1 --- coreutils-6.7/src/Makefile.am.pam 2006-11-24 21:28:10.000000000 +0000
2 +++ coreutils-6.7/src/Makefile.am 2007-01-09 17:00:01.000000000 +0000
4 uptime_LDADD += $(GETLOADAVG_LIBS)
7 -su_LDADD += $(LIB_CRYPT)
8 +su_LDADD += $(LIB_CRYPT) $(LIB_PAM)
10 # for various ACL functions
11 copy_LDADD += $(LIB_ACL)
12 --- coreutils-6.10/src/su.c.orig 2007-11-25 14:23:31.000000000 +0100
13 +++ coreutils-6.10/src/su.c 2008-03-02 02:07:13.568059486 +0100
15 restricts who can su to UID 0 accounts. RMS considers that to
20 + Actually, with PAM, su has nothing to do with whether or not a
21 + wheel group is enforced by su. RMS tries to restrict your access
22 + to a su which implements the wheel group, but PAM considers that
23 + to be fascist, and gives the user/sysadmin the opportunity to
24 + enforce a wheel group by proper editing of /etc/pam.conf
29 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
30 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
32 prototype (returning `int') in <unistd.h>. */
33 #define getusershell _getusershell_sys_proto_
37 +# include <sys/wait.h>
38 +# include <sys/fsuid.h>
40 +# include <security/pam_appl.h>
41 +# include <security/pam_misc.h>
48 /* The user to become if none is specified. */
49 #define DEFAULT_USER "root"
52 char *crypt (char const *key, char const *salt);
55 -static void run_shell (char const *, char const *, char **, size_t)
56 +static void run_shell (char const *, char const *, char **, size_t,
57 + const struct passwd *)
64 /* If true, pass the `-f' option to the subshell. */
65 static bool fast_startup;
71 +static pam_handle_t *pamh = NULL;
73 +static struct pam_conv conv = {
78 +#define PAM_BAIL_P if (retval) { \
79 + pam_end(pamh, PAM_SUCCESS); \
82 +#define PAM_BAIL_P_VOID if (retval) { \
83 + pam_end(pamh, PAM_SUCCESS); \
88 /* Ask the user for a password.
89 + If PAM is in use, let PAM ask for the password if necessary.
90 Return true if the user gives the correct password for entry PW,
91 false if not. Return true without asking for a password if run by UID 0
92 or if PW has an empty password. */
95 correct_password (const struct passwd *pw)
98 + struct passwd *caller;
99 + char *tty_name, *ttyn;
100 + retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
103 + if (getuid() != 0 && !isatty(0)) {
104 + fprintf(stderr, _("standard in must be a tty\n"));
108 + caller = getpwuid(getuid());
109 + if(caller != NULL && caller->pw_name != NULL) {
110 + retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
116 + if (strncmp(ttyn, "/dev/", 5) == 0)
120 + retval = pam_set_item(pamh, PAM_TTY, tty_name);
123 + retval = pam_authenticate(pamh, 0);
125 + retval = pam_acct_mgmt(pamh, 0);
126 + if (retval == PAM_NEW_AUTHTOK_REQD && getuid()) {
127 + /* password has expired. Offer option to change it. */
128 + retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
132 + /* must be authenticated if this point was reached */
134 +#else /* !USE_PAM */
135 char *unencrypted, *encrypted, *correct;
136 #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
137 /* Shadow passwd stuff for SVR3 and maybe other systems. */
139 encrypted = crypt (unencrypted, correct);
140 memset (unencrypted, 0, strlen (unencrypted));
141 return STREQ (encrypted, correct);
142 +#endif /* !USE_PAM */
145 /* Update `environ' for the new shell based on PW, with SHELL being
146 @@ -260,12 +344,18 @@
147 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
148 Unset all other environment variables. */
149 char const *term = getenv ("TERM");
150 + char const *display = getenv ("DISPLAY");
151 + char const *xauthority = getenv ("XAUTHORITY");
153 term = xstrdup (term);
154 environ = xmalloc ((6 + !!term) * sizeof (char *));
157 xsetenv ("TERM", term);
159 + xsetenv ("DISPLAY", display);
161 + xsetenv ("XAUTHORITY", xauthority);
162 xsetenv ("HOME", pw->pw_dir);
163 xsetenv ("SHELL", shell);
164 xsetenv ("USER", pw->pw_name);
167 #ifdef HAVE_INITGROUPS
169 - if (initgroups (pw->pw_name, pw->pw_gid) == -1)
170 + if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
172 + pam_close_session(pamh, 0);
173 + pam_end(pamh, PAM_ABORT);
175 error (EXIT_CANCELED, errno, _("cannot set groups"));
179 if (setgid (pw->pw_gid))
181 error (EXIT_FAILURE, errno, _("cannot set user id"));
185 +static int caught=0;
186 +/* Signal handler for parent process later */
187 +static void su_catch_sig(int sig)
193 +pam_copyenv (pam_handle_t *pamh)
197 + env = pam_getenvlist(pamh);
209 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
210 If COMMAND is nonzero, pass it to the shell with the -c option.
211 Pass ADDITIONAL_ARGS to the shell as more arguments; there
212 @@ -315,17 +435,49 @@
215 run_shell (char const *shell, char const *command, char **additional_args,
216 - size_t n_additional_args)
217 + size_t n_additional_args, const struct passwd *pw)
219 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
220 char const **args = xnmalloc (n_args, sizeof *args);
227 + retval = pam_open_session(pamh,0);
228 + if (retval != PAM_SUCCESS) {
229 + fprintf (stderr, _("could not open session\n"));
233 +/* do this at the last possible moment, because environment variables may
234 + be passed even in the session phase
236 + if(pam_copyenv(pamh) != PAM_SUCCESS)
237 + fprintf (stderr, _("error copying PAM environment\n"));
239 + /* Credentials should be set in the parent */
240 + if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
241 + pam_close_session(pamh, 0);
242 + fprintf(stderr, _("could not set PAM credentials\n"));
247 + if (child == 0) { /* child shell */
248 + change_identity (pw);
255 char *shell_basename;
257 + if(chdir(pw->pw_dir))
258 + error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
260 shell_basename = last_component (shell);
261 arg0 = xmalloc (strlen (shell_basename) + 2);
264 error (0, errno, "%s", shell);
268 + } else if (child == -1) {
269 + fprintf(stderr, _("can not fork user shell: %s"), strerror(errno));
270 + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
271 + pam_close_session(pamh, 0);
272 + pam_end(pamh, PAM_ABORT);
276 + sigfillset(&ourset);
277 + if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
278 + fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME);
282 + struct sigaction action;
283 + action.sa_handler = su_catch_sig;
284 + sigemptyset(&action.sa_mask);
285 + action.sa_flags = 0;
286 + sigemptyset(&ourset);
287 + if (sigaddset(&ourset, SIGTERM)
288 + || sigaddset(&ourset, SIGALRM)
289 + || sigaction(SIGTERM, &action, NULL)
290 + || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
291 + fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME);
299 + pid = waitpid(-1, &status, WUNTRACED);
301 + if (WIFSTOPPED(status)) {
302 + kill(getpid(), SIGSTOP);
303 + /* once we get here, we must have resumed */
304 + kill(pid, SIGCONT);
306 + } while (WIFSTOPPED(status));
310 + fprintf(stderr, _("\nSession terminated, killing shell..."));
311 + kill (child, SIGTERM);
313 + /* Not checking retval on this because we need to call close session */
314 + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
315 + retval = pam_close_session(pamh, 0);
317 + retval = pam_end(pamh, PAM_SUCCESS);
321 + kill(child, SIGKILL);
322 + fprintf(stderr, _(" ...killed.\n"));
325 + exit (WEXITSTATUS(status));
326 +#endif /* USE_PAM */
329 /* Return true if SHELL is a restricted shell (one not returned by
331 shell = xstrdup (shell ? shell : pw->pw_shell);
332 modify_environment (pw, shell);
335 change_identity (pw);
336 - if (simulate_login && chdir (pw->pw_dir) != 0)
337 - error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
340 /* error() flushes stderr, but does not check for write failure.
341 Normally, we would catch this via our atexit() hook of
344 exit (EXIT_CANCELED);
346 - run_shell (shell, command, argv + optind, MAX (0, argc - optind));
347 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
349 --- coreutils-6.7/doc/coreutils.texi.pam 2006-10-27 15:30:48.000000000 +0100
350 +++ coreutils-6.7/doc/coreutils.texi 2007-01-09 17:00:01.000000000 +0000
351 @@ -13395,8 +13395,11 @@
353 @command{su} can optionally be compiled to use @code{syslog} to report
354 failed, and optionally successful, @command{su} attempts. (If the system
355 -supports @code{syslog}.) However, GNU @command{su} does not check if the
356 -user is a member of the @code{wheel} group; see below.
357 +supports @code{syslog}.)
359 +This version of @command{su} has support for using PAM for
360 +authentication. You can edit @file{/etc/pam.d/su} to customize its
363 The program accepts the following options. Also see @ref{Common options}.
365 @@ -11892,32 +11892,6 @@
366 the exit status of the subshell otherwise
369 -@cindex wheel group, not supported
370 -@cindex group wheel, not supported
372 -@subsection Why GNU @command{su} does not support the @samp{wheel} group
374 -(This section is by Richard Stallman.)
378 -Sometimes a few of the users try to hold total power over all the
379 -rest. For example, in 1984, a few users at the MIT AI lab decided to
380 -seize power by changing the operator password on the Twenex system and
381 -keeping it secret from everyone else. (I was able to thwart this coup
382 -and give power back to the users by patching the kernel, but I
383 -wouldn't know how to do that in Unix.)
385 -However, occasionally the rulers do tell someone. Under the usual
386 -@command{su} mechanism, once someone learns the root password who
387 -sympathizes with the ordinary users, he or she can tell the rest. The
388 -``wheel group'' feature would make this impossible, and thus cement the
389 -power of the rulers.
391 -I'm on the side of the masses, not that of the rulers. If you are
392 -used to supporting the bosses and sysadmins in whatever they do, you
393 -might find this idea strange at first.
398 --- coreutils-6.10/configure.ac.orig 2008-01-13 09:14:23.000000000 +0100
399 +++ coreutils-6.10/configure.ac 2008-03-02 02:08:10.027276914 +0100
404 +dnl Give the chance to enable PAM
405 +AC_ARG_ENABLE(pam, dnl
406 +[ --enable-pam Enable use of the PAM libraries],
407 +AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
408 +LIB_PAM="-ldl -lpam -lpam_misc"
415 AM_GNU_GETTEXT([external], [need-formatstring-macros])
416 AM_GNU_GETTEXT_VERSION([0.15])
418 +# just in case we want PAM
420 +# with PAM su doesn't need libcrypt
421 +if test -n "$LIB_PAM" ; then
428 --- coreutils-6.10/po/pl.po.orig 2008-01-16 21:22:08.000000000 +0100
429 +++ coreutils-6.10/po/pl.po 2008-03-02 02:09:23.671473657 +0100
430 @@ -8875,6 +8875,49 @@
431 msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
432 msgstr "Składnia: %s [OPCJA]... [-] [UŻYTKOWNIK [ARGUMENT]...]\n"
435 +msgid "standard in must be a tty\n\n"
436 +msgstr "standardowe wejście musi być terminalem\n"
439 +msgid "could not open session\n"
440 +msgstr "nie można otworzyć sesji\n"
443 +msgid "error copying PAM environment\n"
444 +msgstr "błąd podczas kopiowania środowiska PAM\n"
447 +msgid "could not set PAM credentials\n"
448 +msgstr "błąd podczas ustawiania uwierzytelnienia PAM\n"
452 +msgid "cannot fork user shell: %s"
453 +msgstr "nie można utworzyć procesu powłoki użytkownika: %s"
457 +msgid "%s: signal malfunction\n"
458 +msgstr "%s: błędne działanie sygnałów\n"
462 +msgid "%s: signal masking malfunction\n"
463 +msgstr "%s: błędne działanie maskowania sygnałów\n"
468 +"Session terminated, killing shell..."
471 +"Sesja zakończona, zabijanie powłoki..."
479 "Change the effective user id and group id to that of USER.\n"
480 diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1
481 --- coreutils-5.2.1.orig/man/es/su.1 Mon Apr 12 14:26:19 1999
482 +++ coreutils-5.2.1/man/es/su.1 Thu Mar 18 17:05:55 2004
484 puede ser compilado para reportar fallo, y opcionalmente éxito en syslog.
486 intentará utilizar syslog.
488 -Este programa no soporta el grupo "wheel", el cual restringe quien podrá
491 -hacia la cuenta de root (el superusuario) ya que esta política podría
492 -ayudar a los administradores de máquinas a facilitar un uso inadecuado a otros
496 .I "\-c COMANDO, \-\-command=COMANDO"
499 Escribe información sobre la versión en la salida estándar y acaba sin
502 -.SH Por que GNU no soporta el grupo "wheel" (por Richard Stallman)
503 -A veces, algunos listillos intentan hacerse con el poder total
504 -sobre el resto de usuarios. Por ejemplo, en 1984, un grupo de usuarios del
505 -laboratorio de Inteligencia Artificial del MIT decidieron tomar el poder
506 -cambiando el password de operador del sistema Twenex y manteniendolo secreto
507 -para el resto de usuarios. (De todas maneras, hubiera sido posible desbaratar
508 -la situación y devolver el control a los usuarios legítimos parcheando el
509 -kernel, pero no sabría como realizar esta operación en un sistema Unix.)
511 -Sin embargo, casualmente alguien contó el secreto. Mediante el uso habitual de
513 -una vez que alguien conoce el password de root puede contarselo al resto de
514 -usuarios. El grupo "wheel" hará que esto sea imposible, protegiendo así el poder
515 -de los superusuarios.
517 -Yo estoy del lado de las masas, no de los superusuarios. Si eres de los que
518 -estan de acuerdo con los jefes y los administradores de sistemas en cualquier
519 -cosa que hagan, al principio encontrarás esta idea algo extraña.
520 diff -Nur coreutils-5.2.1.orig/man/fr/su.1 coreutils-5.2.1/man/fr/su.1
521 --- coreutils-5.2.1.orig/man/fr/su.1 Sun Aug 10 12:00:00 2003
522 +++ coreutils-5.2.1/man/fr/su.1 Thu Mar 18 17:05:55 2004
524 peut être compilé afin de fournir des rapports d'échec, et éventuellement
525 de réussite des tentatives d'utilisation de
528 -Ce programme ne gère pas le "groupe wheel" utilisé pour restreindre
531 -au compte Super-Utilisateur, car il pourrait aider des administrateurs
532 -système fascistes à disposer d'un pouvoir incontrôlé
533 -sur les autres utilisateurs.
536 .I "\-c COMMANDE, \-\-command=COMMANDE"
539 Afficher un numéro de version sur la sortie standard et se terminer normalement.
541 -.SH Pourquoi GNU SU ne gère-t-il pas le groupe `wheel' (par Richard Stallman)
542 -Il peut arriver qu'un petit groupe d'utilisateurs essayent de s'approprier
543 -l'ensemble du système. Par exemple, en 1984, quelques utilisateurs du
544 -laboratoire d'I.A du MIT ont tentés de prendre le pouvoir en modifiant
545 -le mot de passe de l'opérateur sur le système Twenex, et en
546 -gardant ce mot de passe secret. (J'ai pu les en empêcher en modifiant le noyau, et
547 -restaurer ainsi les autres accès, mais je ne saurais pas en faire autant
550 -Néanmoins, il arrive parfois que les chefs fournissent le mot
551 -de passe de root à un utilisateur ordinaire.
552 -Avec le mécanisme habituel de \fBsu\fP,
553 -une fois que quelqu'un connaît ce mot de passe, il peut le transmettre
554 -à ses amis. Le principe du "groupe wheel" rend ce partage impossible,
555 -ce qui renforce la puissance des chefs.
557 -Je me situe du cote du peuple, pas du côté des chefs. Si vous avez l'habitude
558 -de soutenir les patrons et les administrateurs systèmes quoi qu'ils fassent,
559 -cette idée peut vous paraître étrange au premier abord.
562 Christophe Blaess, 1997-2003.
563 diff -Nur coreutils-5.2.1.orig/man/hu/su.1 coreutils-5.2.1/man/hu/su.1
564 --- coreutils-5.2.1.orig/man/hu/su.1 Sun Jul 9 14:19:12 2000
565 +++ coreutils-5.2.1/man/hu/su.1 Thu Mar 18 17:05:55 2004
568 A program verziójáról ír ki információt a standard kimenetre, majd
569 sikeres visszatérési értékkel kilép.
570 -.SH Miért nem támogatja a GNU su a wheel csoportot? (Richard Stallman)
572 -Néha a rendszer fölötti teljes ellenõrzést egy néhány emberbõl
573 -álló csoport akarja kézbe venni. Például 1984-ben pár user a MIT AI
574 -laborban úgy döntött, hogy átveszik az irányítást a Twenex rendszer
575 -operátori jelszavának megváltoztatásával, és annak titokban tartásával.
576 -(A puccsot sikerült leverni, és a felhasználókat jogaikba visszahelyezni
577 -egy kernel patch segítségével, de Unix alatt ezt nem tudtam volna megcsinálni.)
578 -(A fordító megj.: a wheel csoportot ezzel a módszerrel könnyen
579 -önkényesen is leszûkíthetik a csoporttagok , így tulajdonképpen nincs sok értelme.)
581 -Néha az uralmon levõk elárulják a root jelszót. A szokásos su
582 -mechanizmus szerint, ha valaki megtudja a root jelszót, és
583 -szimpatizál a többi közönséges felhasználóval, elárulhatja nekik
584 -is. A wheel csoport ezt lehetetlenné tenné, és így bebetonozná az
585 -uralmon levõ hatalmát.
587 -Én a tömegek oldalán állok, nem az uralkodókén. Ha te mindig a
588 -fõnökök és a rendszergazdák oldalán állsz, bármit is tesznek, akkor
589 -valószínûleg furcsálni fogod ezt a hozzáállást.
591 -A fordító megjegyzése:
592 -Valami jó azért mégis lenne a wheel csoportban: az, hogy ha a root
593 -jelszó kitudódna azzal nem tudna bármelyik felhasználó közvetlenül
594 -visszaélni. A wheel csoporthoz hasonló dolgot lehet elérni a
598 A hibákat a bug-sh-utils@gnu.org címen lehet jelenteni.
599 Az oldalt Ragnar Hojland Espinosa <ragnar@macula.net> frissítette.
600 diff -Nur coreutils-5.2.1.orig/man/it/su.1 coreutils-5.2.1/man/it/su.1
601 --- coreutils-5.2.1.orig/man/it/su.1 Mon Jul 1 23:09:38 2002
602 +++ coreutils-5.2.1/man/it/su.1 Thu Mar 18 17:05:55 2004
605 può essere compilato per riportare tramite syslog gli errori, ed
606 eventualmente anche i successi che ottiene.
608 -Questo programma non supporta un "gruppo wheel" che limita chi può fare
610 -agli account del superuser, poiché ciò può aiutare amministratori di
611 -sistema "fascisti" a tenere un potere inautorizzato sugli altri utenti.
614 .I "\-c COMANDO, \-\-command=COMANDO"
617 Stampa in standard output informazioni sulla versione e esce (con
619 -.SH Perché GNU su non supporta il gruppo wheel (di Richard Stallman)
620 -Qualche volta pochi utenti provano a tenere il potere assoluto sul
621 -resto degli utenti. Per esempio, nel 1984, alcuni utenti nel
622 -laboratorio di AI del MIT decisero impossessarsi del potere cambiando
623 -la password dell'operatore su un sistema Twenex e tenendola segreta a
624 -tutti gli altri (fui in grado di contrastare questo colpaccio e
625 -restituire il potere agli utenti ``patch-ando'' il kernel, ma non
626 -saprei come fare ciò in Unix).
628 -Comunque, occasionalmente i sovrani lo fanno. Tramite l'usuale
629 -meccanismo su, una volta che qualcuno che simpatizzi con gli
630 -utenti normali, abbia imparato la password di root può dirla anche
631 -agli altri. La caratteristica del "gruppo wheel" renderebbe ciò
632 -impossibile, consolidando quindi il potere dei sovrani.
634 -Io sono dalla parte delle masse, non da quella dei sovrani. Se tu sei
635 -abituato a sostenere i capi e gli amministratori di sistema in tutto
636 -quello che fanno, potresti trovare questa idea strana all'inizio.
637 diff -Nur coreutils-5.2.1.orig/man/ja/su.1 coreutils-5.2.1/man/ja/su.1
638 --- coreutils-5.2.1.orig/man/ja/su.1 Sun Dec 14 16:06:54 2003
639 +++ coreutils-5.2.1/man/ja/su.1 Thu Mar 18 17:05:55 2004
642 ¤¬¼ºÇÔ¤·¤¿¤È¤ syslog ¤Ë¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¤¹¤ë¤³¤È
643 ¤¬¤Ç¤¤ë¡ÊÀ®¸ù¤ò¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¤â¤Ç¤¤ë¡Ë¡£
645 -¤³¤Î¥×¥í¥°¥é¥à¤Ï "wheel group" ¤Îµ¡Ç½¡Ê
647 -¤Ë¤è¤Ã¤Æ¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¥¢¥«¥¦¥ó¥È¤Ë¤Ê¤ì¤ë¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ëµ¡Ç½¡Ë¤ò¥µ¥Ý¡¼
648 -¥È¤·¤Ê¤¤¡£¤³¤ì¤ÏÀìÀ©Åª¤Ê¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Â¾¤Î¥æ¡¼¥¶¡¼¤ËÉÔÅö¤Ê¸¢ÎϤò¿¶¤ë
649 -¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£
652 .I "\-c COMMAND, \-\-command=COMMAND"
656 ¥Ð¡¼¥¸¥ç¥ó¾ðÊó¤òɸ½à½ÐÎϤËɽ¼¨¤·¡¢¼Â¹ÔÀ®¸ù¤òÊÖ¤·¤Æ½ªÎ»¤¹¤ë¡£
657 -.SH GNU su ¤Ç wheel ¥°¥ë¡¼¥×¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤¤¤ï¤±¡ÊRichard Stallman¡Ë
658 -¤È¤¤ª¤ê¡¢¾¯¿ô¤Î¥æ¡¼¥¶¡¼¤Ë¤è¤Ã¤Æ¡¢Â¾¤Î¥æ¡¼¥¶¡¼¤ËÂФ¹¤ëÁ´¸¢¤ò¾¸°®¤·¤è¤¦
659 -¤È¤¹¤ë»î¤ß¤¬¤Ê¤µ¤ì¤ë¤³¤È¤¬¤¢¤ë¡£Î㤨¤Ð 1984 ǯ¡¢ MIT AI ¥é¥Ü¤Î¾¯¿ô¤Î¥æ¡¼
660 -¥¶¡¼¤Ï Twenex ¥·¥¹¥Æ¥à¤Î¥ª¥Ú¥ì¡¼¥¿¡¼¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¸¢¸Â¤ò¶¯Ã¥¤·¡¢¤³¤ì
661 -¤ò¾¤Î¥æ¡¼¥¶¡¼¤«¤éÈëÆ¿¤¹¤ë¤³¤È¤Ë·èÄꤷ¤¿¡Ê¤³¤ÎºÝ¤Ë¤Ï»ä¤Ï¤³¤Î¥¯¡¼¥Ç¥¿¡¼
662 -¤Î΢¤ò¤«¤¡¢¥«¡¼¥Í¥ë¤Ë¥Ñ¥Ã¥Á¤òÅö¤Æ¤Æ¸¢¸Â¤ò¼è¤êÊÖ¤¹¤³¤È¤ËÀ®¸ù¤·¤¿¡£¤·¤«
663 -¤·¤³¤ì¤¬ Unix ¤Ç¤¢¤Ã¤¿¤é¡¢»ä¤Ë¤Ï¤É¤¦¤¹¤ì¤Ð¤è¤¤¤«¤ï¤«¤é¤Ê¤«¤Ã¤¿¤À¤í¤¦¡Ë¡£
665 -¤·¤«¤·¤Ê¤¬¤é¡¢»þ¤Ë¤ÏÀìÀ©¼Ô¤âÈëÌ©¤òϳ¤é¤¹¤â¤Î¤Ç¤¢¤ë¡£Ä̾ï¤Î su ¤Î¥á¥«¥Ë
666 -¥º¥à¤Ç¤Ï¡¢°ìÈ̥桼¥¶¡¼¤Î¦¤ËΩ¤Ä¼Ô¤¬ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤì¤Ð¡¢¤³¤ì¤ò
667 -¾¤Î¥æ¡¼¥¶¡¼¤Ë¤âÃΤ餻¤ë¤³¤È¤¬¤Ç¤¤ë¡£¤·¤«¤· "wheel group" µ¡Ç½¤Ï¤³¤ì
668 -¤òÉÔ²Äǽ¤Ë¤·¡¢·ë²Ì¤È¤·¤ÆÀìÀ©¼Ôã¤Î¸¢¸Â¤ò¶¯¸Ç¤¿¤ë¤â¤Î¤Ë¤·¤Æ¤·¤Þ¤¦¡£
670 -»ä¤ÏÂç½°¤Î¦¤ËΩ¤Ä¤â¤Î¤Ç¤¢¤ê¡¢ÀìÀ©Åª¤ÊΩ¾ì¤Ë¤ÏÈ¿ÂФ¹¤ë¡£¤¢¤Ê¤¿¤Ï¥Ü¥¹¤ä
671 -¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Î¤ä¤ê¸ý¤Ë½¾¤¦¤³¤È¤Ë´·¤ì¤Æ¤¤¤ë¤«¤âÃΤì¤Ê¤¤¤¬¡¢¤½¤Î¾ì¹ç¤Ï
672 -¤Þ¤º¤½¤Î¤³¤È¼«¿È¤òÉԻ׵Ĥ˻פ¦¤Ù¤¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£
673 diff -Nur coreutils-5.2.1.orig/man/pl/su.1 coreutils-5.2.1/man/pl/su.1
674 --- coreutils-5.2.1.orig/man/pl/su.1 Tue Jun 20 16:07:31 2000
675 +++ coreutils-5.2.1/man/pl/su.1 Thu Mar 18 17:05:55 2004
677 mo¿e zostaæ tak skompilowane, by raportowa³o nieudane, lub opcjonalnie
678 równie¿ udane próby zmiany id przy u¿yciu
680 -Jednak \fBsu\fP w wersji GNU nie sprawdza czy u¿ytkownik jest cz³onkiem grupy
681 -`wheel' -- patrz poni¿ej.
684 .BR \-c " \fIpolecenie\fP, " \-\-command= \fIpolecenie
688 Wy¶wietla numer wersji programu i koñczy pracê.
689 -.SH Dlaczego GNU `su' nie obs³uguje grupy `wheel'
691 -(Sekcjê tê napisa³ Richard Stallman)
693 -Czasami kilku u¿ytkowników usi³uje sprawowaæ nieograniczon± w³adzê nad
694 -pozosta³ymi. Na przyk³ad, w 1984, kilku u¿ytkowników w laboratorium AI MIT
695 -zdecydowa³o siê `przej±æ w³adzê' zmieniaj±c has³o operatora systemu Twenex
696 -i trzymaj±c je w tajemnicy przed wszystkimi innymi. (Uda³o mi siê
697 -udaremniæ ten zamach i przywróciæ w³adzê u¿ytkownikom ³ataj±c j±dro, lecz
698 -nie wiedzia³bym jak zrobiæ to w Uniksie.)
700 -Jednak, od czasu do czasu panuj±cy wyjawiaj± komu¶. Przy zwyk³ym
701 -mechanizmie `su', kto¶, kto pozna³ has³o root'a i sympatyzuje ze zwyk³ymi
702 -u¿ytkownikami, mo¿e przekazaæ je pozosta³ym. Funkcja "grupy wheel"
703 -uniemo¿liwia³aby to, i w ten sposób umacnia³a w³adzê rz±dz±cych.
705 -Jestem po stronie mas, nie po stronie rz±dz±cych. Je¿eli zwyk³e¶ popieraæ
706 -szefów i administratorów systemów we wszystkim, co robi±, podej¶cie to mo¿e
707 -pocz±tkowo wydaæ Ci siê dziwne.
708 .SH "ZG£ASZANIE B£ÊDÓW"
709 B³êdy proszê zg³aszaæ, w jêz.ang., do <bug-sh-utils@gnu.org>.