1 --- coreutils-6.10/README.orig 2008-01-18 09:26:09.000000000 +0100
2 +++ coreutils-6.10/README 2008-03-02 14:24:55.578407708 +0100
4 factor false fmt fold groups head hostid hostname id install join kill
5 link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
6 nproc od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
7 - runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
8 + runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
9 sleep sort split stat stdbuf stty su sum sync tac tail tee test timeout
10 touch tr true truncate tsort tty uname unexpand uniq unlink uptime users
11 vdir wc who whoami yes
12 --- coreutils-6.10/AUTHORS.orig 2008-01-05 23:58:24.000000000 +0100
13 +++ coreutils-6.10/AUTHORS 2008-03-02 14:25:23.908022120 +0100
15 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
16 rmdir: David MacKenzie
18 +runuser: David MacKenzie, Dan Walsh
20 sha1sum: Ulrich Drepper, Scott Miller, David Madore
21 sha224sum: Ulrich Drepper, Scott Miller, David Madore
22 --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
23 +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
27 /* The official name of this program (e.g., no `g' prefix). */
29 #define PROGRAM_NAME "su"
31 +#define PROGRAM_NAME "runuser"
35 #define AUTHORS proper_name ("David MacKenzie")
41 char *crypt (char const *key, char const *salt);
45 +#define CHECKPASSWD 1
48 static void run_shell (char const *, char const *, char **, size_t,
49 const struct passwd *)
54 static void run_shell (char const *, char const *, char **, size_t,
55 - const struct passwd *)
56 + const struct passwd *
58 + , gid_t *groups, int num_groups
65 {"login", no_argument, NULL, 'l'},
66 {"preserve-environment", no_argument, NULL, 'p'},
67 {"shell", required_argument, NULL, 's'},
69 + {"group", required_argument, NULL, 'g'},
70 + {"supp-group", required_argument, NULL, 'G'},
72 {GETOPT_HELP_OPTION_DECL},
73 {GETOPT_VERSION_OPTION_DECL},
76 retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
80 if (getuid() != 0 && !isatty(0)) {
81 fprintf(stderr, _("standard in must be a tty\n"));
86 caller = getpwuid(getuid());
87 if(caller != NULL && caller->pw_name != NULL) {
89 retval = pam_set_item(pamh, PAM_TTY, tty_name);
93 + if (getuid() != geteuid())
94 + /* safety net: deny operation if we are suid by accident */
95 + error(EXIT_FAILURE, 1, "runuser may not be setuid");
97 retval = pam_authenticate(pamh, 0);
99 retval = pam_acct_mgmt(pamh, 0);
105 /* must be authenticated if this point was reached */
108 @@ -398,11 +424,22 @@
109 /* Become the user and group(s) specified by PW. */
112 -change_identity (const struct passwd *pw)
113 +change_identity (const struct passwd *pw
115 + , gid_t *groups, int num_groups
119 #ifdef HAVE_INITGROUPS
122 - if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
125 + rc = setgroups(num_groups, groups);
128 + rc = initgroups(pw->pw_name, pw->pw_gid);
131 pam_close_session(pamh, 0);
132 pam_end(pamh, PAM_ABORT);
136 run_shell (char const *shell, char const *command, char **additional_args,
137 - size_t n_additional_args, const struct passwd *pw)
138 + size_t n_additional_args, const struct passwd *pw
140 + , gid_t *groups, int num_groups
144 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
145 char const **args = xnmalloc (n_args, sizeof *args);
149 if (child == 0) { /* child shell */
150 - change_identity (pw);
151 + change_identity (pw
153 + , groups, num_groups
162 struct passwd pw_copy;
165 + gid_t groups[NGROUPS_MAX];
166 + int num_supp_groups = 0;
170 initialize_main (&argc, &argv);
171 program_name = argv[0];
173 simulate_login = false;
174 change_environment = true;
176 - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
177 + while ((optc = getopt_long (argc, argv, "c:flmps:"
181 + , longopts, NULL)) != -1)
191 + gr = getgrnam(optarg);
193 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
195 + groups[0] = gr->gr_gid;
200 + if (num_supp_groups >= NGROUPS_MAX)
201 + error (EXIT_FAILURE, 0,
202 + _("Can't specify more than %d supplemental groups"),
204 + gr = getgrnam(optarg);
206 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
207 + groups[num_supp_groups] = gr->gr_gid;
211 case_GETOPT_HELP_CHAR;
213 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
218 - if (!correct_password (pw))
220 + if (num_supp_groups && !use_gid)
222 + pw->pw_gid = groups[1];
223 + memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
227 + pw->pw_gid = groups[0];
232 + if (CHECKPASSWD && !correct_password (pw))
234 #ifdef SYSLOG_FAILURE
237 modify_environment (pw, shell);
240 - change_identity (pw);
241 + change_identity (pw
243 + , groups, num_supp_groups
248 /* error() flushes stderr, but does not check for write failure.
251 exit (EXIT_CANCELED);
253 - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
254 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
256 + , groups, num_supp_groups
260 --- coreutils-6.10/src/Makefile.am.orig 2008-03-02 14:22:53.223435095 +0100
261 +++ coreutils-6.10/src/Makefile.am 2008-03-02 14:25:58.317983032 +0100
272 stat_LDADD = $(LDADD) $(LIB_SELINUX)
274 +runuser_SOURCES = su.c
275 +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
276 +runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
278 $(PROGRAMS): ../lib/libcoreutils.a
280 # Get the release year from ../lib/version-etc.c.
285 -all-local: su$(EXEEXT)
286 +all-local: su$(EXEEXT) runuser$(EXEEXT)
288 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
290 --- coreutils-6.10/man/Makefile.am.orig 2008-03-02 14:22:53.175432360 +0100
291 +++ coreutils-6.10/man/Makefile.am 2008-03-02 14:26:36.980186266 +0100
293 rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
294 rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
295 runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
296 +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
297 seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
298 sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
299 sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
300 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
301 +++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000
304 +runuser \- run a shell with substitute user and group IDs
306 +.\" Add any additional description here
307 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
308 +++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
310 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
311 +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
313 +runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
316 +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
318 +.\" Add any additional description here
320 +Change the effective user id and group id to that of USER. No PAM hooks
321 +are run, and there will be no password prompt. This command is useful
322 +when run as the root user. If run as a non-root user without privilege
323 +to set user ID, the command will fail.
325 +-, \fB\-l\fR, \fB\-\-login\fR
326 +make the shell a login shell
328 +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
329 +pass a single COMMAND to the shell with \fB\-c\fR
331 +\fB\-f\fR, \fB\-\-fast\fR
332 +pass \fB\-f\fR to the shell (for csh or tcsh)
334 +\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
335 +specify the primary group
337 +\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
338 +specify a supplemental group
340 +\fB\-m\fR, \fB\-\-preserve\-environment\fR
341 +do not reset environment variables
346 +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
347 +run SHELL if /etc/shells allows it
350 +display this help and exit
353 +output version information and exit
355 +A mere - implies \fB\-l\fR. If USER not given, assume root.
357 +Written by David MacKenzie, Dan Walsh.
358 +.SH "REPORTING BUGS"
359 +Report bugs to <bug-coreutils@gnu.org>.
361 +Copyright \(co 2004 Free Software Foundation, Inc.
363 +This is free software; see the source for copying conditions. There is NO
364 +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
366 +Since this command is trimmed down version of su use you can use the su manual.
367 +The full documentation for
369 +is maintained as a Texinfo manual. If the
373 +programs are properly installed at your site, the command
375 +.B info coreutils su
377 +should give you access to the complete manual.
378 --- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
379 +++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
380 @@ -8986,6 +8986,16 @@
381 msgid "warning: cannot change directory to %s"
382 msgstr "uwaga: nie można zmienić katalogu na %s"
386 +msgid "group %s does not exist"
387 +msgstr "grupa %s nie istnieje"
391 +msgid "Can't specify more than %d supplemental groups"
392 +msgstr "Nie można określić więcej niż %d grup dodatkowych"
394 #. This is a proper name. See the gettext manual, section Names.
396 msgid "Kayvan Aghaiepour"