1 /* su for GNU. Run a shell with substitute user and group IDs.
2 Copyright (C) 92, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
18 /* Run a shell with the real and effective UID and GID and groups
19 of USER, default `root'.
21 The shell run is taken from USER's password entry, /bin/sh if
22 none is specified there. If the account has a password, su
23 prompts for a password unless run by a user with real UID 0.
25 Does not change the current directory.
26 Sets `HOME' and `SHELL' from the password entry for USER, and if
27 USER is not root, sets `USER' and `LOGNAME' to USER.
28 The subshell is not a login shell.
30 If one or more ARGs are given, they are passed as additional
31 arguments to the subshell.
33 Does not handle /bin/sh or other shells specially
34 (setting argv[0] to "-su", passing -c only to certain shells, etc.).
35 I don't see the point in doing that, and it's ugly.
37 This program intentionally does not support a "wheel group" that
38 restricts who can su to UID 0 accounts. RMS considers that to
42 -, -l, --login Make the subshell a login shell.
43 Unset all environment variables except
44 TERM, HOME and SHELL (set as above), and USER
45 and LOGNAME (set unconditionally as above), and
46 set PATH to a default value.
47 Change to USER's home directory.
48 Prepend "-" to the shell's name.
49 -c, --commmand=COMMAND
50 Pass COMMAND to the subshell with a -c option
51 instead of starting an interactive shell.
52 -f, --fast Pass the -f option to the subshell.
53 -m, -p, --preserve-environment
54 Do not change HOME, USER, LOGNAME, SHELL.
55 Run $SHELL instead of USER's shell from /etc/passwd
56 unless not the superuser and USER's shell is
58 Overridden by --login and --shell.
59 -s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
60 unless not the superuser and USER's shell is
64 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
65 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
67 -DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
68 Never logs attempted su's to nonexistent accounts.
70 Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
75 #include <sys/types.h>
79 /* Hide any system prototype for getusershell.
80 This is necessary because some Cray systems have a conflicting
81 prototype (returning `int') in <unistd.h>. */
82 #define getusershell _getusershell_sys_proto_
88 #if HAVE_SYSLOG_H && HAVE_SYSLOG
91 # undef SYSLOG_SUCCESS
92 # undef SYSLOG_FAILURE
93 # undef SYSLOG_NON_ROOT
96 #ifndef _POSIX_VERSION
97 struct passwd *getpwuid ();
98 struct group *getgrgid ();
100 # include <sys/param.h>
101 #endif /* not _POSIX_VERSION */
103 #ifndef HAVE_ENDGRENT
104 # define endgrent() ((void) 0)
107 #ifndef HAVE_ENDPWENT
108 # define endpwent() ((void) 0)
121 /* The default PATH for simulated logins to non-superuser accounts. */
123 # define DEFAULT_LOGIN_PATH _PATH_DEFPATH
125 # define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin"
128 /* The default PATH for simulated logins to superuser accounts. */
129 #ifdef _PATH_DEFPATH_ROOT
130 # define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT
132 # define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
135 /* The shell to run if none is given in the user's passwd entry. */
136 #define DEFAULT_SHELL "/bin/sh"
138 /* The user to become if none is specified. */
139 #define DEFAULT_USER "root"
143 char *getusershell ();
144 void endusershell ();
145 void setusershell ();
150 extern char **environ;
152 /* The name this program was run with. */
155 /* If nonzero, display usage information and exit. */
156 static int show_help;
158 /* If nonzero, print the version on standard output and exit. */
159 static int show_version;
161 /* If nonzero, pass the `-f' option to the subshell. */
162 static int fast_startup;
164 /* If nonzero, simulate a login instead of just starting a shell. */
165 static int simulate_login;
167 /* If nonzero, change some environment vars to indicate the user su'd to. */
168 static int change_environment;
170 static struct option const longopts[] =
172 {"command", required_argument, 0, 'c'},
173 {"fast", no_argument, NULL, 'f'},
174 {"help", no_argument, &show_help, 1},
175 {"login", no_argument, NULL, 'l'},
176 {"preserve-environment", no_argument, &change_environment, 0},
177 {"shell", required_argument, 0, 's'},
178 {"version", no_argument, &show_version, 1},
182 /* Add VAL to the environment, checking for out of memory errors. */
185 xputenv (const char *val)
188 error (1, 0, _("virtual memory exhausted"));
191 /* Return a newly-allocated string whose contents concatenate
192 those of S1, S2, S3. */
195 concat (const char *s1, const char *s2, const char *s3)
197 int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
198 char *result = (char *) xmalloc (len1 + len2 + len3 + 1);
201 strcpy (result + len1, s2);
202 strcpy (result + len1 + len2, s3);
203 result[len1 + len2 + len3] = 0;
208 /* Return the number of elements in ARR, a null-terminated array. */
211 elements (char **arr)
215 for (n = 0; *arr; ++arr)
220 #if defined (SYSLOG_SUCCESS) || defined (SYSLOG_FAILURE)
221 /* Log the fact that someone has run su to the user given by PW;
222 if SUCCESSFUL is nonzero, they gave the correct password, etc. */
225 log_su (const struct passwd *pw, int successful)
227 const char *new_user, *old_user, *tty;
229 # ifndef SYSLOG_NON_ROOT
233 new_user = pw->pw_name;
234 /* The utmp entry (via getlogin) is probably the best way to identify
235 the user, especially if someone su's from a su-shell. */
236 old_user = getlogin ();
237 if (old_user == NULL)
239 /* getlogin can fail -- usually due to lack of utmp entry.
240 Resort to getpwuid. */
241 struct passwd *pwd = getpwuid (getuid ());
242 old_user = (pwd ? pwd->pw_name : "");
247 /* 4.2BSD openlog doesn't have the third parameter. */
248 openlog (base_name (program_name), 0
254 # ifdef SYSLOG_NON_ROOT
255 "%s(to %s) %s on %s",
259 successful ? "" : "FAILED SU ",
260 # ifdef SYSLOG_NON_ROOT
268 /* Ask the user for a password.
269 Return 1 if the user gives the correct password for entry PW,
270 0 if not. Return 1 without asking for a password if run by UID 0
271 or if PW has an empty password. */
274 correct_password (const struct passwd *pw)
276 char *unencrypted, *encrypted, *correct;
278 /* Shadow passwd stuff for SVR3 and maybe other systems. */
279 struct spwd *sp = getspnam (pw->pw_name);
283 correct = sp->sp_pwdp;
286 correct = pw->pw_passwd;
288 if (getuid () == 0 || correct == 0 || correct[0] == '\0')
291 unencrypted = getpass (_("Password:"));
292 if (unencrypted == NULL)
294 error (0, 0, _("getpass: cannot open /dev/tty"));
297 encrypted = crypt (unencrypted, correct);
298 memset (unencrypted, 0, strlen (unencrypted));
299 return strcmp (encrypted, correct) == 0;
302 /* Update `environ' for the new shell based on PW, with SHELL being
303 the value for the SHELL environment variable. */
306 modify_environment (const struct passwd *pw, const char *shell)
312 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
313 Unset all other environment variables. */
314 term = getenv ("TERM");
315 environ = (char **) xmalloc (2 * sizeof (char *));
318 xputenv (concat ("TERM", "=", term));
319 xputenv (concat ("HOME", "=", pw->pw_dir));
320 xputenv (concat ("SHELL", "=", shell));
321 xputenv (concat ("USER", "=", pw->pw_name));
322 xputenv (concat ("LOGNAME", "=", pw->pw_name));
323 xputenv (concat ("PATH", "=", (pw->pw_uid
325 : DEFAULT_ROOT_LOGIN_PATH)));
329 /* Set HOME, SHELL, and if not becoming a super-user,
331 if (change_environment)
333 xputenv (concat ("HOME", "=", pw->pw_dir));
334 xputenv (concat ("SHELL", "=", shell));
337 xputenv (concat ("USER", "=", pw->pw_name));
338 xputenv (concat ("LOGNAME", "=", pw->pw_name));
344 /* Become the user and group(s) specified by PW. */
347 change_identity (const struct passwd *pw)
349 #ifdef HAVE_INITGROUPS
351 if (initgroups (pw->pw_name, pw->pw_gid) == -1)
352 error (1, errno, _("cannot set groups"));
355 if (setgid (pw->pw_gid))
356 error (1, errno, _("cannot set group id"));
357 if (setuid (pw->pw_uid))
358 error (1, errno, _("cannot set user id"));
361 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
362 If COMMAND is nonzero, pass it to the shell with the -c option.
363 If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
367 run_shell (const char *shell, const char *command, char **additional_args)
373 args = (const char **) xmalloc (sizeof (char *)
374 * (10 + elements (additional_args)));
376 args = (const char **) xmalloc (sizeof (char *) * 10);
380 char *shell_basename;
382 shell_basename = base_name (shell);
383 arg0 = xmalloc (strlen (shell_basename) + 2);
385 strcpy (arg0 + 1, shell_basename);
389 args[0] = base_name (shell);
391 args[argno++] = "-f";
394 args[argno++] = "-c";
395 args[argno++] = command;
398 for (; *additional_args; ++additional_args)
399 args[argno++] = *additional_args;
401 execv (shell, (char **) args);
402 error (1, errno, _("cannot run %s"), shell);
405 /* Return 1 if SHELL is a restricted shell (one not returned by
406 getusershell), else 0, meaning it is a standard shell. */
409 restricted_shell (const char *shell)
414 while ((line = getusershell ()) != NULL)
416 if (*line != '#' && strcmp (line, shell) == 0)
430 fprintf (stderr, _("Try `%s --help' for more information.\n"),
434 printf (_("Usage: %s [OPTION]... [-] [USER [ARG]...]\n"), program_name);
436 Change the effective user id and group id to that of USER.\n\
438 -, -l, --login make the shell a login shell\n\
439 -c, --commmand=COMMAND pass a single COMMAND to the shell with -c\n\
440 -f, --fast pass -f to the shell (for csh or tcsh)\n\
441 -m, --preserve-environment do not reset environment variables\n\
443 -s, --shell=SHELL run SHELL if /etc/shells allows it\n\
444 --help display this help and exit\n\
445 --version output version information and exit\n\
447 A mere - implies -l. If USER not given, assume root.\n\
449 puts (_("\nReport bugs to <bug-sh-utils@gnu.org>."));
455 main (int argc, char **argv)
458 const char *new_user = DEFAULT_USER;
460 char **additional_args = 0;
463 struct passwd pw_copy;
465 program_name = argv[0];
466 setlocale (LC_ALL, "");
467 bindtextdomain (PACKAGE, LOCALEDIR);
468 textdomain (PACKAGE);
472 change_environment = 1;
474 while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
495 change_environment = 0;
509 printf ("su (%s) %s\n", GNU_PACKAGE, VERSION);
516 if (optind < argc && !strcmp (argv[optind], "-"))
522 new_user = argv[optind++];
524 additional_args = argv + optind;
526 pw = getpwnam (new_user);
528 error (1, 0, _("user %s does not exist"), new_user);
531 /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
532 is a username that is retrieved via NIS (YP), but that doesn't have
533 a default shell listed. */
534 if (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
535 pw->pw_shell = (char *) DEFAULT_SHELL;
537 /* Make a copy of the password information and point pw at the local
538 copy instead. Otherwise, some systems (e.g. Linux) would clobber
539 the static data through the getlogin call from log_su. */
542 pw->pw_name = xstrdup (pw->pw_name);
543 pw->pw_dir = xstrdup (pw->pw_dir);
544 pw->pw_shell = xstrdup (pw->pw_shell);
546 if (!correct_password (pw))
548 #ifdef SYSLOG_FAILURE
551 error (1, 0, _("incorrect password"));
553 #ifdef SYSLOG_SUCCESS
560 if (shell == 0 && change_environment == 0)
561 shell = getenv ("SHELL");
562 if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
564 /* The user being su'd to has a nonstandard shell, and so is
565 probably a uucp account or has restricted access. Don't
566 compromise the account by allowing access with a standard
568 error (0, 0, _("using restricted shell %s"), pw->pw_shell);
573 shell = xstrdup (pw->pw_shell);
575 modify_environment (pw, shell);
577 change_identity (pw);
578 if (simulate_login && chdir (pw->pw_dir))
579 error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
581 run_shell (shell, command, additional_args);