, especially if someone su's from a su-shell. */
470 old_user = getlogin ();
471 if (old_user == NULL)
476 /* 4.2BSD openlog doesn't have the third parameter. */
477 openlog (basename (program_name), 0
483 #ifdef SYSLOG_NON_ROOT
484 "%s(to %s) %s on %s",
488 successful ? "" : "FAILED SU ",
489 #ifdef SYSLOG_NON_ROOT
497 /* Return 1 if SHELL is a restricted shell (one not returned by
498 getusershell), else 0, meaning it is a standard shell. */
501 restricted_shell (shell)
507 while ((line = getusershell ()) != NULL)
509 if (*line != '#' && strcmp (line, shell) == 0)
519 /* Return the number of elements in ARR, a null-terminated array. */
527 for (n = 0; *arr; ++arr)
532 /* Add VAL to the environment, checking for out of memory errors. */
539 error (1, 0, _("virtual memory exhausted"));
542 /* Return a newly-allocated string whose contents concatenate
543 those of S1, S2, S3. */
549 int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
550 char *result = (char *) xmalloc (len1 + len2 + len3 + 1);
553 strcpy (result + len1, s2);
554 strcpy (result + len1 + len2, s3);
555 result[len1 + len2 + len3] = 0;
565 fprintf (stderr, _("Try `%s --help' for more information.\n"),
569 printf (_("Usage: %s [OPTION]... [-] [USER [ARG]...]\n"), program_name);
571 Change the effective user id and group id to that of USER.\n\
573 -, -l, --login make the shell a login shell\n\
574 -c, --commmand=COMMAND pass a single COMMAND to the shell with -c\n\
575 -f, --fast pass -f to the shell (for csh or tcsh)\n\
576 -m, --preserve-environment do not reset environment variables\n\
578 -s, --shell=SHELL run SHELL if /etc/shells allows it\n\
579 --help display this help and exit\n\
580 --version output version information and exit\n\
582 A mere - implies -l. If USER not given, assume root.\n\
projects / platform / upstream / coreutils.git / blob