[packages/coreutils.git] / coreutils-runuser.patch

--- coreutils-6.10/README.orig	2008-01-18 09:26:09.000000000 +0100
+++ coreutils-6.10/README	2008-03-02 14:24:55.578407708 +0100
@@ -12,7 +12,7 @@
   factor false fmt fold groups head hostid hostname id install join kill
   link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
   od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
-  runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
+  runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
   sleep sort split stat stty su sum sync tac tail tee test touch tr true
   tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes
 
--- coreutils-6.10/AUTHORS.orig	2008-01-05 23:58:24.000000000 +0100
+++ coreutils-6.10/AUTHORS	2008-03-02 14:25:23.908022120 +0100
@@ -64,6 +64,7 @@
 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
 rmdir: David MacKenzie
 runcon: Russell Coker
+runuser: David MacKenzie, Dan Walsh
 seq: Ulrich Drepper
 sha1sum: Ulrich Drepper, Scott Miller, David Madore
 sha224sum: Ulrich Drepper, Scott Miller, David Madore
--- coreutils-6.7/src/su.c.runuser	2007-01-09 17:27:56.000000000 +0000
+++ coreutils-6.7/src/su.c	2007-01-09 17:30:12.000000000 +0000
@@ -109,9 +109,15 @@
 #include "error.h"
 
 /* The official name of this program (e.g., no `g' prefix).  */
+#ifndef RUNUSER
 #define PROGRAM_NAME "su"
+#else
+#define PROGRAM_NAME "runuser"
+#endif
 
+#ifndef AUTHORS
 #define AUTHORS proper_name ("David MacKenzie")
+#endif
 
 #if HAVE_PATHS_H
 # include <paths.h>
@@ -150,6 +156,10 @@
 #ifndef USE_PAM
 char *crypt ();
 #endif
+#ifndef CHECKPASSWD
+#define CHECKPASSWD 1
+#endif
+
 char *getusershell ();
 void endusershell ();
 void setusershell ();
@@ -157,7 +167,11 @@
 extern char **environ;
 
 static void run_shell (char const *, char const *, char **, size_t,
-	const struct passwd *)
+	const struct passwd *
+#ifdef RUNUSER
+		       , gid_t *groups, int num_groups
+#endif
+	)
 #ifdef USE_PAM
 	;
 #else
@@ -187,6 +201,10 @@
   {"login", no_argument, NULL, 'l'},
   {"preserve-environment", no_argument, NULL, 'p'},
   {"shell", required_argument, NULL, 's'},
+#ifdef RUNUSER
+  {"group", required_argument, NULL, 'g'},
+  {"supp-group", required_argument, NULL, 'G'},
+#endif
   {GETOPT_HELP_OPTION_DECL},
   {GETOPT_VERSION_OPTION_DECL},
   {NULL, 0, NULL, 0}
@@ -288,10 +306,12 @@
   retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
   PAM_BAIL_P;
 
+#ifndef RUNUSER
   if (getuid() != 0 && !isatty(0)) {
 	fprintf(stderr, _("standard in must be a tty\n"));
 	exit(1);
   }
+#endif
 
   caller = getpwuid(getuid());
   if(caller != NULL && caller->pw_name != NULL) {
@@ -308,6 +328,11 @@
     retval = pam_set_item(pamh, PAM_TTY, tty_name);
     PAM_BAIL_P;
   }
+#ifdef RUNUSER
+  if (getuid() != geteuid())
+    /* safety net: deny operation if we are suid by accident */
+    error(EXIT_FAILURE, 1, "runuser may not be setuid");
+#else
   retval = pam_authenticate(pamh, 0);
   PAM_BAIL_P;
   retval = pam_acct_mgmt(pamh, 0);
@@ -317,6 +342,7 @@
     PAM_BAIL_P;
   }
   PAM_BAIL_P;
+#endif
   /* must be authenticated if this point was reached */
   return 1;
 #else /* !USE_PAM */
@@ -398,11 +424,22 @@
 /* Become the user and group(s) specified by PW.  */
 
 static void
-change_identity (const struct passwd *pw)
+change_identity (const struct passwd *pw
+#ifdef RUNUSER
+		 , gid_t *groups, int num_groups
+#endif
+	)
 {
 #ifdef HAVE_INITGROUPS
+  int rc = 0;
   errno = 0;
-  if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
+#ifdef RUNUSER
+  if (num_groups)
+    rc = setgroups(num_groups, groups);
+  else
+#endif
+    rc = initgroups(pw->pw_name, pw->pw_gid);
+  if (rc == -1) {
 #ifdef USE_PAM
     pam_close_session(pamh, 0);
     pam_end(pamh, PAM_ABORT);
@@ -449,7 +486,11 @@
 
 static void
 run_shell (char const *shell, char const *command, char **additional_args,
-	   size_t n_additional_args, const struct passwd *pw)
+	   size_t n_additional_args, const struct passwd *pw
+#ifdef RUNUSER
+	   , gid_t *groups, int num_groups
+#endif
+	)
 {
   size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
   char const **args = xnmalloc (n_args, sizeof *args);
@@ -480,7 +521,11 @@
 
   child = fork();
   if (child == 0) {  /* child shell */
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		   , groups, num_groups
+#endif
+	  );
   pam_end(pamh, 0);
   if (!same_session)
     setsid ();
@@ -657,6 +702,12 @@
   char *shell = NULL;
   struct passwd *pw;
   struct passwd pw_copy;
+#ifdef RUNUSER
+  struct group *gr;
+  gid_t groups[NGROUPS_MAX];
+  int num_supp_groups = 0;
+  int use_gid = 0;
+#endif
 
   initialize_main (&argc, &argv);
   program_name = argv[0];
@@ -671,7 +722,11 @@
   simulate_login = false;
   change_environment = true;
 
-  while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
+  while ((optc = getopt_long (argc, argv, "c:flmps:"
+#ifdef RUNUSER
+			      "g:G:"
+#endif
+			      , longopts, NULL)) != -1)
     {
       switch (optc)
 	{
@@ -701,6 +756,28 @@
 	  shell = optarg;
 	  break;
 
+#ifdef RUNUSER
+	case 'g':
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
+	  use_gid = 1;
+	  groups[0] = gr->gr_gid;
+	  break;
+
+	case 'G':
+	  num_supp_groups++;
+	  if (num_supp_groups >= NGROUPS_MAX)
+	    error (EXIT_FAILURE, 0,
+		   _("Can't specify more than %d supplemental groups"),
+		   NGROUPS_MAX - 1);
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
+	  groups[num_supp_groups] = gr->gr_gid;
+	  break;
+#endif
+
 	case_GETOPT_HELP_CHAR;
 
 	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
@@ -739,7 +816,20 @@
 			  : DEFAULT_SHELL);
   endpwent ();
 
-  if (!correct_password (pw))
+#ifdef RUNUSER
+  if (num_supp_groups && !use_gid)
+  {
+    pw->pw_gid = groups[1];
+    memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
+  }
+  else if (use_gid)
+  {
+    pw->pw_gid = groups[0];
+    num_supp_groups++;
+  }
+#endif
+
+  if (CHECKPASSWD && !correct_password (pw))
     {
 #ifdef SYSLOG_FAILURE
       log_su (pw, false);
@@ -771,8 +861,16 @@
   modify_environment (pw, shell);
 
 #ifndef USE_PAM
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		   , groups, num_supp_groups
+#endif
+		   );
 #endif
 
-  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
+  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
+#ifdef RUNUSER
+	     , groups, num_supp_groups
+#endif
+	     );
 }
--- coreutils-6.10/src/Makefile.am.orig	2008-03-02 14:22:53.223435095 +0100
+++ coreutils-6.10/src/Makefile.am	2008-03-02 14:25:58.317983032 +0100
@@ -24,7 +24,7 @@
   arch hostname su
 
 build_if_possible__progs = \
-  chroot df hostid nice pinky stty su uname uptime users who
+  chroot df hostid nice pinky stty su runuser uname uptime users who
 
 EXTRA_PROGRAMS = \
   $(no_install__progs) \
@@ -135,6 +135,10 @@
 
 stat_LDADD = $(LDADD) $(LIB_SELINUX)
 
+runuser_SOURCES = su.c
+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
+
 $(PROGRAMS): ../lib/libcoreutils.a
 
 # Get the release year from ../lib/version-etc.c.
@@ -156,7 +160,7 @@
 	chmod +x $@-t
 	mv $@-t $@
 
-all-local: su$(EXEEXT)
+all-local: su$(EXEEXT) runuser$(EXEEXT)
 
 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
 
--- coreutils-6.10/man/Makefile.am.orig	2008-03-02 14:22:53.175432360 +0100
+++ coreutils-6.10/man/Makefile.am	2008-03-02 14:26:36.980186266 +0100
@@ -94,6 +94,7 @@
 rm.1:		$(common_dep)	$(srcdir)/rm.x		../src/rm.c
 rmdir.1:	$(common_dep)	$(srcdir)/rmdir.x	../src/rmdir.c
 runcon.1:	$(common_dep)	$(srcdir)/runcon.x	../src/runcon.c
+runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/su.c
 seq.1:		$(common_dep)	$(srcdir)/seq.x		../src/seq.c
 sha1sum.1:	$(common_dep)	$(srcdir)/sha1sum.x	../src/md5sum.c
 sha224sum.1:	$(common_dep)	$(srcdir)/sha224sum.x	../src/md5sum.c
--- /dev/null	2007-01-09 09:38:07.860075128 +0000
+++ coreutils-6.7/man/runuser.x	2007-01-09 17:27:56.000000000 +0000
@@ -0,0 +1,4 @@
+[NAME]
+runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
--- /dev/null	2007-01-09 09:38:07.860075128 +0000
+++ coreutils-6.7/man/runuser.1	2007-01-09 17:27:56.000000000 +0000
@@ -0,0 +1,68 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.33.
+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
+.SH NAME
+runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
+.SH SYNOPSIS
+.B runuser
+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
+.SH DESCRIPTION
+.\" Add any additional description here
+.PP
+Change the effective user id and group id to that of USER.  No PAM hooks
+are run, and there will be no password prompt.  This command is useful
+when run as the root user.  If run as a non-root user without privilege
+to set user ID, the command will fail.
+.TP
+-, \fB\-l\fR, \fB\-\-login\fR
+make the shell a login shell
+.TP
+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
+pass a single COMMAND to the shell with \fB\-c\fR
+.TP
+\fB\-f\fR, \fB\-\-fast\fR
+pass \fB\-f\fR to the shell (for csh or tcsh)
+.TP
+\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
+specify the primary group
+.TP
+\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
+specify a supplemental group
+.TP
+\fB\-m\fR, \fB\-\-preserve\-environment\fR
+do not reset environment variables
+.TP
+\fB\-p\fR
+same as \fB\-m\fR
+.TP
+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
+run SHELL if /etc/shells allows it
+.TP
+\fB\-\-help\fR
+display this help and exit
+.TP
+\fB\-\-version\fR
+output version information and exit
+.PP
+A mere - implies \fB\-l\fR.   If USER not given, assume root.
+.SH AUTHOR
+Written by David MacKenzie, Dan Walsh.
+.SH "REPORTING BUGS"
+Report bugs to <bug-coreutils@gnu.org>.
+.SH COPYRIGHT
+Copyright \(co 2004 Free Software Foundation, Inc.
+.br
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH "SEE ALSO"
+Since this command is trimmed down version of su use you can use the su manual.
+The full documentation for
+.B su
+is maintained as a Texinfo manual.  If the
+.B info
+and
+.B su
+programs are properly installed at your site, the command
+.IP
+.B info coreutils su
+.PP
+should give you access to the complete manual.
--- coreutils-6.10/po/pl.po.orig	2008-03-02 14:22:54.123486386 +0100
+++ coreutils-6.10/po/pl.po	2008-03-02 14:28:35.858960780 +0100
@@ -8986,6 +8986,16 @@
 msgid "warning: cannot change directory to %s"
Commit	Line	Data
3c350007 JB	1	--- coreutils-6.10/README.orig 2008-01-18 09:26:09.000000000 +0100
	2	+++ coreutils-6.10/README 2008-03-02 14:24:55.578407708 +0100
	3	@@ -12,7 +12,7 @@
	4	factor false fmt fold groups head hostid hostname id install join kill
	5	link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
	6	od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
	7	- runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
	8	+ runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
	9	sleep sort split stat stty su sum sync tac tail tee test touch tr true
	10	tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes
5d9fc52d	11
3c350007 JB	12	--- coreutils-6.10/AUTHORS.orig 2008-01-05 23:58:24.000000000 +0100
	13	+++ coreutils-6.10/AUTHORS 2008-03-02 14:25:23.908022120 +0100
	14	@@ -64,6 +64,7 @@
	15	rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
	16	rmdir: David MacKenzie
	17	runcon: Russell Coker
	18	+runuser: David MacKenzie, Dan Walsh
	19	seq: Ulrich Drepper
	20	sha1sum: Ulrich Drepper, Scott Miller, David Madore
	21	sha224sum: Ulrich Drepper, Scott Miller, David Madore
5d9fc52d JR	22	--- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
5d9fc52d JR	23	+++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
d7c818dd	24	@@ -109,9 +109,15 @@
5d9fc52d JR	25	#include "error.h"
	26
	27	/* The official name of this program (e.g., no `g' prefix). */
	28	+#ifndef RUNUSER
	29	#define PROGRAM_NAME "su"
	30	+#else
	31	+#define PROGRAM_NAME "runuser"
	32	+#endif
	33
	34	+#ifndef AUTHORS
d7c818dd	35	#define AUTHORS proper_name ("David MacKenzie")
5d9fc52d JR	36	+#endif
	37
	38	#if HAVE_PATHS_H
	39	# include <paths.h>
	40	@@ -150,6 +156,10 @@
	41	#ifndef USE_PAM
	42	char *crypt ();
	43	#endif
	44	+#ifndef CHECKPASSWD
	45	+#define CHECKPASSWD 1
	46	+#endif
	47	+
	48	char *getusershell ();
	49	void endusershell ();
	50	void setusershell ();
	51	@@ -157,7 +167,11 @@
	52	extern char **environ;
	53
	54	static void run_shell (char const , char const , char **, size_t,
	55	- const struct passwd *)
	56	+ const struct passwd *
	57	+#ifdef RUNUSER
	58	+ , gid_t *groups, int num_groups
	59	+#endif
	60	+ )
	61	#ifdef USE_PAM
	62	;
	63	#else
	64	@@ -187,6 +201,10 @@
	65	{"login", no_argument, NULL, 'l'},
	66	{"preserve-environment", no_argument, NULL, 'p'},
	67	{"shell", required_argument, NULL, 's'},
	68	+#ifdef RUNUSER
	69	+ {"group", required_argument, NULL, 'g'},
	70	+ {"supp-group", required_argument, NULL, 'G'},
	71	+#endif
	72	{GETOPT_HELP_OPTION_DECL},
	73	{GETOPT_VERSION_OPTION_DECL},
	74	{NULL, 0, NULL, 0}
	75	@@ -288,10 +306,12 @@
	76	retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
	77	PAM_BAIL_P;
	78
	79	+#ifndef RUNUSER
	80	if (getuid() != 0 && !isatty(0)) {
	81	fprintf(stderr, _("standard in must be a tty\n"));
	82	exit(1);
	83	}
	84	+#endif
	85
	86	caller = getpwuid(getuid());
	87	if(caller != NULL && caller->pw_name != NULL) {
	88	@@ -308,6 +328,11 @@
	89	retval = pam_set_item(pamh, PAM_TTY, tty_name);
	90	PAM_BAIL_P;
	91	}
	92	+#ifdef RUNUSER
	93	+ if (getuid() != geteuid())
	94	+ /* safety net: deny operation if we are suid by accident */
3c350007	95	+ error(EXIT_FAILURE, 1, "runuser may not be setuid");
5d9fc52d JR	96	+#else
	97	retval = pam_authenticate(pamh, 0);
	98	PAM_BAIL_P;
	99	retval = pam_acct_mgmt(pamh, 0);
	100	@@ -317,6 +342,7 @@
	101	PAM_BAIL_P;
	102	}
	103	PAM_BAIL_P;
	104	+#endif
	105	/* must be authenticated if this point was reached */
	106	return 1;
	107	#else /* !USE_PAM */
	108	@@ -398,11 +424,22 @@
	109	/* Become the user and group(s) specified by PW. */
	110
	111	static void
	112	-change_identity (const struct passwd *pw)
	113	+change_identity (const struct passwd *pw
	114	+#ifdef RUNUSER
	115	+ , gid_t *groups, int num_groups
	116	+#endif
	117	+ )
	118	{
	119	#ifdef HAVE_INITGROUPS
	120	+ int rc = 0;
	121	errno = 0;
	122	- if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
	123	+#ifdef RUNUSER
	124	+ if (num_groups)
	125	+ rc = setgroups(num_groups, groups);
	126	+ else
	127	+#endif
	128	+ rc = initgroups(pw->pw_name, pw->pw_gid);
	129	+ if (rc == -1) {
	130	#ifdef USE_PAM
	131	pam_close_session(pamh, 0);
	132	pam_end(pamh, PAM_ABORT);
	133	@@ -449,7 +486,11 @@
	134
	135	static void
	136	run_shell (char const shell, char const command, char **additional_args,
	137	- size_t n_additional_args, const struct passwd *pw)
	138	+ size_t n_additional_args, const struct passwd *pw
	139	+#ifdef RUNUSER
	140	+ , gid_t *groups, int num_groups
	141	+#endif
	142	+ )
	143	{
	144	size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
	145	char const *args = xnmalloc (n_args, sizeof args);
	146	@@ -480,7 +521,11 @@
	147
	148	child = fork();
	149	if (child == 0) { /* child shell */
	150	- change_identity (pw);
	151	+ change_identity (pw
	152	+#ifdef RUNUSER
	153	+ , groups, num_groups
	154	+#endif
	155	+ );
	156	pam_end(pamh, 0);
	157	if (!same_session)
	158	setsid ();
	159	@@ -657,6 +702,12 @@
160	char *shell = NULL;
161	struct passwd *pw;
162	struct passwd pw_copy;
163	+#ifdef RUNUSER
164	+ struct group *gr;
165	+ gid_t groups[NGROUPS_MAX];
166	+ int num_supp_groups = 0;
167	+ int use_gid = 0;
168	+#endif
169
170	initialize_main (&argc, &argv);
171	program_name = argv[0];
172	@@ -671,7 +722,11 @@
173	simulate_login = false;
174	change_environment = true;
175
176	- while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
177	+ while ((optc = getopt_long (argc, argv, "c:flmps:"
178	+#ifdef RUNUSER
179	+ "g:G:"
180	+#endif
181	+ , longopts, NULL)) != -1)
182	{
183	switch (optc)
184	{
185	@@ -701,6 +756,28 @@
186	shell = optarg;
187	break;
188
189	+#ifdef RUNUSER
190	+ case 'g':
191	+ gr = getgrnam(optarg);
192	+ if (!gr)
3c350007	193	+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
5d9fc52d JR	194	+ use_gid = 1;
	195	+ groups[0] = gr->gr_gid;
	196	+ break;
	197	+
	198	+ case 'G':
	199	+ num_supp_groups++;
	200	+ if (num_supp_groups >= NGROUPS_MAX)
3c350007	201	+ error (EXIT_FAILURE, 0,
5d9fc52d JR	202	+ _("Can't specify more than %d supplemental groups"),
	203	+ NGROUPS_MAX - 1);
	204	+ gr = getgrnam(optarg);
	205	+ if (!gr)
3c350007	206	+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
5d9fc52d JR	207	+ groups[num_supp_groups] = gr->gr_gid;
	208	+ break;
	209	+#endif
	210	+
	211	case_GETOPT_HELP_CHAR;
	212
	213	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
	214	@@ -739,7 +816,20 @@
	215	: DEFAULT_SHELL);
	216	endpwent ();
	217
	218	- if (!correct_password (pw))
	219	+#ifdef RUNUSER
	220	+ if (num_supp_groups && !use_gid)
	221	+ {
	222	+ pw->pw_gid = groups[1];
	223	+ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
	224	+ }
	225	+ else if (use_gid)
	226	+ {
	227	+ pw->pw_gid = groups[0];
	228	+ num_supp_groups++;
	229	+ }
	230	+#endif
	231	+
	232	+ if (CHECKPASSWD && !correct_password (pw))
	233	{
	234	#ifdef SYSLOG_FAILURE
	235	log_su (pw, false);
	236	@@ -771,8 +861,16 @@
	237	modify_environment (pw, shell);
	238
	239	#ifndef USE_PAM
	240	- change_identity (pw);
	241	+ change_identity (pw
	242	+#ifdef RUNUSER
	243	+ , groups, num_supp_groups
	244	+#endif
	245	+ );
	246	#endif
	247
	248	- run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
	249	+ run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
	250	+#ifdef RUNUSER
	251	+ , groups, num_supp_groups
	252	+#endif
	253	+ );
	254	}
3c350007 JB	255	--- coreutils-6.10/src/Makefile.am.orig 2008-03-02 14:22:53.223435095 +0100
	256	+++ coreutils-6.10/src/Makefile.am 2008-03-02 14:25:58.317983032 +0100
	257	@@ -24,7 +24,7 @@
	258	arch hostname su
	259
	260	build_if_possible__progs = \
	261	- chroot df hostid nice pinky stty su uname uptime users who
	262	+ chroot df hostid nice pinky stty su runuser uname uptime users who
5d9fc52d	263
3c350007 JB	264	EXTRA_PROGRAMS = \
	265	$(no_install__progs) \
	266	@@ -135,6 +135,10 @@
5d9fc52d	267
3c350007	268	stat_LDADD = $(LDADD) $(LIB_SELINUX)
5d9fc52d JR	269
	270	+runuser_SOURCES = su.c
	271	+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
67a461d4	272	+runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
5d9fc52d JR	273	+
	274	$(PROGRAMS): ../lib/libcoreutils.a
	275
3c350007 JB	276	# Get the release year from ../lib/version-etc.c.
3c350007 JB	277	@@ -156,7 +160,7 @@
5d9fc52d JR	278	chmod +x $@-t
	279	mv $@-t $@
	280
	281	-all-local: su$(EXEEXT)
3c350007	282	+all-local: su$(EXEEXT) runuser$(EXEEXT)
5d9fc52d JR	283
	284	installed_su = $(DESTDIR)$(bindir)/`echo su\|sed '$(transform)'`
	285
3c350007 JB	286	--- coreutils-6.10/man/Makefile.am.orig 2008-03-02 14:22:53.175432360 +0100
	287	+++ coreutils-6.10/man/Makefile.am 2008-03-02 14:26:36.980186266 +0100
	288	@@ -94,6 +94,7 @@
5d9fc52d JR	289	rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
5d9fc52d JR	290	rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
3c350007	291	runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
5d9fc52d JR	292	+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
	293	seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
	294	sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
	295	sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
	296	--- /dev/null 2007-01-09 09:38:07.860075128 +0000
	297	+++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000
	298	@@ -0,0 +1,4 @@
	299	+[NAME]
	300	+runuser \- run a shell with substitute user and group IDs
	301	+[DESCRIPTION]
	302	+.\" Add any additional description here
	303	--- /dev/null 2007-01-09 09:38:07.860075128 +0000
	304	+++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
	305	@@ -0,0 +1,68 @@
	306	+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
	307	+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
	308	+.SH NAME
	309	+runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
	310	+.SH SYNOPSIS
	311	+.B runuser
	312	+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
	313	+.SH DESCRIPTION
	314	+.\" Add any additional description here
	315	+.PP
	316	+Change the effective user id and group id to that of USER. No PAM hooks
	317	+are run, and there will be no password prompt. This command is useful
	318	+when run as the root user. If run as a non-root user without privilege
	319	+to set user ID, the command will fail.
	320	+.TP
	321	+-, \fB\-l\fR, \fB\-\-login\fR
	322	+make the shell a login shell
	323	+.TP
	324	+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
	325	+pass a single COMMAND to the shell with \fB\-c\fR
	326	+.TP
	327	+\fB\-f\fR, \fB\-\-fast\fR
	328	+pass \fB\-f\fR to the shell (for csh or tcsh)
	329	+.TP
	330	+\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
	331	+specify the primary group
	332	+.TP
	333	+\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
	334	+specify a supplemental group
	335	+.TP
	336	+\fB\-m\fR, \fB\-\-preserve\-environment\fR
	337	+do not reset environment variables
	338	+.TP
	339	+\fB\-p\fR
	340	+same as \fB\-m\fR
	341	+.TP
	342	+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
	343	+run SHELL if /etc/shells allows it
	344	+.TP
	345	+\fB\-\-help\fR
	346	+display this help and exit
	347	+.TP
	348	+\fB\-\-version\fR
	349	+output version information and exit
	350	+.PP
	351	+A mere - implies \fB\-l\fR. If USER not given, assume root.
	352	+.SH AUTHOR
	353	+Written by David MacKenzie, Dan Walsh.
	354	+.SH "REPORTING BUGS"
	355	+Report bugs to <bug-coreutils@gnu.org>.
356	+.SH COPYRIGHT
357	+Copyright \(co 2004 Free Software Foundation, Inc.
358	+.br
359	+This is free software; see the source for copying conditions. There is NO
360	+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
361	+.SH "SEE ALSO"
362	+Since this command is trimmed down version of su use you can use the su manual.
363	+The full documentation for
364	+.B su
365	+is maintained as a Texinfo manual. If the
366	+.B info
367	+and
368	+.B su
369	+programs are properly installed at your site, the command
370	+.IP
371	+.B info coreutils su
372	+.PP
373	+should give you access to the complete manual.
3c350007 JB	374	--- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
	375	+++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
	376	@@ -8986,6 +8986,16 @@
2b14ddfb JB	377	msgid "warning: cannot change directory to %s"
	378