1 --- coreutils-6.7/src/Makefile.am.pam 2006-11-24 21:28:10.000000000 +0000
2 +++ coreutils-6.7/src/Makefile.am 2007-01-09 17:00:01.000000000 +0000
4 # If necessary, add -lm to resolve use of pow in lib/strtod.c.
5 uptime_LDADD = $(LDADD) $(POW_LIB) $(GETLOADAVG_LIBS)
7 -su_LDADD = $(LDADD) $(LIB_CRYPT)
8 +su_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
10 dir_LDADD += $(LIB_ACL)
11 ls_LDADD += $(LIB_ACL)
12 --- coreutils-6.10/src/su.c.orig 2007-11-25 14:23:31.000000000 +0100
13 +++ coreutils-6.10/src/su.c 2008-03-02 02:07:13.568059486 +0100
15 restricts who can su to UID 0 accounts. RMS considers that to
20 + Actually, with PAM, su has nothing to do with whether or not a
21 + wheel group is enforced by su. RMS tries to restrict your access
22 + to a su which implements the wheel group, but PAM considers that
23 + to be fascist, and gives the user/sysadmin the opportunity to
24 + enforce a wheel group by proper editing of /etc/pam.conf
29 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
30 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
32 prototype (returning `int') in <unistd.h>. */
33 #define getusershell _getusershell_sys_proto_
37 +# include <sys/wait.h>
38 +# include <sys/fsuid.h>
40 +# include <security/pam_appl.h>
41 +# include <security/pam_misc.h>
48 /* The user to become if none is specified. */
49 #define DEFAULT_USER "root"
54 char *getusershell ();
58 extern char **environ;
60 -static void run_shell (char const *, char const *, char **, size_t)
61 +static void run_shell (char const *, char const *, char **, size_t,
62 + const struct passwd *)
69 /* The name this program was run with. */
76 +static pam_handle_t *pamh = NULL;
78 +static struct pam_conv conv = {
83 +#define PAM_BAIL_P if (retval) { \
84 + pam_end(pamh, PAM_SUCCESS); \
87 +#define PAM_BAIL_P_VOID if (retval) { \
88 + pam_end(pamh, PAM_SUCCESS); \
93 /* Ask the user for a password.
94 + If PAM is in use, let PAM ask for the password if necessary.
95 Return true if the user gives the correct password for entry PW,
96 false if not. Return true without asking for a password if run by UID 0
97 or if PW has an empty password. */
100 correct_password (const struct passwd *pw)
103 + struct passwd *caller;
104 + char *tty_name, *ttyn;
105 + retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
108 + if (getuid() != 0 && !isatty(0)) {
109 + fprintf(stderr, _("standard in must be a tty\n"));
113 + caller = getpwuid(getuid());
114 + if(caller != NULL && caller->pw_name != NULL) {
115 + retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
121 + if (strncmp(ttyn, "/dev/", 5) == 0)
125 + retval = pam_set_item(pamh, PAM_TTY, tty_name);
128 + retval = pam_authenticate(pamh, 0);
130 + retval = pam_acct_mgmt(pamh, 0);
131 + if (retval == PAM_NEW_AUTHTOK_REQD && getuid()) {
132 + /* password has expired. Offer option to change it. */
133 + retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
137 + /* must be authenticated if this point was reached */
139 +#else /* !USE_PAM */
140 char *unencrypted, *encrypted, *correct;
141 #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
142 /* Shadow passwd stuff for SVR3 and maybe other systems. */
144 encrypted = crypt (unencrypted, correct);
145 memset (unencrypted, 0, strlen (unencrypted));
146 return STREQ (encrypted, correct);
147 +#endif /* !USE_PAM */
150 /* Update `environ' for the new shell based on PW, with SHELL being
151 @@ -260,12 +344,18 @@
152 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
153 Unset all other environment variables. */
154 char const *term = getenv ("TERM");
155 + char const *display = getenv ("DISPLAY");
156 + char const *xauthority = getenv ("XAUTHORITY");
158 term = xstrdup (term);
159 environ = xmalloc ((6 + !!term) * sizeof (char *));
162 xsetenv ("TERM", term);
164 + xsetenv ("DISPLAY", display);
166 + xsetenv ("XAUTHORITY", xauthority);
167 xsetenv ("HOME", pw->pw_dir);
168 xsetenv ("SHELL", shell);
169 xsetenv ("USER", pw->pw_name);
172 #ifdef HAVE_INITGROUPS
174 - if (initgroups (pw->pw_name, pw->pw_gid) == -1)
175 + if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
177 + pam_close_session(pamh, 0);
178 + pam_end(pamh, PAM_ABORT);
180 error (EXIT_FAILURE, errno, _("cannot set groups"));
184 if (setgid (pw->pw_gid))
186 error (EXIT_FAILURE, errno, _("cannot set user id"));
190 +static int caught=0;
191 +/* Signal handler for parent process later */
192 +static void su_catch_sig(int sig)
198 +pam_copyenv (pam_handle_t *pamh)
202 + env = pam_getenvlist(pamh);
214 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
215 If COMMAND is nonzero, pass it to the shell with the -c option.
216 Pass ADDITIONAL_ARGS to the shell as more arguments; there
217 @@ -315,17 +435,49 @@
220 run_shell (char const *shell, char const *command, char **additional_args,
221 - size_t n_additional_args)
222 + size_t n_additional_args, const struct passwd *pw)
224 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
225 char const **args = xnmalloc (n_args, sizeof *args);
232 + retval = pam_open_session(pamh,0);
233 + if (retval != PAM_SUCCESS) {
234 + fprintf (stderr, _("could not open session\n"));
238 +/* do this at the last possible moment, because environment variables may
239 + be passed even in the session phase
241 + if(pam_copyenv(pamh) != PAM_SUCCESS)
242 + fprintf (stderr, _("error copying PAM environment\n"));
244 + /* Credentials should be set in the parent */
245 + if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
246 + pam_close_session(pamh, 0);
247 + fprintf(stderr, _("could not set PAM credentials\n"));
252 + if (child == 0) { /* child shell */
253 + change_identity (pw);
260 char *shell_basename;
262 + if(chdir(pw->pw_dir))
263 + error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
265 shell_basename = last_component (shell);
266 arg0 = xmalloc (strlen (shell_basename) + 2);
269 error (0, errno, "%s", shell);
273 + } else if (child == -1) {
274 + fprintf(stderr, _("can not fork user shell: %s"), strerror(errno));
275 + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
276 + pam_close_session(pamh, 0);
277 + pam_end(pamh, PAM_ABORT);
281 + sigfillset(&ourset);
282 + if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
283 + fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME);
287 + struct sigaction action;
288 + action.sa_handler = su_catch_sig;
289 + sigemptyset(&action.sa_mask);
290 + action.sa_flags = 0;
291 + sigemptyset(&ourset);
292 + if (sigaddset(&ourset, SIGTERM)
293 + || sigaddset(&ourset, SIGALRM)
294 + || sigaction(SIGTERM, &action, NULL)
295 + || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
296 + fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME);
304 + pid = waitpid(-1, &status, WUNTRACED);
306 + if (WIFSTOPPED(status)) {
307 + kill(getpid(), SIGSTOP);
308 + /* once we get here, we must have resumed */
309 + kill(pid, SIGCONT);
311 + } while (WIFSTOPPED(status));
315 + fprintf(stderr, _("\nSession terminated, killing shell..."));
316 + kill (child, SIGTERM);
318 + /* Not checking retval on this because we need to call close session */
319 + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
320 + retval = pam_close_session(pamh, 0);
322 + retval = pam_end(pamh, PAM_SUCCESS);
326 + kill(child, SIGKILL);
327 + fprintf(stderr, _(" ...killed.\n"));
330 + exit (WEXITSTATUS(status));
331 +#endif /* USE_PAM */
334 /* Return true if SHELL is a restricted shell (one not returned by
336 shell = xstrdup (shell ? shell : pw->pw_shell);
337 modify_environment (pw, shell);
340 change_identity (pw);
341 - if (simulate_login && chdir (pw->pw_dir) != 0)
342 - error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
345 - run_shell (shell, command, argv + optind, MAX (0, argc - optind));
346 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
348 --- coreutils-6.7/doc/coreutils.texi.pam 2006-10-27 15:30:48.000000000 +0100
349 +++ coreutils-6.7/doc/coreutils.texi 2007-01-09 17:00:01.000000000 +0000
350 @@ -13395,8 +13395,11 @@
352 @command{su} can optionally be compiled to use @code{syslog} to report
353 failed, and optionally successful, @command{su} attempts. (If the system
354 -supports @code{syslog}.) However, GNU @command{su} does not check if the
355 -user is a member of the @code{wheel} group; see below.
356 +supports @code{syslog}.)
358 +This version of @command{su} has support for using PAM for
359 +authentication. You can edit @file{/etc/pam.d/su} to customize its
362 The program accepts the following options. Also see @ref{Common options}.
364 @@ -11892,32 +11892,6 @@
365 the exit status of the subshell otherwise
368 -@cindex wheel group, not supported
369 -@cindex group wheel, not supported
371 -@subsection Why GNU @command{su} does not support the @samp{wheel} group
373 -(This section is by Richard Stallman.)
377 -Sometimes a few of the users try to hold total power over all the
378 -rest. For example, in 1984, a few users at the MIT AI lab decided to
379 -seize power by changing the operator password on the Twenex system and
380 -keeping it secret from everyone else. (I was able to thwart this coup
381 -and give power back to the users by patching the kernel, but I
382 -wouldn't know how to do that in Unix.)
384 -However, occasionally the rulers do tell someone. Under the usual
385 -@command{su} mechanism, once someone learns the root password who
386 -sympathizes with the ordinary users, he or she can tell the rest. The
387 -``wheel group'' feature would make this impossible, and thus cement the
388 -power of the rulers.
390 -I'm on the side of the masses, not that of the rulers. If you are
391 -used to supporting the bosses and sysadmins in whatever they do, you
392 -might find this idea strange at first.
397 --- coreutils-6.10/configure.ac.orig 2008-01-13 09:14:23.000000000 +0100
398 +++ coreutils-6.10/configure.ac 2008-03-02 02:08:10.027276914 +0100
403 +dnl Give the chance to enable PAM
404 +AC_ARG_ENABLE(pam, dnl
405 +[ --enable-pam Enable use of the PAM libraries],
406 +AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
407 +LIB_PAM="-ldl -lpam -lpam_misc"
414 AM_GNU_GETTEXT([external], [need-formatstring-macros])
415 AM_GNU_GETTEXT_VERSION([0.15])
417 +# just in case we want PAM
419 +# with PAM su doesn't need libcrypt
420 +if test -n "$LIB_PAM" ; then
427 --- coreutils-6.10/po/pl.po.orig 2008-01-16 21:22:08.000000000 +0100
428 +++ coreutils-6.10/po/pl.po 2008-03-02 02:09:23.671473657 +0100
429 @@ -8875,6 +8875,49 @@
430 msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
431 msgstr "Sk³adnia: %s [OPCJA]... [-] [U¯YTKOWNIK [ARGUMENT]...]\n"
434 +msgid "standard in must be a tty\n\n"
435 +msgstr "standardowe wej¶cie musi byæ terminalem\n"
438 +msgid "could not open session\n"
439 +msgstr "nie mo¿na otworzyæ sesji\n"
442 +msgid "error copying PAM environment\n"
443 +msgstr "b³±d podczas kopiowania ¶rodowiska PAM\n"
446 +msgid "could not set PAM credentials\n"
447 +msgstr "b³±d podczas ustawiania uwierzytelnienia PAM\n"
451 +msgid "cannot fork user shell: %s"
452 +msgstr "nie mo¿na utworzyæ procesu pow³oki u¿ytkownika: %s"
456 +msgid "%s: signal malfunction\n"
457 +msgstr "%s: b³êdne dzia³anie sygna³ów\n"
461 +msgid "%s: signal masking malfunction\n"
462 +msgstr "%s: b³êdne dzia³anie maskowania sygna³ów\n"
467 +"Session terminated, killing shell..."
470 +"Sesja zakoñczona, zabijanie pow³oki..."
478 "Change the effective user id and group id to that of USER.\n"
479 diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1
480 --- coreutils-5.2.1.orig/man/es/su.1 Mon Apr 12 14:26:19 1999
481 +++ coreutils-5.2.1/man/es/su.1 Thu Mar 18 17:05:55 2004
483 puede ser compilado para reportar fallo, y opcionalmente éxito en syslog.
485 intentará utilizar syslog.
487 -Este programa no soporta el grupo "wheel", el cual restringe quien podrá
490 -hacia la cuenta de root (el superusuario) ya que esta política podría
491 -ayudar a los administradores de máquinas a facilitar un uso inadecuado a otros
495 .I "\-c COMANDO, \-\-command=COMANDO"
498 Escribe información sobre la versión en la salida estándar y acaba sin
501 -.SH Por que GNU no soporta el grupo "wheel" (por Richard Stallman)
502 -A veces, algunos listillos intentan hacerse con el poder total
503 -sobre el resto de usuarios. Por ejemplo, en 1984, un grupo de usuarios del
504 -laboratorio de Inteligencia Artificial del MIT decidieron tomar el poder
505 -cambiando el password de operador del sistema Twenex y manteniendolo secreto
506 -para el resto de usuarios. (De todas maneras, hubiera sido posible desbaratar
507 -la situación y devolver el control a los usuarios legítimos parcheando el
508 -kernel, pero no sabría como realizar esta operación en un sistema Unix.)
510 -Sin embargo, casualmente alguien contó el secreto. Mediante el uso habitual de
512 -una vez que alguien conoce el password de root puede contarselo al resto de
513 -usuarios. El grupo "wheel" hará que esto sea imposible, protegiendo así el poder
514 -de los superusuarios.
516 -Yo estoy del lado de las masas, no de los superusuarios. Si eres de los que
517 -estan de acuerdo con los jefes y los administradores de sistemas en cualquier
518 -cosa que hagan, al principio encontrarás esta idea algo extraña.
519 diff -Nur coreutils-5.2.1.orig/man/fr/su.1 coreutils-5.2.1/man/fr/su.1
520 --- coreutils-5.2.1.orig/man/fr/su.1 Sun Aug 10 12:00:00 2003
521 +++ coreutils-5.2.1/man/fr/su.1 Thu Mar 18 17:05:55 2004
523 peut être compilé afin de fournir des rapports d'échec, et éventuellement
524 de réussite des tentatives d'utilisation de
527 -Ce programme ne gère pas le "groupe wheel" utilisé pour restreindre
530 -au compte Super-Utilisateur, car il pourrait aider des administrateurs
531 -système fascistes à disposer d'un pouvoir incontrôlé
532 -sur les autres utilisateurs.
535 .I "\-c COMMANDE, \-\-command=COMMANDE"
538 Afficher un numéro de version sur la sortie standard et se terminer normalement.
540 -.SH Pourquoi GNU SU ne gère-t-il pas le groupe `wheel' (par Richard Stallman)
541 -Il peut arriver qu'un petit groupe d'utilisateurs essayent de s'approprier
542 -l'ensemble du système. Par exemple, en 1984, quelques utilisateurs du
543 -laboratoire d'I.A du MIT ont tentés de prendre le pouvoir en modifiant
544 -le mot de passe de l'opérateur sur le système Twenex, et en
545 -gardant ce mot de passe secret. (J'ai pu les en empêcher en modifiant le noyau, et
546 -restaurer ainsi les autres accès, mais je ne saurais pas en faire autant
549 -Néanmoins, il arrive parfois que les chefs fournissent le mot
550 -de passe de root à un utilisateur ordinaire.
551 -Avec le mécanisme habituel de \fBsu\fP,
552 -une fois que quelqu'un connaît ce mot de passe, il peut le transmettre
553 -à ses amis. Le principe du "groupe wheel" rend ce partage impossible,
554 -ce qui renforce la puissance des chefs.
556 -Je me situe du cote du peuple, pas du côté des chefs. Si vous avez l'habitude
557 -de soutenir les patrons et les administrateurs systèmes quoi qu'ils fassent,
558 -cette idée peut vous paraître étrange au premier abord.
561 Christophe Blaess, 1997-2003.
562 diff -Nur coreutils-5.2.1.orig/man/hu/su.1 coreutils-5.2.1/man/hu/su.1
563 --- coreutils-5.2.1.orig/man/hu/su.1 Sun Jul 9 14:19:12 2000
564 +++ coreutils-5.2.1/man/hu/su.1 Thu Mar 18 17:05:55 2004
567 A program verziójáról ír ki információt a standard kimenetre, majd
568 sikeres visszatérési értékkel kilép.
569 -.SH Miért nem támogatja a GNU su a wheel csoportot? (Richard Stallman)
571 -Néha a rendszer fölötti teljes ellenõrzést egy néhány emberbõl
572 -álló csoport akarja kézbe venni. Például 1984-ben pár user a MIT AI
573 -laborban úgy döntött, hogy átveszik az irányítást a Twenex rendszer
574 -operátori jelszavának megváltoztatásával, és annak titokban tartásával.
575 -(A puccsot sikerült leverni, és a felhasználókat jogaikba visszahelyezni
576 -egy kernel patch segítségével, de Unix alatt ezt nem tudtam volna megcsinálni.)
577 -(A fordító megj.: a wheel csoportot ezzel a módszerrel könnyen
578 -önkényesen is leszûkíthetik a csoporttagok , így tulajdonképpen nincs sok értelme.)
580 -Néha az uralmon levõk elárulják a root jelszót. A szokásos su
581 -mechanizmus szerint, ha valaki megtudja a root jelszót, és
582 -szimpatizál a többi közönséges felhasználóval, elárulhatja nekik
583 -is. A wheel csoport ezt lehetetlenné tenné, és így bebetonozná az
584 -uralmon levõ hatalmát.
586 -Én a tömegek oldalán állok, nem az uralkodókén. Ha te mindig a
587 -fõnökök és a rendszergazdák oldalán állsz, bármit is tesznek, akkor
588 -valószínûleg furcsálni fogod ezt a hozzáállást.
590 -A fordító megjegyzése:
591 -Valami jó azért mégis lenne a wheel csoportban: az, hogy ha a root
592 -jelszó kitudódna azzal nem tudna bármelyik felhasználó közvetlenül
593 -visszaélni. A wheel csoporthoz hasonló dolgot lehet elérni a
597 A hibákat a bug-sh-utils@gnu.org címen lehet jelenteni.
598 Az oldalt Ragnar Hojland Espinosa <ragnar@macula.net> frissítette.
599 diff -Nur coreutils-5.2.1.orig/man/it/su.1 coreutils-5.2.1/man/it/su.1
600 --- coreutils-5.2.1.orig/man/it/su.1 Mon Jul 1 23:09:38 2002
601 +++ coreutils-5.2.1/man/it/su.1 Thu Mar 18 17:05:55 2004
604 può essere compilato per riportare tramite syslog gli errori, ed
605 eventualmente anche i successi che ottiene.
607 -Questo programma non supporta un "gruppo wheel" che limita chi può fare
609 -agli account del superuser, poiché ciò può aiutare amministratori di
610 -sistema "fascisti" a tenere un potere inautorizzato sugli altri utenti.
613 .I "\-c COMANDO, \-\-command=COMANDO"
616 Stampa in standard output informazioni sulla versione e esce (con
618 -.SH Perché GNU su non supporta il gruppo wheel (di Richard Stallman)
619 -Qualche volta pochi utenti provano a tenere il potere assoluto sul
620 -resto degli utenti. Per esempio, nel 1984, alcuni utenti nel
621 -laboratorio di AI del MIT decisero impossessarsi del potere cambiando
622 -la password dell'operatore su un sistema Twenex e tenendola segreta a
623 -tutti gli altri (fui in grado di contrastare questo colpaccio e
624 -restituire il potere agli utenti ``patch-ando'' il kernel, ma non
625 -saprei come fare ciò in Unix).
627 -Comunque, occasionalmente i sovrani lo fanno. Tramite l'usuale
628 -meccanismo su, una volta che qualcuno che simpatizzi con gli
629 -utenti normali, abbia imparato la password di root può dirla anche
630 -agli altri. La caratteristica del "gruppo wheel" renderebbe ciò
631 -impossibile, consolidando quindi il potere dei sovrani.
633 -Io sono dalla parte delle masse, non da quella dei sovrani. Se tu sei
634 -abituato a sostenere i capi e gli amministratori di sistema in tutto
635 -quello che fanno, potresti trovare questa idea strana all'inizio.
636 diff -Nur coreutils-5.2.1.orig/man/ja/su.1 coreutils-5.2.1/man/ja/su.1
637 --- coreutils-5.2.1.orig/man/ja/su.1 Sun Dec 14 16:06:54 2003
638 +++ coreutils-5.2.1/man/ja/su.1 Thu Mar 18 17:05:55 2004
641 ¤¬¼ºÇÔ¤·¤¿¤È¤ syslog ¤Ë¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¤¹¤ë¤³¤È
642 ¤¬¤Ç¤¤ë¡ÊÀ®¸ù¤ò¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¤â¤Ç¤¤ë¡Ë¡£
644 -¤³¤Î¥×¥í¥°¥é¥à¤Ï "wheel group" ¤Îµ¡Ç½¡Ê
646 -¤Ë¤è¤Ã¤Æ¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¥¢¥«¥¦¥ó¥È¤Ë¤Ê¤ì¤ë¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ëµ¡Ç½¡Ë¤ò¥µ¥Ý¡¼
647 -¥È¤·¤Ê¤¤¡£¤³¤ì¤ÏÀìÀ©Åª¤Ê¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Â¾¤Î¥æ¡¼¥¶¡¼¤ËÉÔÅö¤Ê¸¢ÎϤò¿¶¤ë
648 -¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£
651 .I "\-c COMMAND, \-\-command=COMMAND"
655 ¥Ð¡¼¥¸¥ç¥ó¾ðÊó¤òɸ½à½ÐÎϤËɽ¼¨¤·¡¢¼Â¹ÔÀ®¸ù¤òÊÖ¤·¤Æ½ªÎ»¤¹¤ë¡£
656 -.SH GNU su ¤Ç wheel ¥°¥ë¡¼¥×¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤¤¤ï¤±¡ÊRichard Stallman¡Ë
657 -¤È¤¤ª¤ê¡¢¾¯¿ô¤Î¥æ¡¼¥¶¡¼¤Ë¤è¤Ã¤Æ¡¢Â¾¤Î¥æ¡¼¥¶¡¼¤ËÂФ¹¤ëÁ´¸¢¤ò¾¸°®¤·¤è¤¦
658 -¤È¤¹¤ë»î¤ß¤¬¤Ê¤µ¤ì¤ë¤³¤È¤¬¤¢¤ë¡£Î㤨¤Ð 1984 ǯ¡¢ MIT AI ¥é¥Ü¤Î¾¯¿ô¤Î¥æ¡¼
659 -¥¶¡¼¤Ï Twenex ¥·¥¹¥Æ¥à¤Î¥ª¥Ú¥ì¡¼¥¿¡¼¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¸¢¸Â¤ò¶¯Ã¥¤·¡¢¤³¤ì
660 -¤ò¾¤Î¥æ¡¼¥¶¡¼¤«¤éÈëÆ¿¤¹¤ë¤³¤È¤Ë·èÄꤷ¤¿¡Ê¤³¤ÎºÝ¤Ë¤Ï»ä¤Ï¤³¤Î¥¯¡¼¥Ç¥¿¡¼
661 -¤Î΢¤ò¤«¤¡¢¥«¡¼¥Í¥ë¤Ë¥Ñ¥Ã¥Á¤òÅö¤Æ¤Æ¸¢¸Â¤ò¼è¤êÊÖ¤¹¤³¤È¤ËÀ®¸ù¤·¤¿¡£¤·¤«
662 -¤·¤³¤ì¤¬ Unix ¤Ç¤¢¤Ã¤¿¤é¡¢»ä¤Ë¤Ï¤É¤¦¤¹¤ì¤Ð¤è¤¤¤«¤ï¤«¤é¤Ê¤«¤Ã¤¿¤À¤í¤¦¡Ë¡£
664 -¤·¤«¤·¤Ê¤¬¤é¡¢»þ¤Ë¤ÏÀìÀ©¼Ô¤âÈëÌ©¤òϳ¤é¤¹¤â¤Î¤Ç¤¢¤ë¡£Ä̾ï¤Î su ¤Î¥á¥«¥Ë
665 -¥º¥à¤Ç¤Ï¡¢°ìÈ̥桼¥¶¡¼¤Î¦¤ËΩ¤Ä¼Ô¤¬ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤì¤Ð¡¢¤³¤ì¤ò
666 -¾¤Î¥æ¡¼¥¶¡¼¤Ë¤âÃΤ餻¤ë¤³¤È¤¬¤Ç¤¤ë¡£¤·¤«¤· "wheel group" µ¡Ç½¤Ï¤³¤ì
667 -¤òÉÔ²Äǽ¤Ë¤·¡¢·ë²Ì¤È¤·¤ÆÀìÀ©¼Ôã¤Î¸¢¸Â¤ò¶¯¸Ç¤¿¤ë¤â¤Î¤Ë¤·¤Æ¤·¤Þ¤¦¡£
669 -»ä¤ÏÂç½°¤Î¦¤ËΩ¤Ä¤â¤Î¤Ç¤¢¤ê¡¢ÀìÀ©Åª¤ÊΩ¾ì¤Ë¤ÏÈ¿ÂФ¹¤ë¡£¤¢¤Ê¤¿¤Ï¥Ü¥¹¤ä
670 -¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Î¤ä¤ê¸ý¤Ë½¾¤¦¤³¤È¤Ë´·¤ì¤Æ¤¤¤ë¤«¤âÃΤì¤Ê¤¤¤¬¡¢¤½¤Î¾ì¹ç¤Ï
671 -¤Þ¤º¤½¤Î¤³¤È¼«¿È¤òÉԻ׵Ĥ˻פ¦¤Ù¤¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£
672 diff -Nur coreutils-5.2.1.orig/man/pl/su.1 coreutils-5.2.1/man/pl/su.1
673 --- coreutils-5.2.1.orig/man/pl/su.1 Tue Jun 20 16:07:31 2000
674 +++ coreutils-5.2.1/man/pl/su.1 Thu Mar 18 17:05:55 2004
676 mo¿e zostaæ tak skompilowane, by raportowa³o nieudane, lub opcjonalnie
677 równie¿ udane próby zmiany id przy u¿yciu
679 -Jednak \fBsu\fP w wersji GNU nie sprawdza czy u¿ytkownik jest cz³onkiem grupy
680 -`wheel' -- patrz poni¿ej.
683 .BR \-c " \fIpolecenie\fP, " \-\-command= \fIpolecenie
687 Wy¶wietla numer wersji programu i koñczy pracê.
688 -.SH Dlaczego GNU `su' nie obs³uguje grupy `wheel'
690 -(Sekcjê tê napisa³ Richard Stallman)
692 -Czasami kilku u¿ytkowników usi³uje sprawowaæ nieograniczon± w³adzê nad
693 -pozosta³ymi. Na przyk³ad, w 1984, kilku u¿ytkowników w laboratorium AI MIT
694 -zdecydowa³o siê `przej±æ w³adzê' zmieniaj±c has³o operatora systemu Twenex
695 -i trzymaj±c je w tajemnicy przed wszystkimi innymi. (Uda³o mi siê
696 -udaremniæ ten zamach i przywróciæ w³adzê u¿ytkownikom ³ataj±c j±dro, lecz
697 -nie wiedzia³bym jak zrobiæ to w Uniksie.)
699 -Jednak, od czasu do czasu panuj±cy wyjawiaj± komu¶. Przy zwyk³ym
700 -mechanizmie `su', kto¶, kto pozna³ has³o root'a i sympatyzuje ze zwyk³ymi
701 -u¿ytkownikami, mo¿e przekazaæ je pozosta³ym. Funkcja "grupy wheel"
702 -uniemo¿liwia³aby to, i w ten sposób umacnia³a w³adzê rz±dz±cych.
704 -Jestem po stronie mas, nie po stronie rz±dz±cych. Je¿eli zwyk³e¶ popieraæ
705 -szefów i administratorów systemów we wszystkim, co robi±, podej¶cie to mo¿e
706 -pocz±tkowo wydaæ Ci siê dziwne.
707 .SH "ZG£ASZANIE B£ÊDÓW"
708 B³êdy proszê zg³aszaæ, w jêz.ang., do <bug-sh-utils@gnu.org>.