--- /dev/null 2005-10-10 09:36:06.437701000 +0100 +++ coreutils-5.93/man/runuser.1 2005-11-14 10:54:44.000000000 +0000 @@ -0,0 +1,59 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33. +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands" +.SH NAME +runuser \- run a shell with substitute user and group IDs, similar to su, but will not prompt for password. +.SH SYNOPSIS +.B runuser +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...] +.SH DESCRIPTION +.\" Add any additional description here +.PP +Change the effective user id and group id to that of USER. +.TP +-, \fB\-l\fR, \fB\-\-login\fR +make the shell a login shell +.TP +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR +pass a single COMMAND to the shell with \fB\-c\fR +.TP +\fB\-f\fR, \fB\-\-fast\fR +pass \fB\-f\fR to the shell (for csh or tcsh) +.TP +\fB\-m\fR, \fB\-\-preserve\-environment\fR +do not reset environment variables +.TP +\fB\-p\fR +same as \fB\-m\fR +.TP +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR +run SHELL if /etc/shells allows it +.TP +\fB\-\-help\fR +display this help and exit +.TP +\fB\-\-version\fR +output version information and exit +.PP +A mere - implies \fB\-l\fR. If USER not given, assume root. +.SH AUTHOR +Written by David MacKenzie, Dan Walsh. +.SH "REPORTING BUGS" +Report bugs to . +.SH COPYRIGHT +Copyright \(co 2004 Free Software Foundation, Inc. +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +Since this command is trimmed down version of su use you can use the su manual. +The full documentation for +.B su +is maintained as a Texinfo manual. If the +.B info +and +.B su +programs are properly installed at your site, the command +.IP +.B info coreutils su +.PP +should give you access to the complete manual. --- coreutils-5.93/man/Makefile.am.runuser 2005-10-13 15:12:51.000000000 +0100 +++ coreutils-5.93/man/Makefile.am 2005-11-14 10:54:44.000000000 +0000 @@ -7,7 +7,7 @@ link.1 ln.1 logname.1 \ ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \ paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \ - rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ + rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \ who.1 whoami.1 yes.1 @@ -81,6 +81,7 @@ readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c --- /dev/null 2005-10-10 09:36:06.437701000 +0100 +++ coreutils-5.93/man/runuser.x 2005-11-14 10:54:45.000000000 +0000 @@ -0,0 +1,4 @@ +[NAME] +runuser \- run a shell with substitute user and group IDs +[DESCRIPTION] +.\" Add any additional description here --- coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000 +++ coreutils-5.93/src/su.c 2005-11-24 16:12:18.000000000 +0000 @@ -132,9 +132,15 @@ #include "error.h" /* The official name of this program (e.g., no `g' prefix). */ +#ifndef RUNUSER #define PROGRAM_NAME "su" +#else +#define PROGRAM_NAME "runuser" +#endif +#ifndef AUTHORS #define AUTHORS "David MacKenzie" +#endif #if HAVE_PATHS_H # include @@ -172,6 +178,10 @@ #ifndef USE_PAM char *crypt (); #endif +#ifndef CHECKPASSWD +#define CHECKPASSWD 1 +#endif + char *getpass (); char *getusershell (); void endusershell (); @@ -303,10 +313,12 @@ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh); PAM_BAIL_P; +#ifndef RUNUSER if (getuid() != 0 && !isatty(0)) { fprintf(stderr, "standard in must be a tty\n"); exit(1); } +#endif caller = getpwuid(getuid()); if(caller != NULL && caller->pw_name != NULL) { @@ -323,6 +335,11 @@ retval = pam_set_item(pamh, PAM_TTY, tty_name); PAM_BAIL_P; } +#ifdef RUNUSER + if (getuid() != geteuid()) + /* safety net: deny operation if we are suid by accident */ + error(EXIT_FAIL, 1, "runuser may not be setuid"); +#else retval = pam_authenticate(pamh, 0); PAM_BAIL_P; retval = pam_acct_mgmt(pamh, 0); @@ -332,6 +349,7 @@ PAM_BAIL_P; } PAM_BAIL_P; +#endif /* must be authenticated if this point was reached */ return 1; #else /* !USE_PAM */ @@ -746,7 +764,7 @@ : DEFAULT_SHELL); endpwent (); - if (!correct_password (pw)) + if (CHECKPASSWD && !correct_password (pw)) { #ifdef SYSLOG_FAILURE log_su (pw, false); --- coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000 +++ coreutils-5.93/src/Makefile.am 2005-11-24 16:18:58.000000000 +0000 @@ -17,7 +17,7 @@ ## along with this program; if not, write to the Free Software Foundation, ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who +EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who bin_SCRIPTS = groups bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \ @@ -93,4 +93,8 @@ su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@ +runuser_SOURCES = su.c +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\"" +runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@ + $(PROGRAMS): ../lib/libcoreutils.a @@ -106,7 +110,7 @@ chmod +x $@-t mv $@-t $@ -all-local: su$(EXEEXT) +all-local: su$(EXEEXT) runuser installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'` --- coreutils-5.93/tests/help-version.runuser 2005-01-05 22:08:48.000000000 +0000 +++ coreutils-5.93/tests/help-version 2005-11-14 10:54:45.000000000 +0000 @@ -136,6 +136,7 @@ seq_args=10 sleep_args=0 su_args=--version +runuser_args=--version test_args=foo # This is necessary in the unusual event that there is --- coreutils-5.93/README.runuser 2005-09-28 19:34:26.000000000 +0100 +++ coreutils-5.93/README 2005-11-14 10:54:45.000000000 +0000 @@ -11,7 +11,7 @@ df dir dircolors dirname du echo env expand expr factor false fmt fold ginstall groups head hostid hostname id join kill link ln logname ls md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr - printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort + printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum shred sleep sort split stat stty su sum sync tac tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes --- coreutils-5.93/AUTHORS.runuser 2004-11-03 23:10:50.000000000 +0000 +++ coreutils-5.93/AUTHORS 2005-11-14 10:54:45.000000000 +0000 @@ -59,6 +59,7 @@ readlink: Dmitry V. Levin rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering rmdir: David MacKenzie +runuser: David MacKenzie, Dan Walsh seq: Ulrich Drepper sha1sum: Ulrich Drepper, Scott Miller shred: Colin Plumb