add runuser as a su replacement for init scripts

2004-09-28 21:27:20 +00:00 · 2004-09-28 21:27:20 +00:00 · b8790364b2
parent 2d21639373
commit b8790364b2
2 changed files with 191 additions and 5 deletions
--- a/coreutils-5.2.1-runuser.patch
+++ b/coreutils-5.2.1-runuser.patch
@ -0,0 +1,185 @@
+--- /dev/null	2004-09-27 09:59:52.239792360 -0400
+++ coreutils-5.2.1/man/runuser.1	2004-09-28 16:15:57.819068795 -0400
+@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.33.
+.TH SU "1" "September 2004" "su (coreutils) 5.2.1" "User Commands"
+.SH NAME
+runuser \- run a shell with substitute user and group IDs
+.SH SYNOPSIS
+.B runuser
+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
+.SH DESCRIPTION
+.\" Add any additional description here
+.PP
+Change the effective user id and group id to that of USER.
+.TP
+-, \fB\-l\fR, \fB\-\-login\fR
+make the shell a login shell
+.TP
+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
+pass a single COMMAND to the shell with \fB\-c\fR
+.TP
+\fB\-f\fR, \fB\-\-fast\fR
+pass \fB\-f\fR to the shell (for csh or tcsh)
+.TP
+\fB\-m\fR, \fB\-\-preserve\-environment\fR
+do not reset environment variables
+.TP
+\fB\-p\fR
+same as \fB\-m\fR
+.TP
+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
+run SHELL if /etc/shells allows it
+.TP
+\fB\-\-help\fR
+display this help and exit
+.TP
+\fB\-\-version\fR
+output version information and exit
+.PP
+A mere - implies \fB\-l\fR.   If USER not given, assume root.
+.SH AUTHOR
+Written by David MacKenzie.
+.SH "REPORTING BUGS"
+Report bugs to <bug-coreutils@gnu.org>.
+.SH COPYRIGHT
+Copyright \(co 2004 Free Software Foundation, Inc.
+.br
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH "SEE ALSO"
+The full documentation for
+.B su
+is maintained as a Texinfo manual.  If the
+.B info
+and
+.B su
+programs are properly installed at your site, the command
+.IP
+.B info coreutils runuser
+.PP
+should give you access to the complete manual.
+--- coreutils-5.2.1/man/Makefile.am.runuser	2004-09-28 15:33:53.401051627 -0400
+++ coreutils-5.2.1/man/Makefile.am	2004-09-28 16:15:37.500277206 -0400
+@@ -10,7 +10,7 @@
+   rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
+   su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
+   tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
+-  who.1 whoami.1 yes.1 chcon.1 runcon.1
+  who.1 whoami.1 yes.1 chcon.1 runcon.1 runuser.1
+ 
+ man_aux = $(dist_man_MANS:.1=.x)
+ 
+@@ -114,6 +114,7 @@
+ yes.1:		$(common_dep)	$(srcdir)/yes.x		../src/yes.c
+ chcon.1:	$(common_dep)	$(srcdir)/chcon.x	../src/chcon.c
+ runcon.1:	$(common_dep)	$(srcdir)/runcon.x	../src/runcon.c
+runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/runuser.c
+ 
+ SUFFIXES = .x .1
+ 
+--- /dev/null	2004-09-27 09:59:52.239792360 -0400
+++ coreutils-5.2.1/man/runuser.x	2004-09-28 15:33:53.432048372 -0400
+@@ -0,0 +1,4 @@
+[NAME]
+runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
+--- coreutils-5.2.1/README.runuser	2004-09-28 15:33:53.421049527 -0400
+++ coreutils-5.2.1/README	2004-09-28 16:12:26.157032857 -0400
+@@ -11,7 +11,7 @@
+   df dir dircolors dirname du echo env expand expr factor false fmt fold
+   ginstall groups head hostid hostname id join kill link ln logname ls
+   md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
+-  printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort
+  printenv printf ptx pwd readlink rm rmdir runcon runuser seq sha1sum shred sleep sort
+   split stat stty su sum sync tac tail tee test touch tr true tsort tty
+   uname unexpand uniq unlink uptime users vdir wc who whoami yes
+ 
+--- coreutils-5.2.1/tests/help-version.runuser	2004-09-28 15:33:53.360055931 -0400
+++ coreutils-5.2.1/tests/help-version	2004-09-28 16:13:35.863480264 -0400
+@@ -132,6 +132,7 @@
+ seq_args=10
+ sleep_args=0
+ su_args=--version
+runuser_args=--version
+ test_args=foo
+ 
+ # This is necessary in the unusual event that there is
+--- coreutils-5.2.1/src/su.c.runuser	2004-09-28 15:33:53.109082284 -0400
+++ coreutils-5.2.1/src/su.c	2004-09-28 15:33:53.437047847 -0400
+@@ -171,6 +171,10 @@
+ #ifndef USE_PAM
+ char *crypt ();
+ #endif
+#ifndef CHECKPASSWD
+#define CHECKPASSWD 1
+#endif
+
+ char *getpass ();
+ char *getusershell ();
+ void endusershell ();
+@@ -740,7 +744,7 @@
+   pw->pw_dir = xstrdup (pw->pw_dir);
+   pw->pw_shell = xstrdup (pw->pw_shell);
+ 
+-  if (!correct_password (pw))
+  if (CHECKPASSWD && !correct_password (pw))
+     {
+ #ifdef SYSLOG_FAILURE
+       log_su (pw, 0);
+--- coreutils-5.2.1/src/Makefile.am.runuser	2004-09-28 15:33:53.377054147 -0400
+++ coreutils-5.2.1/src/Makefile.am	2004-09-28 15:33:53.435048057 -0400
+@@ -9,7 +9,7 @@
+   cat cksum comm csplit cut expand fmt fold head join md5sum \
+   nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
+   basename date dirname echo env expr factor false \
+-  hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
+  hostname id kill logname pathchk printenv printf pwd runcon runuser seq sleep tee \
+   test true tty whoami yes \
+   $(OPTIONAL_BIN_PROGS) $(DF_PROG)
+ 
+@@ -74,6 +74,7 @@
+ uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
+ 
+ su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) 
+ 
+ $(PROGRAMS): ../lib/libfetish.a
+ 
+--- /dev/null	2004-09-27 09:59:52.239792360 -0400
+++ coreutils-5.2.1/src/runuser.c	2004-09-28 15:33:53.434048162 -0400
+@@ -0,0 +1,33 @@
+#define CHECKPASSWD 0
+#define pam_start my_pam_start
+#define pam_end my_pam_end
+#define pam_setcred my_pam_setcred
+#define pam_open_session my_pam_open_session
+#define pam_close_session my_pam_close_session
+#define pam_strerror my_pam_strerror
+#define pam_getenvlist my_pam_getenvlist
+#include "su.c"
+int pam_start(const char *service_name, const char *user,
+		     const struct pam_conv *pam_conversation,
+	      pam_handle_t **pamh) {
+	return PAM_SUCCESS;
+}
+int pam_end(pam_handle_t *pamh, int pam_status) {
+	return PAM_SUCCESS;
+}
+int pam_setcred(pam_handle_t *pamh, int flags){
+	return PAM_SUCCESS;
+}
+int pam_open_session(pam_handle_t *pamh, int flags){
+	return PAM_SUCCESS;
+}
+int pam_close_session(pam_handle_t *pamh, int flags){
+	return PAM_SUCCESS;
+}
+const char *pam_strerror(pam_handle_t *pamh, int err){
+	return "";
+}
+char **pam_getenvlist(pam_handle_t *pamh){
+	return NULL;
+}
+
--- a/coreutils.spec
+++ b/coreutils.spec
@ -4,7 +4,7 @@
 Summary: The GNU core utilities: a set of tools commonly used in shell scripts
 Name:    coreutils
 Version: 5.2.1
-Release: 25
+Release: 26
 License: GPL
 Group:   System Environment/Base
 Url:     ftp://alpha.gnu.org/gnu/coreutils/
@ -52,9 +52,8 @@ Patch922: coreutils-rmaccess.patch
 Patch923: coreutils-copy.patch

 #SELINUX Patch
-%if %{WITH_SELINUX}
 Patch950: coreutils-selinux.patch
-%endif
+Patch951: coreutils-5.2.1-runuser.patch

 BuildRoot: %_tmppath/%{name}-root
 BuildRequires:	gettext libtermcap-devel bison
@ -111,10 +110,9 @@ the old GNU fileutils, sh-utils, and textutils packages.
 %patch922 -p1 -b .rmaccess
 %patch923 -p1 -b .copy

-%if %{WITH_SELINUX}
 #SELinux
 %patch950 -p1 -b .selinux
-%endif
+%patch951 -p1 -b .runuser


 # Don't run basic-1 test, since it breaks when run in the background
@ -246,6 +244,9 @@ fi
 %_sbindir/chroot

 %changelog
+* Fri Sep 24 2004 Dan Walsh <dwalsh@redhat.com> 5.2.1-26
+- Add runuser as similar to su, but only runable by root
+
 * Fri Sep 24 2004 Tim Waugh <twaugh@redhat.com> 5.2.1-25
 - chown(1) patch from Ulrich Drepper.