[packages/coreutils.git] / coreutils-runuser.patch

--- coreutils-6.10/README.orig	2008-01-18 09:26:09.000000000 +0100
+++ coreutils-6.10/README	2008-03-02 14:24:55.578407708 +0100
@@ -12,7 +12,7 @@
   factor false fmt fold groups head hostid hostname id install join kill
   link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
   nproc od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
-  runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
+  runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
   sleep sort split stat stdbuf stty su sum sync tac tail tee test timeout
   touch tr true truncate tsort tty uname unexpand uniq unlink uptime users
   vdir wc who whoami yes
--- coreutils-6.10/AUTHORS.orig	2008-01-05 23:58:24.000000000 +0100
+++ coreutils-6.10/AUTHORS	2008-03-02 14:25:23.908022120 +0100
@@ -64,6 +64,7 @@
 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
 rmdir: David MacKenzie
 runcon: Russell Coker
+runuser: David MacKenzie, Dan Walsh
 seq: Ulrich Drepper
 sha1sum: Ulrich Drepper, Scott Miller, David Madore
 sha224sum: Ulrich Drepper, Scott Miller, David Madore
--- coreutils-6.7/src/su.c.runuser	2007-01-09 17:27:56.000000000 +0000
+++ coreutils-6.7/src/su.c	2007-01-09 17:30:12.000000000 +0000
@@ -109,9 +109,15 @@
 #include "error.h"
 
 /* The official name of this program (e.g., no `g' prefix).  */
+#ifndef RUNUSER
 #define PROGRAM_NAME "su"
+#else
+#define PROGRAM_NAME "runuser"
+#endif
 
+#ifndef AUTHORS
 #define AUTHORS proper_name ("David MacKenzie")
+#endif
 
 #if HAVE_PATHS_H
 # include <paths.h>
@@ -149,6 +149,10 @@
 char *crypt (char const *key, char const *salt);
 #endif
 
+#ifndef CHECKPASSWD
+#define CHECKPASSWD 1
+#endif
+
 static void run_shell (char const *, char const *, char **, size_t,
 		const struct passwd *)
 #ifdef USE_PAM
@@ -154,7 +154,11 @@
 #endif
 
 static void run_shell (char const *, char const *, char **, size_t,
-		const struct passwd *)
+		const struct passwd *
+#ifdef RUNUSER
+		, gid_t *groups, int num_groups
+#endif
+		)
 #ifdef USE_PAM
 	;
 #else
@@ -187,6 +201,10 @@
   {"login", no_argument, NULL, 'l'},
   {"preserve-environment", no_argument, NULL, 'p'},
   {"shell", required_argument, NULL, 's'},
+#ifdef RUNUSER
+  {"group", required_argument, NULL, 'g'},
+  {"supp-group", required_argument, NULL, 'G'},
+#endif
   {GETOPT_HELP_OPTION_DECL},
   {GETOPT_VERSION_OPTION_DECL},
   {NULL, 0, NULL, 0}
@@ -288,10 +306,12 @@
   retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
   PAM_BAIL_P;
 
+#ifndef RUNUSER
   if (getuid() != 0 && !isatty(0)) {
 	fprintf(stderr, _("standard in must be a tty\n"));
 	exit(1);
   }
+#endif
 
   caller = getpwuid(getuid());
   if(caller != NULL && caller->pw_name != NULL) {
@@ -308,6 +328,11 @@
     retval = pam_set_item(pamh, PAM_TTY, tty_name);
     PAM_BAIL_P;
   }
+#ifdef RUNUSER
+  if (getuid() != geteuid())
+    /* safety net: deny operation if we are suid by accident */
+    error(EXIT_FAILURE, 1, "runuser may not be setuid");
+#else
   retval = pam_authenticate(pamh, 0);
   PAM_BAIL_P;
   retval = pam_acct_mgmt(pamh, 0);
@@ -317,6 +342,7 @@
     PAM_BAIL_P;
   }
   PAM_BAIL_P;
+#endif
   /* must be authenticated if this point was reached */
   return 1;
 #else /* !USE_PAM */
@@ -398,11 +424,22 @@
 /* Become the user and group(s) specified by PW.  */
 
 static void
-change_identity (const struct passwd *pw)
+change_identity (const struct passwd *pw
+#ifdef RUNUSER
+		 , gid_t *groups, int num_groups
+#endif
+	)
 {
 #ifdef HAVE_INITGROUPS
+  int rc = 0;
   errno = 0;
-  if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
+#ifdef RUNUSER
+  if (num_groups)
+    rc = setgroups(num_groups, groups);
+  else
+#endif
+    rc = initgroups(pw->pw_name, pw->pw_gid);
+  if (rc == -1) {
 #ifdef USE_PAM
     pam_close_session(pamh, 0);
     pam_end(pamh, PAM_ABORT);
@@ -449,7 +486,11 @@
 
 static void
 run_shell (char const *shell, char const *command, char **additional_args,
-           size_t n_additional_args, const struct passwd *pw)
+           size_t n_additional_args, const struct passwd *pw
+#ifdef RUNUSER
+           , gid_t *groups, int num_groups
+#endif
+  )
 {
   size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
   char const **args = xnmalloc (n_args, sizeof *args);
@@ -480,7 +521,11 @@
 
   child = fork();
   if (child == 0) {  /* child shell */
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		   , groups, num_groups
+#endif
+	  );
   pam_end(pamh, 0);
   if (!same_session)
     setsid ();
@@ -657,6 +702,12 @@
   char *shell = NULL;
   struct passwd *pw;
   struct passwd pw_copy;
+#ifdef RUNUSER
+  struct group *gr;
+  gid_t groups[NGROUPS_MAX];
+  int num_supp_groups = 0;
+  int use_gid = 0;
+#endif
 
   initialize_main (&argc, &argv);
   program_name = argv[0];
@@ -671,7 +722,11 @@
   simulate_login = false;
   change_environment = true;
 
-  while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
+  while ((optc = getopt_long (argc, argv, "c:flmps:"
+#ifdef RUNUSER
+			      "g:G:"
+#endif
+			      , longopts, NULL)) != -1)
     {
       switch (optc)
 	{
@@ -701,6 +756,28 @@
           shell = optarg;
           break;
 
+#ifdef RUNUSER
+	case 'g':
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
+	  use_gid = 1;
+	  groups[0] = gr->gr_gid;
+	  break;
+
+	case 'G':
+	  num_supp_groups++;
+	  if (num_supp_groups >= NGROUPS_MAX)
+	    error (EXIT_FAILURE, 0,
+		   _("Can't specify more than %d supplemental groups"),
+		   NGROUPS_MAX - 1);
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
+	  groups[num_supp_groups] = gr->gr_gid;
+	  break;
+#endif
+
         case_GETOPT_HELP_CHAR;
 
         case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
@@ -739,7 +816,20 @@
                           : DEFAULT_SHELL);
   endpwent ();
 
-  if (!correct_password (pw))
+#ifdef RUNUSER
+  if (num_supp_groups && !use_gid)
+  {
+    pw->pw_gid = groups[1];
+    memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
+  }
+  else if (use_gid)
+  {
+    pw->pw_gid = groups[0];
+    num_supp_groups++;
+  }
+#endif
+
+  if (CHECKPASSWD && !correct_password (pw))
     {
 #ifdef SYSLOG_FAILURE
       log_su (pw, false);
@@ -814,7 +814,11 @@
   modify_environment (pw, shell);
 
 #ifndef USE_PAM
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		  , groups, num_supp_groups
+#endif
+		  );
 #endif
 
   /* error() flushes stderr, but does not check for write failure.
@@ -825,5 +829,9 @@
   if (ferror (stderr))
     exit (EXIT_CANCELED);
 
-  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
+  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
+#ifdef RUNUSER
+		  , groups, num_supp_groups
+#endif
+		  );
 }
--- coreutils-6.10/src/Makefile.am.orig	2008-03-02 14:22:53.223435095 +0100
+++ coreutils-6.10/src/Makefile.am	2008-03-02 14:25:58.317983032 +0100
@@ -101,6 +101,7 @@
   rm		\
   rmdir		\
   runcon	\
+  runuser	\
   seq		\
   sha1sum	\
   sha224sum	\
@@ -135,6 +135,10 @@
 
 stat_LDADD = $(LDADD) $(LIB_SELINUX)
 
+runuser_SOURCES = su.c
+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
+
 $(PROGRAMS): ../lib/libcoreutils.a
 
 # Get the release year from ../lib/version-etc.c.
@@ -156,7 +160,7 @@
 	chmod +x $@-t
 	mv $@-t $@
 
-all-local: su$(EXEEXT)
+all-local: su$(EXEEXT) runuser$(EXEEXT)
 
 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
 
--- coreutils-6.10/man/Makefile.am.orig	2008-03-02 14:22:53.175432360 +0100
+++ coreutils-6.10/man/Makefile.am	2008-03-02 14:26:36.980186266 +0100
@@ -94,6 +94,7 @@
 rm.1:		$(common_dep)	$(srcdir)/rm.x		../src/rm.c
 rmdir.1:	$(common_dep)	$(srcdir)/rmdir.x	../src/rmdir.c
 runcon.1:	$(common_dep)	$(srcdir)/runcon.x	../src/runcon.c
+runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/su.c
 seq.1:		$(common_dep)	$(srcdir)/seq.x		../src/seq.c
 sha1sum.1:	$(common_dep)	$(srcdir)/sha1sum.x	../src/md5sum.c
 sha224sum.1:	$(common_dep)	$(srcdir)/sha224sum.x	../src/md5sum.c
--- /dev/null	2007-01-09 09:38:07.860075128 +0000
+++ coreutils-6.7/man/runuser.x	2007-01-09 17:27:56.000000000 +0000
@@ -0,0 +1,4 @@
+[NAME]
+runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
--- /dev/null	2007-01-09 09:38:07.860075128 +0000
+++ coreutils-6.7/man/runuser.1	2007-01-09 17:27:56.000000000 +0000
@@ -0,0 +1,68 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.33.
+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
+.SH NAME
+runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
+.SH SYNOPSIS
+.B runuser
+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
+.SH DESCRIPTION
+.\" Add any additional description here
+.PP
+Change the effective user id and group id to that of USER.  No PAM hooks
+are run, and there will be no password prompt.  This command is useful
+when run as the root user.  If run as a non-root user without privilege
+to set user ID, the command will fail.
+.TP
+-, \fB\-l\fR, \fB\-\-login\fR
+make the shell a login shell
+.TP
+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
+pass a single COMMAND to the shell with \fB\-c\fR
+.TP
+\fB\-f\fR, \fB\-\-fast\fR
+pass \fB\-f\fR to the shell (for csh or tcsh)
+.TP
+\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
+specify the primary group
+.TP
+\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
+specify a supplemental group
+.TP
+\fB\-m\fR, \fB\-\-preserve\-environment\fR
+do not reset environment variables
+.TP
+\fB\-p\fR
+same as \fB\-m\fR
+.TP
+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
+run SHELL if /etc/shells allows it
+.TP
+\fB\-\-help\fR
+display this help and exit
+.TP
+\fB\-\-version\fR
+output version information and exit
+.PP
+A mere - implies \fB\-l\fR.   If USER not given, assume root.
+.SH AUTHOR
+Written by David MacKenzie, Dan Walsh.
+.SH "REPORTING BUGS"
+Report bugs to <bug-coreutils@gnu.org>.
+.SH COPYRIGHT
+Copyright \(co 2004 Free Software Foundation, Inc.
+.br
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH "SEE ALSO"
+Since this command is trimmed down version of su use you can use the su manual.
+The full documentation for
+.B su
+is maintained as a Texinfo manual.  If the
+.B info
+and
+.B su
+programs are properly installed at your site, the command
+.IP
+.B info coreutils su
+.PP
+should give you access to the complete manual.
--- coreutils-6.10/po/pl.po.orig	2008-03-02 14:22:54.123486386 +0100
+++ coreutils-6.10/po/pl.po	2008-03-02 14:28:35.858960780 +0100
@@ -8986,6 +8986,16 @@
 msgid "warning: cannot change directory to %s"
 msgstr "uwaga: nie można zmienić katalogu na %s"
 
+#: src/su.c:runuser
+#, c-format
+msgid "group %s does not exist"
+msgstr "grupa %s nie istnieje"
+
+#: src/su.c:runuser
+#, c-format
+msgid "Can't specify more than %d supplemental groups"
+msgstr "Nie można określić więcej niż %d grup dodatkowych"
+
 #. This is a proper name. See the gettext manual, section Names.
 #: src/sum.c:36
 msgid "Kayvan Aghaiepour"
Commit	Line	Data
3c350007 JB	1	--- coreutils-6.10/README.orig 2008-01-18 09:26:09.000000000 +0100
	2	+++ coreutils-6.10/README 2008-03-02 14:24:55.578407708 +0100
	3	@@ -12,7 +12,7 @@
	4	factor false fmt fold groups head hostid hostname id install join kill
	5	link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
2a866b46	6	nproc od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
926fe601	7	- runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
926fe601	8	+ runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
81607503	9	sleep sort split stat stdbuf stty su sum sync tac tail tee test timeout
	10	touch tr true truncate tsort tty uname unexpand uniq unlink uptime users
	11	vdir wc who whoami yes
3c350007 JB	12	--- coreutils-6.10/AUTHORS.orig 2008-01-05 23:58:24.000000000 +0100
	13	+++ coreutils-6.10/AUTHORS 2008-03-02 14:25:23.908022120 +0100
	14	@@ -64,6 +64,7 @@
	15	rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
	16	rmdir: David MacKenzie
	17	runcon: Russell Coker
	18	+runuser: David MacKenzie, Dan Walsh
	19	seq: Ulrich Drepper
	20	sha1sum: Ulrich Drepper, Scott Miller, David Madore
	21	sha224sum: Ulrich Drepper, Scott Miller, David Madore
5d9fc52d JR	22	--- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
5d9fc52d JR	23	+++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
d7c818dd	24	@@ -109,9 +109,15 @@
5d9fc52d JR	25	#include "error.h"
	26
	27	/* The official name of this program (e.g., no `g' prefix). */
	28	+#ifndef RUNUSER
	29	#define PROGRAM_NAME "su"
	30	+#else
	31	+#define PROGRAM_NAME "runuser"
	32	+#endif
	33
	34	+#ifndef AUTHORS
d7c818dd	35	#define AUTHORS proper_name ("David MacKenzie")
5d9fc52d JR	36	+#endif
	37
	38	#if HAVE_PATHS_H
	39	# include <paths.h>
2a866b46	40	@@ -149,6 +149,10 @@
ce369209	41	char crypt (char const key, char const *salt);
5d9fc52d	42	#endif
2a866b46	43
5d9fc52d JR	44	+#ifndef CHECKPASSWD
	45	+#define CHECKPASSWD 1
	46	+#endif
	47	+
2a866b46 AM	48	static void run_shell (char const , char const , char **, size_t,
	49	const struct passwd *)
	50	#ifdef USE_PAM
	51	@@ -154,7 +154,11 @@
	52	#endif
5d9fc52d JR	53
5d9fc52d JR	54	static void run_shell (char const , char const , char **, size_t,
2a866b46 AM	55	- const struct passwd *)
2a866b46 AM	56	+ const struct passwd *
5d9fc52d	57	+#ifdef RUNUSER
2a866b46	58	+ , gid_t *groups, int num_groups
5d9fc52d	59	+#endif
2a866b46	60	+ )
5d9fc52d JR	61	#ifdef USE_PAM
	62	;
	63	#else
	64	@@ -187,6 +201,10 @@
	65	{"login", no_argument, NULL, 'l'},
	66	{"preserve-environment", no_argument, NULL, 'p'},
	67	{"shell", required_argument, NULL, 's'},
	68	+#ifdef RUNUSER
	69	+ {"group", required_argument, NULL, 'g'},
	70	+ {"supp-group", required_argument, NULL, 'G'},
	71	+#endif
	72	{GETOPT_HELP_OPTION_DECL},
	73	{GETOPT_VERSION_OPTION_DECL},
	74	{NULL, 0, NULL, 0}
	75	@@ -288,10 +306,12 @@
	76	retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
	77	PAM_BAIL_P;
	78
	79	+#ifndef RUNUSER
	80	if (getuid() != 0 && !isatty(0)) {
	81	fprintf(stderr, _("standard in must be a tty\n"));
	82	exit(1);
	83	}
	84	+#endif
	85
	86	caller = getpwuid(getuid());
	87	if(caller != NULL && caller->pw_name != NULL) {
	88	@@ -308,6 +328,11 @@
	89	retval = pam_set_item(pamh, PAM_TTY, tty_name);
	90	PAM_BAIL_P;
	91	}
	92	+#ifdef RUNUSER
	93	+ if (getuid() != geteuid())
	94	+ /* safety net: deny operation if we are suid by accident */
3c350007	95	+ error(EXIT_FAILURE, 1, "runuser may not be setuid");
5d9fc52d JR	96	+#else
	97	retval = pam_authenticate(pamh, 0);
	98	PAM_BAIL_P;
	99	retval = pam_acct_mgmt(pamh, 0);
	100	@@ -317,6 +342,7 @@
	101	PAM_BAIL_P;
	102	}
	103	PAM_BAIL_P;
	104	+#endif
	105	/* must be authenticated if this point was reached */
	106	return 1;
	107	#else /* !USE_PAM */
	108	@@ -398,11 +424,22 @@
	109	/* Become the user and group(s) specified by PW. */
	110
	111	static void
	112	-change_identity (const struct passwd *pw)
	113	+change_identity (const struct passwd *pw
	114	+#ifdef RUNUSER
	115	+ , gid_t *groups, int num_groups
	116	+#endif
	117	+ )
	118	{
	119	#ifdef HAVE_INITGROUPS
	120	+ int rc = 0;
	121	errno = 0;
	122	- if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
	123	+#ifdef RUNUSER
	124	+ if (num_groups)
	125	+ rc = setgroups(num_groups, groups);
	126	+ else
	127	+#endif
	128	+ rc = initgroups(pw->pw_name, pw->pw_gid);
	129	+ if (rc == -1) {
	130	#ifdef USE_PAM
	131	pam_close_session(pamh, 0);
	132	pam_end(pamh, PAM_ABORT);
	133	@@ -449,7 +486,11 @@
	134
	135	static void
	136	run_shell (char const shell, char const command, char **additional_args,
6fd30452 AM	137	- size_t n_additional_args, const struct passwd *pw)
6fd30452 AM	138	+ size_t n_additional_args, const struct passwd *pw
5d9fc52d	139	+#ifdef RUNUSER
6fd30452	140	+ , gid_t *groups, int num_groups
5d9fc52d	141	+#endif
6fd30452	142	+ )
5d9fc52d JR	143	{
	144	size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
	145	char const *args = xnmalloc (n_args, sizeof args);
	146	@@ -480,7 +521,11 @@
	147
	148	child = fork();
	149	if (child == 0) { /* child shell */
	150	- change_identity (pw);
	151	+ change_identity (pw
	152	+#ifdef RUNUSER
	153	+ , groups, num_groups
	154	+#endif
	155	+ );
	156	pam_end(pamh, 0);
	157	if (!same_session)
	158	setsid ();
	159	@@ -657,6 +702,12 @@
	160	char *shell = NULL;
	161	struct passwd *pw;
	162	struct passwd pw_copy;
	163	+#ifdef RUNUSER
	164	+ struct group *gr;
	165	+ gid_t groups[NGROUPS_MAX];
	166	+ int num_supp_groups = 0;
	167	+ int use_gid = 0;
	168	+#endif
	169
	170	initialize_main (&argc, &argv);
	171	program_name = argv[0];
	172	@@ -671,7 +722,11 @@
	173	simulate_login = false;
	174	change_environment = true;
	175
	176	- while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
	177	+ while ((optc = getopt_long (argc, argv, "c:flmps:"
	178	+#ifdef RUNUSER
	179	+ "g:G:"
	180	+#endif
	181	+ , longopts, NULL)) != -1)
	182	{
	183	switch (optc)
	184	{
	185	@@ -701,6 +756,28 @@
6fd30452 AM	186	shell = optarg;
6fd30452 AM	187	break;
5d9fc52d JR	188
	189	+#ifdef RUNUSER
	190	+ case 'g':
	191	+ gr = getgrnam(optarg);
	192	+ if (!gr)
3c350007	193	+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
5d9fc52d JR	194	+ use_gid = 1;
	195	+ groups[0] = gr->gr_gid;
	196	+ break;
	197	+
	198	+ case 'G':
	199	+ num_supp_groups++;
	200	+ if (num_supp_groups >= NGROUPS_MAX)
3c350007	201	+ error (EXIT_FAILURE, 0,
5d9fc52d JR	202	+ _("Can't specify more than %d supplemental groups"),
	203	+ NGROUPS_MAX - 1);
	204	+ gr = getgrnam(optarg);
	205	+ if (!gr)
3c350007	206	+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
5d9fc52d JR	207	+ groups[num_supp_groups] = gr->gr_gid;
	208	+ break;
	209	+#endif
	210	+
6fd30452	211	case_GETOPT_HELP_CHAR;
5d9fc52d	212
6fd30452	213	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
5d9fc52d	214	@@ -739,7 +816,20 @@
6fd30452	215	: DEFAULT_SHELL);
5d9fc52d JR	216	endpwent ();
	217
	218	- if (!correct_password (pw))
	219	+#ifdef RUNUSER
	220	+ if (num_supp_groups && !use_gid)
	221	+ {
	222	+ pw->pw_gid = groups[1];
	223	+ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
	224	+ }
	225	+ else if (use_gid)
	226	+ {
	227	+ pw->pw_gid = groups[0];
	228	+ num_supp_groups++;
	229	+ }
	230	+#endif
	231	+
	232	+ if (CHECKPASSWD && !correct_password (pw))
	233	{
	234	#ifdef SYSLOG_FAILURE
	235	log_su (pw, false);
2a866b46	236	@@ -814,7 +814,11 @@
5d9fc52d JR	237	modify_environment (pw, shell);
	238
	239	#ifndef USE_PAM
	240	- change_identity (pw);
	241	+ change_identity (pw
	242	+#ifdef RUNUSER
2a866b46	243	+ , groups, num_supp_groups
5d9fc52d	244	+#endif
2a866b46	245	+ );
5d9fc52d JR	246	#endif
5d9fc52d JR	247
2a866b46 AM	248	/* error() flushes stderr, but does not check for write failure.
	249	@@ -825,5 +829,9 @@
	250	if (ferror (stderr))
	251	exit (EXIT_CANCELED);
	252
5d9fc52d JR	253	- run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
	254	+ run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
	255	+#ifdef RUNUSER
2a866b46	256	+ , groups, num_supp_groups
5d9fc52d	257	+#endif
2a866b46	258	+ );
5d9fc52d	259	}
3c350007 JB	260	--- coreutils-6.10/src/Makefile.am.orig 2008-03-02 14:22:53.223435095 +0100
3c350007 JB	261	+++ coreutils-6.10/src/Makefile.am 2008-03-02 14:25:58.317983032 +0100
2a866b46 AM	262	@@ -101,6 +101,7 @@
	263	rm \
	264	rmdir \
	265	runcon \
	266	+ runuser \
	267	seq \
	268	sha1sum \
	269	sha224sum \
3c350007	270	@@ -135,6 +135,10 @@
5d9fc52d	271
3c350007	272	stat_LDADD = $(LDADD) $(LIB_SELINUX)
5d9fc52d JR	273
	274	+runuser_SOURCES = su.c
	275	+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
67a461d4	276	+runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
5d9fc52d JR	277	+
	278	$(PROGRAMS): ../lib/libcoreutils.a
	279
3c350007 JB	280	# Get the release year from ../lib/version-etc.c.
3c350007 JB	281	@@ -156,7 +160,7 @@
5d9fc52d JR	282	chmod +x $@-t
	283	mv $@-t $@
	284
	285	-all-local: su$(EXEEXT)
3c350007	286	+all-local: su$(EXEEXT) runuser$(EXEEXT)
5d9fc52d JR	287
	288	installed_su = $(DESTDIR)$(bindir)/`echo su\|sed '$(transform)'`
	289
3c350007 JB	290	--- coreutils-6.10/man/Makefile.am.orig 2008-03-02 14:22:53.175432360 +0100
	291	+++ coreutils-6.10/man/Makefile.am 2008-03-02 14:26:36.980186266 +0100
	292	@@ -94,6 +94,7 @@
5d9fc52d JR	293	rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
5d9fc52d JR	294	rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
3c350007	295	runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
5d9fc52d JR	296	+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
	297	seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
	298	sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
	299	sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
	300	--- /dev/null 2007-01-09 09:38:07.860075128 +0000
	301	+++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000
	302	@@ -0,0 +1,4 @@
	303	+[NAME]
	304	+runuser \- run a shell with substitute user and group IDs
	305	+[DESCRIPTION]
	306	+.\" Add any additional description here
	307	--- /dev/null 2007-01-09 09:38:07.860075128 +0000
	308	+++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
	309	@@ -0,0 +1,68 @@
	310	+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
	311	+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
	312	+.SH NAME
	313	+runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
	314	+.SH SYNOPSIS
	315	+.B runuser
	316	+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
	317	+.SH DESCRIPTION
	318	+.\" Add any additional description here
	319	+.PP
	320	+Change the effective user id and group id to that of USER. No PAM hooks
	321	+are run, and there will be no password prompt. This command is useful
	322	+when run as the root user. If run as a non-root user without privilege
	323	+to set user ID, the command will fail.
	324	+.TP
	325	+-, \fB\-l\fR, \fB\-\-login\fR
	326	+make the shell a login shell
	327	+.TP
	328	+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
	329	+pass a single COMMAND to the shell with \fB\-c\fR
	330	+.TP
	331	+\fB\-f\fR, \fB\-\-fast\fR
	332	+pass \fB\-f\fR to the shell (for csh or tcsh)
	333	+.TP
	334	+\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
	335	+specify the primary group
	336	+.TP
	337	+\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
	338	+specify a supplemental group
	339	+.TP
	340	+\fB\-m\fR, \fB\-\-preserve\-environment\fR
	341	+do not reset environment variables
	342	+.TP
	343	+\fB\-p\fR
	344	+same as \fB\-m\fR
	345	+.TP
	346	+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
	347	+run SHELL if /etc/shells allows it
	348	+.TP
	349	+\fB\-\-help\fR
	350	+display this help and exit
	351	+.TP
	352	+\fB\-\-version\fR
	353	+output version information and exit
	354	+.PP
	355	+A mere - implies \fB\-l\fR. If USER not given, assume root.
	356	+.SH AUTHOR
	357	+Written by David MacKenzie, Dan Walsh.
	358	+.SH "REPORTING BUGS"
	359	+Report bugs to <bug-coreutils@gnu.org>.
360	+.SH COPYRIGHT
361	+Copyright \(co 2004 Free Software Foundation, Inc.
362	+.br
363	+This is free software; see the source for copying conditions. There is NO
364	+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
365	+.SH "SEE ALSO"
366	+Since this command is trimmed down version of su use you can use the su manual.
367	+The full documentation for
368	+.B su
369	+is maintained as a Texinfo manual. If the
370	+.B info
371	+and
372	+.B su
373	+programs are properly installed at your site, the command
374	+.IP
375	+.B info coreutils su
376	+.PP
377	+should give you access to the complete manual.
3c350007 JB	378	--- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
	379	+++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
	380	@@ -8986,6 +8986,16 @@
2b14ddfb	381	msgid "warning: cannot change directory to %s"
2f7c8a76	382	msgstr "uwaga: nie można zmienić katalogu na %s"
2b14ddfb JB	383
	384	+#: src/su.c:runuser
	385	+#, c-format
	386	+msgid "group %s does not exist"
79dc8adb	387	+msgstr "grupa %s nie istnieje"
2b14ddfb JB	388	+
	389	+#: src/su.c:runuser
	390	+#, c-format
	391	+msgid "Can't specify more than %d supplemental groups"
2f7c8a76	392	+msgstr "Nie można określić więcej niż %d grup dodatkowych"
2b14ddfb	393	+
d7c818dd AM	394	#. This is a proper name. See the gettext manual, section Names.
	395	#: src/sum.c:36
	396	msgid "Kayvan Aghaiepour"