1 /* su for GNU. Run a shell with substitute user and group IDs.
2 Copyright (C) 1992-2000, 2001 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
18 /* Run a shell with the real and effective UID and GID and groups
19 of USER, default `root'.
21 The shell run is taken from USER's password entry, /bin/sh if
22 none is specified there. If the account has a password, su
23 prompts for a password unless run by a user with real UID 0.
25 Does not change the current directory.
26 Sets `HOME' and `SHELL' from the password entry for USER, and if
27 USER is not root, sets `USER' and `LOGNAME' to USER.
28 The subshell is not a login shell.
30 If one or more ARGs are given, they are passed as additional
31 arguments to the subshell.
33 Does not handle /bin/sh or other shells specially
34 (setting argv[0] to "-su", passing -c only to certain shells, etc.).
35 I don't see the point in doing that, and it's ugly.
37 This program intentionally does not support a "wheel group" that
38 restricts who can su to UID 0 accounts. RMS considers that to
42 -, -l, --login Make the subshell a login shell.
43 Unset all environment variables except
44 TERM, HOME and SHELL (set as above), and USER
45 and LOGNAME (set unconditionally as above), and
46 set PATH to a default value.
47 Change to USER's home directory.
48 Prepend "-" to the shell's name.
49 -c, --commmand=COMMAND
50 Pass COMMAND to the subshell with a -c option
51 instead of starting an interactive shell.
52 -f, --fast Pass the -f option to the subshell.
53 -m, -p, --preserve-environment
54 Do not change HOME, USER, LOGNAME, SHELL.
55 Run $SHELL instead of USER's shell from /etc/passwd
56 unless not the superuser and USER's shell is
58 Overridden by --login and --shell.
59 -s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
60 unless not the superuser and USER's shell is
64 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
65 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
67 -DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
68 Never logs attempted su's to nonexistent accounts.
70 Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
75 #include <sys/types.h>
79 /* Hide any system prototype for getusershell.
80 This is necessary because some Cray systems have a conflicting
81 prototype (returning `int') in <unistd.h>. */
82 #define getusershell _getusershell_sys_proto_
90 #if HAVE_SYSLOG_H && HAVE_SYSLOG
93 # undef SYSLOG_SUCCESS
94 # undef SYSLOG_FAILURE
95 # undef SYSLOG_NON_ROOT
99 # include <sys/param.h>
102 #ifndef HAVE_ENDGRENT
103 # define endgrent() ((void) 0)
106 #ifndef HAVE_ENDPWENT
107 # define endpwent() ((void) 0)
116 /* The official name of this program (e.g., no `g' prefix). */
117 #define PROGRAM_NAME "su"
119 #define AUTHORS "David MacKenzie"
125 /* The default PATH for simulated logins to non-superuser accounts. */
127 # define DEFAULT_LOGIN_PATH _PATH_DEFPATH
129 # define DEFAULT_LOGIN_PATH ":/usr/ucb:/bin:/usr/bin"
132 /* The default PATH for simulated logins to superuser accounts. */
133 #ifdef _PATH_DEFPATH_ROOT
134 # define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT
136 # define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
139 /* The shell to run if none is given in the user's passwd entry. */
140 #define DEFAULT_SHELL "/bin/sh"
142 /* The user to become if none is specified. */
143 #define DEFAULT_USER "root"
147 char *getusershell ();
148 void endusershell ();
149 void setusershell ();
151 extern char **environ;
153 static void run_shell (const char *, const char *, char **)
156 /* The name this program was run with. */
159 /* If nonzero, pass the `-f' option to the subshell. */
160 static int fast_startup;
162 /* If nonzero, simulate a login instead of just starting a shell. */
163 static int simulate_login;
165 /* If nonzero, change some environment vars to indicate the user su'd to. */
166 static int change_environment;
168 static struct option const longopts[] =
170 {"command", required_argument, 0, 'c'},
171 {"fast", no_argument, NULL, 'f'},
172 {"login", no_argument, NULL, 'l'},
173 {"preserve-environment", no_argument, &change_environment, 0},
174 {"shell", required_argument, 0, 's'},
175 {GETOPT_HELP_OPTION_DECL},
176 {GETOPT_VERSION_OPTION_DECL},
180 /* Add VAL to the environment, checking for out of memory errors. */
189 /* Return a newly-allocated string whose contents concatenate
190 those of S1, S2, S3. */
193 concat (const char *s1, const char *s2, const char *s3)
195 int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
196 char *result = (char *) xmalloc (len1 + len2 + len3 + 1);
199 strcpy (result + len1, s2);
200 strcpy (result + len1 + len2, s3);
201 result[len1 + len2 + len3] = 0;
206 /* Return the number of elements in ARR, a null-terminated array. */
209 elements (char **arr)
213 for (n = 0; *arr; ++arr)
218 #if defined (SYSLOG_SUCCESS) || defined (SYSLOG_FAILURE)
219 /* Log the fact that someone has run su to the user given by PW;
220 if SUCCESSFUL is nonzero, they gave the correct password, etc. */
223 log_su (const struct passwd *pw, int successful)
225 const char *new_user, *old_user, *tty;
227 # ifndef SYSLOG_NON_ROOT
231 new_user = pw->pw_name;
232 /* The utmp entry (via getlogin) is probably the best way to identify
233 the user, especially if someone su's from a su-shell. */
234 old_user = getlogin ();
235 if (old_user == NULL)
237 /* getlogin can fail -- usually due to lack of utmp entry.
238 Resort to getpwuid. */
239 struct passwd *pwd = getpwuid (getuid ());
240 old_user = (pwd ? pwd->pw_name : "");
245 /* 4.2BSD openlog doesn't have the third parameter. */
246 openlog (base_name (program_name), 0
252 # ifdef SYSLOG_NON_ROOT
253 "%s(to %s) %s on %s",
257 successful ? "" : "FAILED SU ",
258 # ifdef SYSLOG_NON_ROOT
266 /* Ask the user for a password.
267 Return 1 if the user gives the correct password for entry PW,
268 0 if not. Return 1 without asking for a password if run by UID 0
269 or if PW has an empty password. */
272 correct_password (const struct passwd *pw)
274 char *unencrypted, *encrypted, *correct;
275 #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
276 /* Shadow passwd stuff for SVR3 and maybe other systems. */
277 struct spwd *sp = getspnam (pw->pw_name);
281 correct = sp->sp_pwdp;
284 correct = pw->pw_passwd;
286 if (getuid () == 0 || correct == 0 || correct[0] == '\0')
289 unencrypted = getpass (_("Password:"));
290 if (unencrypted == NULL)
292 error (0, 0, _("getpass: cannot open /dev/tty"));
295 encrypted = crypt (unencrypted, correct);
296 memset (unencrypted, 0, strlen (unencrypted));
297 return strcmp (encrypted, correct) == 0;
300 /* Update `environ' for the new shell based on PW, with SHELL being
301 the value for the SHELL environment variable. */
304 modify_environment (const struct passwd *pw, const char *shell)
310 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
311 Unset all other environment variables. */
312 term = getenv ("TERM");
313 environ = (char **) xmalloc (2 * sizeof (char *));
316 xputenv (concat ("TERM", "=", term));
317 xputenv (concat ("HOME", "=", pw->pw_dir));
318 xputenv (concat ("SHELL", "=", shell));
319 xputenv (concat ("USER", "=", pw->pw_name));
320 xputenv (concat ("LOGNAME", "=", pw->pw_name));
321 xputenv (concat ("PATH", "=", (pw->pw_uid
323 : DEFAULT_ROOT_LOGIN_PATH)));
327 /* Set HOME, SHELL, and if not becoming a super-user,
329 if (change_environment)
331 xputenv (concat ("HOME", "=", pw->pw_dir));
332 xputenv (concat ("SHELL", "=", shell));
335 xputenv (concat ("USER", "=", pw->pw_name));
336 xputenv (concat ("LOGNAME", "=", pw->pw_name));
342 /* Become the user and group(s) specified by PW. */
345 change_identity (const struct passwd *pw)
347 #ifdef HAVE_INITGROUPS
349 if (initgroups (pw->pw_name, pw->pw_gid) == -1)
350 error (1, errno, _("cannot set groups"));
353 if (setgid (pw->pw_gid))
354 error (1, errno, _("cannot set group id"));
355 if (setuid (pw->pw_uid))
356 error (1, errno, _("cannot set user id"));
359 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
360 If COMMAND is nonzero, pass it to the shell with the -c option.
361 If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
365 run_shell (const char *shell, const char *command, char **additional_args)
371 args = (const char **) xmalloc (sizeof (char *)
372 * (10 + elements (additional_args)));
374 args = (const char **) xmalloc (sizeof (char *) * 10);
378 char *shell_basename;
380 shell_basename = base_name (shell);
381 arg0 = xmalloc (strlen (shell_basename) + 2);
383 strcpy (arg0 + 1, shell_basename);
387 args[0] = base_name (shell);
389 args[argno++] = "-f";
392 args[argno++] = "-c";
393 args[argno++] = command;
396 for (; *additional_args; ++additional_args)
397 args[argno++] = *additional_args;
399 execv (shell, (char **) args);
400 error (0, errno, _("cannot run %s"), shell);
404 /* Return 1 if SHELL is a restricted shell (one not returned by
405 getusershell), else 0, meaning it is a standard shell. */
408 restricted_shell (const char *shell)
413 while ((line = getusershell ()) != NULL)
415 if (*line != '#' && strcmp (line, shell) == 0)
429 fprintf (stderr, _("Try `%s --help' for more information.\n"),
433 printf (_("Usage: %s [OPTION]... [-] [USER [ARG]...]\n"), program_name);
435 Change the effective user id and group id to that of USER.\n\
437 -, -l, --login make the shell a login shell\n\
438 -c, --commmand=COMMAND pass a single COMMAND to the shell with -c\n\
439 -f, --fast pass -f to the shell (for csh or tcsh)\n\
440 -m, --preserve-environment do not reset environment variables\n\
442 -s, --shell=SHELL run SHELL if /etc/shells allows it\n\
444 fputs (HELP_OPTION_DESCRIPTION, stdout);
445 fputs (VERSION_OPTION_DESCRIPTION, stdout);
448 A mere - implies -l. If USER not given, assume root.\n\
450 puts (_("\nReport bugs to <bug-sh-utils@gnu.org>."));
457 main (int argc, char **argv)
460 const char *new_user = DEFAULT_USER;
462 char **additional_args = 0;
465 struct passwd pw_copy;
467 program_name = argv[0];
468 setlocale (LC_ALL, "");
469 bindtextdomain (PACKAGE, LOCALEDIR);
470 textdomain (PACKAGE);
474 change_environment = 1;
476 while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
497 change_environment = 0;
504 case_GETOPT_HELP_CHAR;
506 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
513 if (optind < argc && !strcmp (argv[optind], "-"))
519 new_user = argv[optind++];
521 additional_args = argv + optind;
523 pw = getpwnam (new_user);
525 error (1, 0, _("user %s does not exist"), new_user);
528 /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
529 is a username that is retrieved via NIS (YP), but that doesn't have
530 a default shell listed. */
531 if (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
532 pw->pw_shell = (char *) DEFAULT_SHELL;
534 /* Make a copy of the password information and point pw at the local
535 copy instead. Otherwise, some systems (e.g. Linux) would clobber
536 the static data through the getlogin call from log_su. */
539 pw->pw_name = xstrdup (pw->pw_name);
540 pw->pw_dir = xstrdup (pw->pw_dir);
541 pw->pw_shell = xstrdup (pw->pw_shell);
543 if (!correct_password (pw))
545 #ifdef SYSLOG_FAILURE
548 error (1, 0, _("incorrect password"));
550 #ifdef SYSLOG_SUCCESS
557 if (shell == 0 && change_environment == 0)
558 shell = getenv ("SHELL");
559 if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
561 /* The user being su'd to has a nonstandard shell, and so is
562 probably a uucp account or has restricted access. Don't
563 compromise the account by allowing access with a standard
565 error (0, 0, _("using restricted shell %s"), pw->pw_shell);
570 shell = xstrdup (pw->pw_shell);
572 modify_environment (pw, shell);
574 change_identity (pw);
575 if (simulate_login && chdir (pw->pw_dir))
576 error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
578 run_shell (shell, command, additional_args);