1 --- coreutils-6.10/README.orig 2008-01-18 09:26:09.000000000 +0100
2 +++ coreutils-6.10/README 2008-03-02 14:24:55.578407708 +0100
4 factor false fmt fold groups head hostid hostname id install join kill
5 link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
6 od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
7 - runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
8 + runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
9 sleep sort split stat stdbuf stty su sum sync tac tail tee test timeout
10 touch tr true truncate tsort tty uname unexpand uniq unlink uptime users
11 vdir wc who whoami yes
12 --- coreutils-6.10/AUTHORS.orig 2008-01-05 23:58:24.000000000 +0100
13 +++ coreutils-6.10/AUTHORS 2008-03-02 14:25:23.908022120 +0100
15 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
16 rmdir: David MacKenzie
18 +runuser: David MacKenzie, Dan Walsh
20 sha1sum: Ulrich Drepper, Scott Miller, David Madore
21 sha224sum: Ulrich Drepper, Scott Miller, David Madore
22 --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
23 +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
27 /* The official name of this program (e.g., no `g' prefix). */
29 #define PROGRAM_NAME "su"
31 +#define PROGRAM_NAME "runuser"
35 #define AUTHORS proper_name ("David MacKenzie")
42 char *crypt (char const *key, char const *salt);
45 +#define CHECKPASSWD 1
48 char *getusershell (void);
49 void endusershell (void);
50 void setusershell (void);
52 extern char **environ;
54 static void run_shell (char const *, char const *, char **, size_t,
55 - const struct passwd *)
56 + const struct passwd *
58 + , gid_t *groups, int num_groups
65 {"login", no_argument, NULL, 'l'},
66 {"preserve-environment", no_argument, NULL, 'p'},
67 {"shell", required_argument, NULL, 's'},
69 + {"group", required_argument, NULL, 'g'},
70 + {"supp-group", required_argument, NULL, 'G'},
72 {GETOPT_HELP_OPTION_DECL},
73 {GETOPT_VERSION_OPTION_DECL},
76 retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
80 if (getuid() != 0 && !isatty(0)) {
81 fprintf(stderr, _("standard in must be a tty\n"));
86 caller = getpwuid(getuid());
87 if(caller != NULL && caller->pw_name != NULL) {
89 retval = pam_set_item(pamh, PAM_TTY, tty_name);
93 + if (getuid() != geteuid())
94 + /* safety net: deny operation if we are suid by accident */
95 + error(EXIT_FAILURE, 1, "runuser may not be setuid");
97 retval = pam_authenticate(pamh, 0);
99 retval = pam_acct_mgmt(pamh, 0);
105 /* must be authenticated if this point was reached */
108 @@ -398,11 +424,22 @@
109 /* Become the user and group(s) specified by PW. */
112 -change_identity (const struct passwd *pw)
113 +change_identity (const struct passwd *pw
115 + , gid_t *groups, int num_groups
119 #ifdef HAVE_INITGROUPS
122 - if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
125 + rc = setgroups(num_groups, groups);
128 + rc = initgroups(pw->pw_name, pw->pw_gid);
131 pam_close_session(pamh, 0);
132 pam_end(pamh, PAM_ABORT);
136 run_shell (char const *shell, char const *command, char **additional_args,
137 - size_t n_additional_args, const struct passwd *pw)
138 + size_t n_additional_args, const struct passwd *pw
140 + , gid_t *groups, int num_groups
144 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
145 char const **args = xnmalloc (n_args, sizeof *args);
149 if (child == 0) { /* child shell */
150 - change_identity (pw);
151 + change_identity (pw
153 + , groups, num_groups
162 struct passwd pw_copy;
165 + gid_t groups[NGROUPS_MAX];
166 + int num_supp_groups = 0;
170 initialize_main (&argc, &argv);
171 program_name = argv[0];
173 simulate_login = false;
174 change_environment = true;
176 - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
177 + while ((optc = getopt_long (argc, argv, "c:flmps:"
181 + , longopts, NULL)) != -1)
191 + gr = getgrnam(optarg);
193 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
195 + groups[0] = gr->gr_gid;
200 + if (num_supp_groups >= NGROUPS_MAX)
201 + error (EXIT_FAILURE, 0,
202 + _("Can't specify more than %d supplemental groups"),
204 + gr = getgrnam(optarg);
206 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
207 + groups[num_supp_groups] = gr->gr_gid;
211 case_GETOPT_HELP_CHAR;
213 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
218 - if (!correct_password (pw))
220 + if (num_supp_groups && !use_gid)
222 + pw->pw_gid = groups[1];
223 + memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
227 + pw->pw_gid = groups[0];
232 + if (CHECKPASSWD && !correct_password (pw))
234 #ifdef SYSLOG_FAILURE
237 modify_environment (pw, shell);
240 - change_identity (pw);
241 + change_identity (pw
243 + , groups, num_supp_groups
248 - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
249 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
251 + , groups, num_supp_groups
255 --- coreutils-6.10/src/Makefile.am.orig 2008-03-02 14:22:53.223435095 +0100
256 +++ coreutils-6.10/src/Makefile.am 2008-03-02 14:25:58.317983032 +0100
260 build_if_possible__progs = \
261 - chroot df hostid nice pinky stdbuf libstdbuf.so stty su uname uptime users who
262 + chroot df hostid nice pinky stdbuf libstdbuf.so stty su runuser uname uptime users who
264 AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
268 stat_LDADD = $(LDADD) $(LIB_SELINUX)
270 +runuser_SOURCES = su.c
271 +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
272 +runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
274 $(PROGRAMS): ../lib/libcoreutils.a
276 # Get the release year from ../lib/version-etc.c.
281 -all-local: su$(EXEEXT)
282 +all-local: su$(EXEEXT) runuser$(EXEEXT)
284 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
286 --- coreutils-6.10/man/Makefile.am.orig 2008-03-02 14:22:53.175432360 +0100
287 +++ coreutils-6.10/man/Makefile.am 2008-03-02 14:26:36.980186266 +0100
289 rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
290 rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
291 runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
292 +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
293 seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
294 sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
295 sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
296 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
297 +++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000
300 +runuser \- run a shell with substitute user and group IDs
302 +.\" Add any additional description here
303 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
304 +++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
306 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
307 +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
309 +runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
312 +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
314 +.\" Add any additional description here
316 +Change the effective user id and group id to that of USER. No PAM hooks
317 +are run, and there will be no password prompt. This command is useful
318 +when run as the root user. If run as a non-root user without privilege
319 +to set user ID, the command will fail.
321 +-, \fB\-l\fR, \fB\-\-login\fR
322 +make the shell a login shell
324 +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
325 +pass a single COMMAND to the shell with \fB\-c\fR
327 +\fB\-f\fR, \fB\-\-fast\fR
328 +pass \fB\-f\fR to the shell (for csh or tcsh)
330 +\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
331 +specify the primary group
333 +\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
334 +specify a supplemental group
336 +\fB\-m\fR, \fB\-\-preserve\-environment\fR
337 +do not reset environment variables
342 +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
343 +run SHELL if /etc/shells allows it
346 +display this help and exit
349 +output version information and exit
351 +A mere - implies \fB\-l\fR. If USER not given, assume root.
353 +Written by David MacKenzie, Dan Walsh.
354 +.SH "REPORTING BUGS"
355 +Report bugs to <bug-coreutils@gnu.org>.
357 +Copyright \(co 2004 Free Software Foundation, Inc.
359 +This is free software; see the source for copying conditions. There is NO
360 +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
362 +Since this command is trimmed down version of su use you can use the su manual.
363 +The full documentation for
365 +is maintained as a Texinfo manual. If the
369 +programs are properly installed at your site, the command
371 +.B info coreutils su
373 +should give you access to the complete manual.
374 --- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
375 +++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
376 @@ -8986,6 +8986,16 @@
377 msgid "warning: cannot change directory to %s"
378 msgstr "uwaga: nie można zmienić katalogu na %s"
382 +msgid "group %s does not exist"
383 +msgstr "grupa %s nie istnieje"
387 +msgid "Can't specify more than %d supplemental groups"
388 +msgstr "Nie można określić więcej niż %d grup dodatkowych"
390 #. This is a proper name. See the gettext manual, section Names.
392 msgid "Kayvan Aghaiepour"