[packages/coreutils] - cleaned up su-specific patches and pam files
qboosh
qboosh at pld-linux.org
Sun Oct 14 18:19:30 CEST 2012
commit 38444ddfea3dad9821ec1a30428ace3455795297
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sun Oct 14 18:18:54 2012 +0200
- cleaned up su-specific patches and pam files
coreutils-pam.patch | 710 ----------------------------------------------
coreutils-runuser.patch | 458 ------------------------------
coreutils-split-pam.patch | 30 --
coreutils.spec | 6 -
runuser-l.pamd | 4 -
runuser.pamd | 3 -
6 files changed, 1211 deletions(-)
---
diff --git a/coreutils.spec b/coreutils.spec
index eada9d4..707b96d 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -30,12 +30,6 @@ Patch7: %{name}-sparc64.patch
Patch8: %{name}-pl.po-update.patch
# from http://www.beatex.org/web/advancedcopy.html, edited by shadzik
Patch9: %{name}-advcopy.patch
-# TODO: check/move to su in util-linux
-#Source7: runuser.pamd
-#Source8: runuser-l.pamd
-#Patch1: %{name}-pam.patch
-#Patch10: %{name}-runuser.patch
-#Patch11: %{name}-split-pam.patch
URL: http://www.gnu.org/software/coreutils/
BuildRequires: acl-devel
BuildRequires: attr-devel
diff --git a/coreutils-pam.patch b/coreutils-pam.patch
deleted file mode 100644
index 6eb3e5d..0000000
--- a/coreutils-pam.patch
+++ /dev/null
@@ -1,710 +0,0 @@
---- coreutils-6.7/src/Makefile.am.pam 2006-11-24 21:28:10.000000000 +0000
-+++ coreutils-6.7/src/Makefile.am 2007-01-09 17:00:01.000000000 +0000
-@@ -359,7 +359,7 @@
- uptime_LDADD += $(GETLOADAVG_LIBS)
-
- # for crypt
--su_LDADD += $(LIB_CRYPT)
-+su_LDADD += $(LIB_CRYPT) $(LIB_PAM)
-
- # for various ACL functions
- copy_LDADD += $(LIB_ACL)
---- coreutils-6.10/src/su.c.orig 2007-11-25 14:23:31.000000000 +0100
-+++ coreutils-6.10/src/su.c 2008-03-02 02:07:13.568059486 +0100
-@@ -37,6 +37,16 @@
- restricts who can su to UID 0 accounts. RMS considers that to
- be fascist.
-
-+#ifdef USE_PAM
-+
-+ Actually, with PAM, su has nothing to do with whether or not a
-+ wheel group is enforced by su. RMS tries to restrict your access
-+ to a su which implements the wheel group, but PAM considers that
-+ to be fascist, and gives the user/sysadmin the opportunity to
-+ enforce a wheel group by proper editing of /etc/pam.conf
-+
-+#endif
-+
- Compile-time options:
- -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
- -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
-@@ -58,6 +68,15 @@
- prototype (returning `int') in <unistd.h>. */
- #define getusershell _getusershell_sys_proto_
-
-+#ifdef USE_PAM
-+# include <signal.h>
-+# include <sys/wait.h>
-+# include <sys/fsuid.h>
-+# include <unistd.h>
-+# include <security/pam_appl.h>
-+# include <security/pam_misc.h>
-+#endif /* USE_PAM */
-+
- #include "system.h"
- #include "getpass.h"
-
-@@ -130,10 +130,17 @@
- /* The user to become if none is specified. */
- #define DEFAULT_USER "root"
-
-+#ifndef USE_PAM
- char *crypt (char const *key, char const *salt);
-+#endif
-
--static void run_shell (char const *, char const *, char **, size_t)
-+static void run_shell (char const *, char const *, char **, size_t,
-+ const struct passwd *)
-+#ifdef USE_PAM
-+ ;
-+#else
- ATTRIBUTE_NORETURN;
-+#endif
-
- /* If true, pass the `-f' option to the subshell. */
- static bool fast_startup;
-@@ -215,7 +241,26 @@
- }
- #endif
-
-+#ifdef USE_PAM
-+static pam_handle_t *pamh = NULL;
-+static int retval;
-+static struct pam_conv conv = {
-+ misc_conv,
-+ NULL
-+};
-+
-+#define PAM_BAIL_P if (retval) { \
-+ pam_end(pamh, PAM_SUCCESS); \
-+ return 0; \
-+}
-+#define PAM_BAIL_P_VOID if (retval) { \
-+ pam_end(pamh, PAM_SUCCESS); \
-+return; \
-+}
-+#endif
-+
- /* Ask the user for a password.
-+ If PAM is in use, let PAM ask for the password if necessary.
- Return true if the user gives the correct password for entry PW,
- false if not. Return true without asking for a password if run by UID 0
- or if PW has an empty password. */
-@@ -223,6 +268,44 @@
- static bool
- correct_password (const struct passwd *pw)
- {
-+#ifdef USE_PAM
-+ struct passwd *caller;
-+ char *tty_name, *ttyn;
-+ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
-+ PAM_BAIL_P;
-+
-+ if (getuid() != 0 && !isatty(0)) {
-+ fprintf(stderr, _("standard in must be a tty\n"));
-+ exit(1);
-+ }
-+
-+ caller = getpwuid(getuid());
-+ if(caller != NULL && caller->pw_name != NULL) {
-+ retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
-+ PAM_BAIL_P;
-+ }
-+
-+ ttyn = ttyname(0);
-+ if (ttyn) {
-+ if (strncmp(ttyn, "/dev/", 5) == 0)
-+ tty_name = ttyn+5;
-+ else
-+ tty_name = ttyn;
-+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
-+ PAM_BAIL_P;
-+ }
-+ retval = pam_authenticate(pamh, 0);
-+ PAM_BAIL_P;
-+ retval = pam_acct_mgmt(pamh, 0);
-+ if (retval == PAM_NEW_AUTHTOK_REQD && getuid()) {
-+ /* password has expired. Offer option to change it. */
-+ retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
-+ PAM_BAIL_P;
-+ }
-+ PAM_BAIL_P;
-+ /* must be authenticated if this point was reached */
-+ return 1;
-+#else /* !USE_PAM */
- char *unencrypted, *encrypted, *correct;
- #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
- /* Shadow passwd stuff for SVR3 and maybe other systems. */
-@@ -247,6 +330,7 @@
- encrypted = crypt (unencrypted, correct);
- memset (unencrypted, 0, strlen (unencrypted));
- return STREQ (encrypted, correct);
-+#endif /* !USE_PAM */
- }
-
- /* Update `environ' for the new shell based on PW, with SHELL being
-@@ -260,12 +344,18 @@
- /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
- Unset all other environment variables. */
- char const *term = getenv ("TERM");
-+ char const *display = getenv ("DISPLAY");
-+ char const *xauthority = getenv ("XAUTHORITY");
- if (term)
- term = xstrdup (term);
- environ = xmalloc ((6 + !!term) * sizeof (char *));
- environ[0] = NULL;
- if (term)
- xsetenv ("TERM", term);
-+ if (display)
-+ xsetenv ("DISPLAY", display);
-+ if (xauthority)
-+ xsetenv ("XAUTHORITY", xauthority);
- xsetenv ("HOME", pw->pw_dir);
- xsetenv ("SHELL", shell);
- xsetenv ("USER", pw->pw_name);
-@@ -373,8 +373,13 @@
- {
- #ifdef HAVE_INITGROUPS
- errno = 0;
-- if (initgroups (pw->pw_name, pw->pw_gid) == -1)
-+ if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
-+#ifdef USE_PAM
-+ pam_close_session(pamh, 0);
-+ pam_end(pamh, PAM_ABORT);
-+#endif
- error (EXIT_CANCELED, errno, _("cannot set groups"));
-+ }
- endgrent ();
- #endif
- if (setgid (pw->pw_gid))
-@@ -308,6 +403,31 @@
- error (EXIT_FAILURE, errno, _("cannot set user id"));
- }
-
-+#ifdef USE_PAM
-+static int caught=0;
-+/* Signal handler for parent process later */
-+static void su_catch_sig(int sig)
-+{
-+ ++caught;
-+}
-+
-+int
-+pam_copyenv (pam_handle_t *pamh)
-+{
-+ char **env;
-+
-+ env = pam_getenvlist(pamh);
-+ if(env) {
-+ while(*env) {
-+ if (putenv (*env))
-+ xalloc_die ();
-+ env++;
-+ }
-+ }
-+ return(0);
-+}
-+#endif
-+
- /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
- If COMMAND is nonzero, pass it to the shell with the -c option.
- Pass ADDITIONAL_ARGS to the shell as more arguments; there
-@@ -315,17 +435,49 @@
-
- static void
- run_shell (char const *shell, char const *command, char **additional_args,
-- size_t n_additional_args)
-+ size_t n_additional_args, const struct passwd *pw)
- {
- size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
- char const **args = xnmalloc (n_args, sizeof *args);
- size_t argno = 1;
-+#ifdef USE_PAM
-+ int child;
-+ sigset_t ourset;
-+ int status;
-+
-+ retval = pam_open_session(pamh,0);
-+ if (retval != PAM_SUCCESS) {
-+ fprintf (stderr, _("could not open session\n"));
-+ exit (1);
-+ }
-+
-+/* do this at the last possible moment, because environment variables may
-+ be passed even in the session phase
-+*/
-+ if(pam_copyenv(pamh) != PAM_SUCCESS)
-+ fprintf (stderr, _("error copying PAM environment\n"));
-+
-+ /* Credentials should be set in the parent */
-+ if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
-+ pam_close_session(pamh, 0);
-+ fprintf(stderr, _("could not set PAM credentials\n"));
-+ exit(1);
-+ }
-+
-+ child = fork();
-+ if (child == 0) { /* child shell */
-+ change_identity (pw);
-+ pam_end(pamh, 0);
-+#endif
-
- if (simulate_login)
- {
- char *arg0;
- char *shell_basename;
-
-+ if(chdir(pw->pw_dir))
-+ error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
-+
- shell_basename = last_component (shell);
- arg0 = xmalloc (strlen (shell_basename) + 2);
- arg0[0] = '-';
-@@ -350,6 +502,66 @@
- error (0, errno, "%s", shell);
- exit (exit_status);
- }
-+#ifdef USE_PAM
-+ } else if (child == -1) {
-+ fprintf(stderr, _("can not fork user shell: %s"), strerror(errno));
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
-+ pam_close_session(pamh, 0);
-+ pam_end(pamh, PAM_ABORT);
-+ exit(1);
-+ }
-+ /* parent only */
-+ sigfillset(&ourset);
-+ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
-+ fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME);
-+ caught = 1;
-+ }
-+ if (!caught) {
-+ struct sigaction action;
-+ action.sa_handler = su_catch_sig;
-+ sigemptyset(&action.sa_mask);
-+ action.sa_flags = 0;
-+ sigemptyset(&ourset);
-+ if (sigaddset(&ourset, SIGTERM)
-+ || sigaddset(&ourset, SIGALRM)
-+ || sigaction(SIGTERM, &action, NULL)
-+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
-+ fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME);
-+ caught = 1;
-+ }
-+ }
-+ if (!caught) {
-+ do {
-+ int pid;
-+
-+ pid = waitpid(-1, &status, WUNTRACED);
-+
-+ if (WIFSTOPPED(status)) {
-+ kill(getpid(), SIGSTOP);
-+ /* once we get here, we must have resumed */
-+ kill(pid, SIGCONT);
-+ }
-+ } while (WIFSTOPPED(status));
-+ }
-+
-+ if (caught) {
-+ fprintf(stderr, _("\nSession terminated, killing shell..."));
-+ kill (child, SIGTERM);
-+ }
-+ /* Not checking retval on this because we need to call close session */
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
-+ retval = pam_close_session(pamh, 0);
-+ PAM_BAIL_P_VOID;
-+ retval = pam_end(pamh, PAM_SUCCESS);
-+ PAM_BAIL_P_VOID;
-+ if (caught) {
-+ sleep(2);
-+ kill(child, SIGKILL);
-+ fprintf(stderr, _(" ...killed.\n"));
-+ exit(-1);
-+ }
-+ exit (WEXITSTATUS(status));
-+#endif /* USE_PAM */
- }
-
- /* Return true if SHELL is a restricted shell (one not returned by
-@@ -714,9 +714,9 @@
- shell = xstrdup (shell ? shell : pw->pw_shell);
- modify_environment (pw, shell);
-
-+#ifndef USE_PAM
- change_identity (pw);
-- if (simulate_login && chdir (pw->pw_dir) != 0)
-- error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
-+#endif
-
- /* error() flushes stderr, but does not check for write failure.
- Normally, we would catch this via our atexit() hook of
-@@ -726,5 +726,5 @@
- if (ferror (stderr))
- exit (EXIT_CANCELED);
-
-- run_shell (shell, command, argv + optind, MAX (0, argc - optind));
-+ run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
- }
---- coreutils-6.7/doc/coreutils.texi.pam 2006-10-27 15:30:48.000000000 +0100
-+++ coreutils-6.7/doc/coreutils.texi 2007-01-09 17:00:01.000000000 +0000
-@@ -13395,8 +13395,11 @@
- @findex syslog
- @command{su} can optionally be compiled to use @code{syslog} to report
- failed, and optionally successful, @command{su} attempts. (If the system
--supports @code{syslog}.) However, GNU @command{su} does not check if the
--user is a member of the @code{wheel} group; see below.
-+supports @code{syslog}.)
-+
-+This version of @command{su} has support for using PAM for
-+authentication. You can edit @file{/etc/pam.d/su} to customize its
-+behaviour.
-
- The program accepts the following options. Also see @ref{Common options}.
-
-@@ -11892,32 +11892,6 @@
- the exit status of the subshell otherwise
- @end display
-
-- at cindex wheel group, not supported
-- at cindex group wheel, not supported
-- at cindex fascism
-- at subsection Why GNU @command{su} does not support the @samp{wheel} group
--
--(This section is by Richard Stallman.)
--
-- at cindex Twenex
-- at cindex MIT AI lab
--Sometimes a few of the users try to hold total power over all the
--rest. For example, in 1984, a few users at the MIT AI lab decided to
--seize power by changing the operator password on the Twenex system and
--keeping it secret from everyone else. (I was able to thwart this coup
--and give power back to the users by patching the kernel, but I
--wouldn't know how to do that in Unix.)
--
--However, occasionally the rulers do tell someone. Under the usual
-- at command{su} mechanism, once someone learns the root password who
--sympathizes with the ordinary users, he or she can tell the rest. The
--``wheel group'' feature would make this impossible, and thus cement the
--power of the rulers.
--
--I'm on the side of the masses, not that of the rulers. If you are
--used to supporting the bosses and sysadmins in whatever they do, you
--might find this idea strange at first.
--
-
- @node Delaying
- @chapter Delaying
---- coreutils-6.10/configure.ac.orig 2008-01-13 09:14:23.000000000 +0100
-+++ coreutils-6.10/configure.ac 2008-03-02 02:08:10.027276914 +0100
-@@ -44,6 +44,13 @@
- gl_INIT
- coreutils_MACROS
-
-+dnl Give the chance to enable PAM
-+AC_ARG_ENABLE(pam, dnl
-+[ --enable-pam Enable use of the PAM libraries],
-+AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
-+LIB_PAM="-ldl -lpam -lpam_misc"
-+)
-+
- AC_FUNC_FORK
-
- optional_bin_progs=
-@@ -332,6 +339,13 @@
- AM_GNU_GETTEXT([external], [need-formatstring-macros])
- AM_GNU_GETTEXT_VERSION([0.15])
-
-+# just in case we want PAM
-+AC_SUBST(LIB_PAM)
-+# with PAM su doesn't need libcrypt
-+if test -n "$LIB_PAM" ; then
-+ LIB_CRYPT=
-+fi
-+
- AC_CONFIG_FILES(
- Makefile
- doc/Makefile
---- coreutils-6.10/po/pl.po.orig 2008-01-16 21:22:08.000000000 +0100
-+++ coreutils-6.10/po/pl.po 2008-03-02 02:09:23.671473657 +0100
-@@ -8875,6 +8875,49 @@
- msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
- msgstr "Składnia: %s [OPCJA]... [-] [UŻYTKOWNIK [ARGUMENT]...]\n"
-
-+#: src/su.c:300
-+msgid "standard in must be a tty\n\n"
-+msgstr "standardowe wejście musi być terminalem\n"
-+
-+#: src/su.c:425
-+msgid "could not open session\n"
-+msgstr "nie można otworzyć sesji\n"
-+
-+#: src/su.c:433
-+msgid "error copying PAM environment\n"
-+msgstr "błąd podczas kopiowania środowiska PAM\n"
-+
-+#: src/su.c:450
-+msgid "could not set PAM credentials\n"
-+msgstr "błąd podczas ustawiania uwierzytelnienia PAM\n"
-+
-+#: src/su.c:471
-+#, c-format
-+msgid "cannot fork user shell: %s"
-+msgstr "nie można utworzyć procesu powłoki użytkownika: %s"
-+
-+#: src/su.c:477
-+#, c-format
-+msgid "%s: signal malfunction\n"
-+msgstr "%s: błędne działanie sygnałów\n"
-+
-+#: src/su.c:490
-+#, c-format
-+msgid "%s: signal masking malfunction\n"
-+msgstr "%s: błędne działanie maskowania sygnałów\n"
-+
-+#: src/su.c:509
-+msgid ""
-+"\n"
-+"Session terminated, killing shell..."
-+msgstr ""
-+"\n"
-+"Sesja zakończona, zabijanie powłoki..."
-+
-+#: src/su.c:519
-+msgid " killed.\n"
-+msgstr " zabito.\n"
-+
- #: src/su.c:372
- msgid ""
- "Change the effective user id and group id to that of USER.\n"
-diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1
---- coreutils-5.2.1.orig/man/es/su.1 Mon Apr 12 14:26:19 1999
-+++ coreutils-5.2.1/man/es/su.1 Thu Mar 18 17:05:55 2004
-@@ -47,13 +47,6 @@
- puede ser compilado para reportar fallo, y opcionalmente �xito en syslog.
- .B su
- intentar� utilizar syslog.
--.PP
--Este programa no soporta el grupo "wheel", el cual restringe quien podr�
--ejecutar
--.B su
--hacia la cuenta de root (el superusuario) ya que esta pol�tica podr�a
--ayudar a los administradores de m�quinas a facilitar un uso inadecuado a otros
--usuarios.
- .SS OPCIONES
- .TP
- .I "\-c COMANDO, \-\-command=COMANDO"
-@@ -118,22 +111,3 @@
- .I "\-\-version"
- Escribe informaci�n sobre la versi�n en la salida est�ndar y acaba sin
- provocar error.
--
--.SH Por que GNU no soporta el grupo "wheel" (por Richard Stallman)
--A veces, algunos listillos intentan hacerse con el poder total
--sobre el resto de usuarios. Por ejemplo, en 1984, un grupo de usuarios del
--laboratorio de Inteligencia Artificial del MIT decidieron tomar el poder
--cambiando el password de operador del sistema Twenex y manteniendolo secreto
--para el resto de usuarios. (De todas maneras, hubiera sido posible desbaratar
--la situaci�n y devolver el control a los usuarios leg�timos parcheando el
--kernel, pero no sabr�a como realizar esta operaci�n en un sistema Unix.)
--.PP
--Sin embargo, casualmente alguien cont� el secreto. Mediante el uso habitual de
--.B su
--una vez que alguien conoce el password de root puede contarselo al resto de
--usuarios. El grupo "wheel" har� que esto sea imposible, protegiendo as� el poder
--de los superusuarios.
--.PP
--Yo estoy del lado de las masas, no de los superusuarios. Si eres de los que
--estan de acuerdo con los jefes y los administradores de sistemas en cualquier
--cosa que hagan, al principio encontrar�s esta idea algo extra�a.
-diff -Nur coreutils-5.2.1.orig/man/fr/su.1 coreutils-5.2.1/man/fr/su.1
---- coreutils-5.2.1.orig/man/fr/su.1 Sun Aug 10 12:00:00 2003
-+++ coreutils-5.2.1/man/fr/su.1 Thu Mar 18 17:05:55 2004
-@@ -54,13 +54,6 @@
- peut �tre compil� afin de fournir des rapports d'�chec, et �ventuellement
- de r�ussite des tentatives d'utilisation de
- .BR su .
--.PP
--Ce programme ne g�re pas le "groupe wheel" utilis� pour restreindre
--l'acc�s par
--.B su
--au compte Super-Utilisateur, car il pourrait aider des administrateurs
--syst�me fascistes � disposer d'un pouvoir incontr�l�
--sur les autres utilisateurs.
- .SS OPTIONS
- .TP
- .I "\-c COMMANDE, \-\-command=COMMANDE"
-@@ -119,25 +112,5 @@
- .I "\-\-version"
- Afficher un num�ro de version sur la sortie standard et se terminer normalement.
-
--.SH Pourquoi GNU SU ne g�re-t-il pas le groupe `wheel' (par Richard Stallman)
--Il peut arriver qu'un petit groupe d'utilisateurs essayent de s'approprier
--l'ensemble du syst�me. Par exemple, en 1984, quelques utilisateurs du
--laboratoire d'I.A du MIT ont tent�s de prendre le pouvoir en modifiant
--le mot de passe de l'op�rateur sur le syst�me Twenex, et en
--gardant ce mot de passe secret. (J'ai pu les en emp�cher en modifiant le noyau, et
--restaurer ainsi les autres acc�s, mais je ne saurais pas en faire autant
--sous Unix).
--.PP
--N�anmoins, il arrive parfois que les chefs fournissent le mot
--de passe de root � un utilisateur ordinaire.
--Avec le m�canisme habituel de \fBsu\fP,
--une fois que quelqu'un conna�t ce mot de passe, il peut le transmettre
--� ses amis. Le principe du "groupe wheel" rend ce partage impossible,
--ce qui renforce la puissance des chefs.
--.PP
--Je me situe du cote du peuple, pas du c�t� des chefs. Si vous avez l'habitude
--de soutenir les patrons et les administrateurs syst�mes quoi qu'ils fassent,
--cette id�e peut vous para�tre �trange au premier abord.
--
- .SH TRADUCTION
- Christophe Blaess, 1997-2003.
-diff -Nur coreutils-5.2.1.orig/man/hu/su.1 coreutils-5.2.1/man/hu/su.1
---- coreutils-5.2.1.orig/man/hu/su.1 Sun Jul 9 14:19:12 2000
-+++ coreutils-5.2.1/man/hu/su.1 Thu Mar 18 17:05:55 2004
-@@ -151,33 +151,6 @@
- .B "\-\-version"
- A program verzi�j�r�l �r ki inform�ci�t a standard kimenetre, majd
- sikeres visszat�r�si �rt�kkel kil�p.
--.SH Mi�rt nem t�mogatja a GNU su a wheel csoportot? (Richard Stallman)
--
--N�ha a rendszer f�l�tti teljes ellen�rz�st egy n�h�ny emberb�l
--�ll� csoport akarja k�zbe venni. P�ld�ul 1984-ben p�r user a MIT AI
--laborban �gy d�nt�tt, hogy �tveszik az ir�ny�t�st a Twenex rendszer
--oper�tori jelszav�nak megv�ltoztat�s�val, �s annak titokban tart�s�val.
--(A puccsot siker�lt leverni, �s a felhaszn�l�kat jogaikba visszahelyezni
--egy kernel patch seg�ts�g�vel, de Unix alatt ezt nem tudtam volna megcsin�lni.)
--(A ford�t� megj.: a wheel csoportot ezzel a m�dszerrel k�nnyen
--�nk�nyesen is lesz�k�thetik a csoporttagok , �gy tulajdonk�ppen nincs sok �rtelme.)
--.PP
--N�ha az uralmon lev�k el�rulj�k a root jelsz�t. A szok�sos su
--mechanizmus szerint, ha valaki megtudja a root jelsz�t, �s
--szimpatiz�l a t�bbi k�z�ns�ges felhaszn�l�val, el�rulhatja nekik
--is. A wheel csoport ezt lehetetlenn� tenn�, �s �gy bebetonozn� az
--uralmon lev� hatalm�t.
--.PP
--�n a t�megek oldal�n �llok, nem az uralkod�k�n. Ha te mindig a
--f�n�k�k �s a rendszergazd�k oldal�n �llsz, b�rmit is tesznek, akkor
--val�sz�n�leg furcs�lni fogod ezt a hozz��ll�st.
--.PP
--A ford�t� megjegyz�se:
--Valami j� az�rt m�gis lenne a wheel csoportban: az, hogy ha a root
--jelsz� kitud�dna azzal nem tudna b�rmelyik felhaszn�l� k�zvetlen�l
--vissza�lni. A wheel csoporthoz hasonl� dolgot lehet el�rni a
--.B sudo
--csomaggal.
- .SH MEGJEGYZ�S
- A hib�kat a bug-sh-utils at gnu.org c�men lehet jelenteni.
- Az oldalt Ragnar Hojland Espinosa <ragnar at macula.net> friss�tette.
-diff -Nur coreutils-5.2.1.orig/man/it/su.1 coreutils-5.2.1/man/it/su.1
---- coreutils-5.2.1.orig/man/it/su.1 Mon Jul 1 23:09:38 2002
-+++ coreutils-5.2.1/man/it/su.1 Thu Mar 18 17:05:55 2004
-@@ -52,11 +52,6 @@
- .B su
- pu� essere compilato per riportare tramite syslog gli errori, ed
- eventualmente anche i successi che ottiene.
--.PP
--Questo programma non supporta un "gruppo wheel" che limita chi pu� fare
--.B su
--agli account del superuser, poich� ci� pu� aiutare amministratori di
--sistema "fascisti" a tenere un potere inautorizzato sugli altri utenti.
- .SS OPZIONI
- .TP
- .I "\-c COMANDO, \-\-command=COMANDO"
-@@ -117,21 +112,3 @@
- .I "\-\-version"
- Stampa in standard output informazioni sulla versione e esce (con
- successo).
--.SH Perch� GNU su non supporta il gruppo wheel (di Richard Stallman)
--Qualche volta pochi utenti provano a tenere il potere assoluto sul
--resto degli utenti. Per esempio, nel 1984, alcuni utenti nel
--laboratorio di AI del MIT decisero impossessarsi del potere cambiando
--la password dell'operatore su un sistema Twenex e tenendola segreta a
--tutti gli altri (fui in grado di contrastare questo colpaccio e
--restituire il potere agli utenti ``patch-ando'' il kernel, ma non
--saprei come fare ci� in Unix).
--.PP
--Comunque, occasionalmente i sovrani lo fanno. Tramite l'usuale
--meccanismo su, una volta che qualcuno che simpatizzi con gli
--utenti normali, abbia imparato la password di root pu� dirla anche
--agli altri. La caratteristica del "gruppo wheel" renderebbe ci�
--impossibile, consolidando quindi il potere dei sovrani.
--.PP
--Io sono dalla parte delle masse, non da quella dei sovrani. Se tu sei
--abituato a sostenere i capi e gli amministratori di sistema in tutto
--quello che fanno, potresti trovare questa idea strana all'inizio.
-diff -Nur coreutils-5.2.1.orig/man/ja/su.1 coreutils-5.2.1/man/ja/su.1
---- coreutils-5.2.1.orig/man/ja/su.1 Sun Dec 14 16:06:54 2003
-+++ coreutils-5.2.1/man/ja/su.1 Thu Mar 18 17:05:55 2004
-@@ -83,12 +83,6 @@
- .B su
- �����Ԥ����Ȥ� syslog �˥�ݡ��Ȥ���褦�˥���ѥ��뤹�뤳��
- ���Ǥ�����������ݡ��Ȥ���褦�ˤ�Ǥ���ˡ�
--.PP
--���Υץ������ "wheel group" �ε�ǽ��
--.B su
--�ˤ�äƥ����ѡ��桼������������Ȥˤʤ��桼�������¤��뵡ǽ�ˤݡ�
--�Ȥ��ʤ������������Ū�ʥ����ƥ�����Ԥ�¾�Υ桼�����������ʸ��Ϥ�
--���ʤ��褦�ˤ��뤿��Ǥ��롣
- .SS OPTIONS
- .TP
- .I "\-c COMMAND, \-\-command=COMMAND"
-@@ -151,19 +145,3 @@
- .TP
- .I "\-\-version"
- �С����������ɸ����Ϥ�ɽ�������¹��������֤��ƽ�λ���롣
--.SH GNU su �� wheel ���롼�פݡ��Ȥ��ʤ��櫓��Richard Stallman��
--�Ȥ����ꡢ����Υ桼�����ˤ�äơ�¾�Υ桼�������Ф������������褦
--�Ȥ����ߤ��ʤ���뤳�Ȥ����롣�㤨�� 1984 ǯ�� MIT AI ��ܤξ���Υ桼
--������ Twenex �����ƥ�Υ��ڥ졼�����ѥ���ɤ��ѹ����¤�å��������
--��¾�Υ桼����������ƿ���뤳�Ȥ˷��ꤷ���ʤ��κݤˤϻ�Ϥ��Υ����ǥ���
--�����������ͥ�˥ѥå������ƤƸ��¤����֤����Ȥ���������������
--�����줬 Unix �Ǥ��ä��顢��ˤϤɤ�����Ф褤���狼��ʤ��ä�������ˡ�
--.PP
--�������ʤ��顢���ˤ������Ԥ���̩��ϳ�餹��ΤǤ��롣�̾�� su �Υᥫ��
--����Ǥϡ����̥桼������¦��Ω�ļԤ� root �Υѥ���ɤ��Τ�С������
--¾�Υ桼�����ˤ��Τ餻�뤳�Ȥ��Ǥ��롣������ "wheel group" ��ǽ�Ϥ���
--���Բ�ǽ�ˤ�����̤Ȥ���������ã�θ��¤Ǥ����Τˤ��Ƥ��ޤ���
--.PP
--����罰��¦��Ω�Ĥ�ΤǤ��ꡢ����Ū��Ω��ˤ�ȿ�Ф��롣���ʤ��ϥܥ���
--�����ƥ�����ԤΤ����˽������Ȥ˴���Ƥ��뤫���Τ�ʤ��������ξ���
--�ޤ����Τ��ȼ��Ȥ��ԻĤ˻פ��٤��ǤϤʤ����������
-diff -Nur coreutils-5.2.1.orig/man/pl/su.1 coreutils-5.2.1/man/pl/su.1
---- coreutils-5.2.1.orig/man/pl/su.1 Tue Jun 20 16:07:31 2000
-+++ coreutils-5.2.1/man/pl/su.1 Thu Mar 18 17:05:55 2004
-@@ -78,8 +78,6 @@
- mo�e zosta� tak skompilowane, by raportowa�o nieudane, lub opcjonalnie
- r�wnie� udane pr�by zmiany id przy u�yciu
- .BR su .
--Jednak \fBsu\fP w wersji GNU nie sprawdza czy u�ytkownik jest cz�onkiem grupy
--`wheel' -- patrz poni�ej.
- .SH OPCJE
- .TP
- .BR \-c " \fIpolecenie\fP, " \-\-command= \fIpolecenie
-@@ -139,25 +137,6 @@
- .TP
- .B \-\-version
- Wy�wietla numer wersji programu i ko�czy prac�.
--.SH Dlaczego GNU `su' nie obs�uguje grupy `wheel'
--
--(Sekcj� t� napisa� Richard Stallman)
--
--Czasami kilku u�ytkownik�w usi�uje sprawowa� nieograniczon� w�adz� nad
--pozosta�ymi. Na przyk�ad, w 1984, kilku u�ytkownik�w w laboratorium AI MIT
--zdecydowa�o si� `przej�� w�adz�' zmieniaj�c has�o operatora systemu Twenex
--i trzymaj�c je w tajemnicy przed wszystkimi innymi. (Uda�o mi si�
--udaremni� ten zamach i przywr�ci� w�adz� u�ytkownikom �ataj�c j�dro, lecz
--nie wiedzia�bym jak zrobi� to w Uniksie.)
--
--Jednak, od czasu do czasu panuj�cy wyjawiaj� komu�. Przy zwyk�ym
--mechanizmie `su', kto�, kto pozna� has�o root'a i sympatyzuje ze zwyk�ymi
--u�ytkownikami, mo�e przekaza� je pozosta�ym. Funkcja "grupy wheel"
--uniemo�liwia�aby to, i w ten spos�b umacnia�a w�adz� rz�dz�cych.
--
--Jestem po stronie mas, nie po stronie rz�dz�cych. Je�eli zwyk�e� popiera�
--szef�w i administrator�w system�w we wszystkim, co robi�, podej�cie to mo�e
--pocz�tkowo wyda� Ci si� dziwne.
- .SH "ZG�ASZANIE B��D�W"
- B��dy prosz� zg�asza�, w j�z.ang., do <bug-sh-utils at gnu.org>.
- .SH COPYRIGHT
diff --git a/coreutils-runuser.patch b/coreutils-runuser.patch
deleted file mode 100644
index 033a058..0000000
--- a/coreutils-runuser.patch
+++ /dev/null
@@ -1,458 +0,0 @@
-diff -urNp coreutils-8.7-orig/README coreutils-8.7/README
---- coreutils-8.7-orig/README 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/README 2010-11-15 10:10:43.002922253 +0100
-@@ -12,10 +12,10 @@ The programs that can be built with this
- factor false fmt fold groups head hostid hostname id install join kill
- link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
- nproc od paste pathchk pinky pr printenv printf ptx pwd readlink realpath
-- rm rmdir runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred
-- shuf sleep sort split stat stdbuf stty su sum sync tac tail tee test
-- timeout touch tr true truncate tsort tty uname unexpand uniq unlink
-- uptime users vdir wc who whoami yes
-+ rm rmdir runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum
-+ shred shuf sleep sort split stat stdbuf stty su sum sync tac tail tee
-+ test timeout touch tr true truncate tsort tty uname unexpand uniq
-+ unlink uptime users vdir wc who whoami yes
-
- See the file NEWS for a list of major changes in the current release.
-
-diff -urNp coreutils-8.7-orig/AUTHORS coreutils-8.7/AUTHORS
---- coreutils-8.7-orig/AUTHORS 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/AUTHORS 2010-11-15 10:08:04.222078001 +0100
-@@ -65,6 +65,7 @@ readlink: Dmitry V. Levin
- rm: Paul Rubin, David MacKenzie, Richard M. Stallman, Jim Meyering
- rmdir: David MacKenzie
- runcon: Russell Coker
-+runuser: David MacKenzie, Dan Walsh
- seq: Ulrich Drepper
- sha1sum: Ulrich Drepper, Scott Miller, David Madore
- sha224sum: Ulrich Drepper, Scott Miller, David Madore
-diff -urNp coreutils-8.7-orig/man/help2man coreutils-8.7/man/help2man
---- coreutils-8.7-orig/man/help2man 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/man/help2man 2010-11-15 10:08:51.331054884 +0100
-@@ -555,6 +555,9 @@ while (length)
- $include{$sect} .= $content;
- }
-
-+# There is no info documentation for runuser (shared with su).
-+$opt_no_info = 1 if $program eq 'runuser';
-+
- # Refer to the real documentation.
- unless ($opt_no_info)
- {
---- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
-+++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
-@@ -109,9 +109,15 @@
- #include "error.h"
-
- /* The official name of this program (e.g., no 'g' prefix). */
-+#ifndef RUNUSER
- #define PROGRAM_NAME "su"
-+#else
-+#define PROGRAM_NAME "runuser"
-+#endif
-
-+#ifndef AUTHORS
- #define AUTHORS proper_name ("David MacKenzie")
-+#endif
-
- #if HAVE_PATHS_H
- # include <paths.h>
-@@ -149,6 +149,10 @@
- char *crypt (char const *key, char const *salt);
- #endif
-
-+#ifndef CHECKPASSWD
-+#define CHECKPASSWD 1
-+#endif
-+
- static void run_shell (char const *, char const *, char **, size_t,
- const struct passwd *)
- #ifdef USE_PAM
-@@ -154,7 +154,11 @@
- #endif
-
- static void run_shell (char const *, char const *, char **, size_t,
-- const struct passwd *)
-+ const struct passwd *
-+#ifdef RUNUSER
-+ , gid_t *groups, int num_groups
-+#endif
-+ )
- #ifdef USE_PAM
- ;
- #else
-@@ -187,6 +201,10 @@
- {"login", no_argument, NULL, 'l'},
- {"preserve-environment", no_argument, NULL, 'p'},
- {"shell", required_argument, NULL, 's'},
-+#ifdef RUNUSER
-+ {"group", required_argument, NULL, 'g'},
-+ {"supp-group", required_argument, NULL, 'G'},
-+#endif
- {GETOPT_HELP_OPTION_DECL},
- {GETOPT_VERSION_OPTION_DECL},
- {NULL, 0, NULL, 0}
-@@ -288,10 +306,12 @@
- retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
- PAM_BAIL_P;
-
-+#ifndef RUNUSER
- if (getuid() != 0 && !isatty(0)) {
- fprintf(stderr, _("standard in must be a tty\n"));
- exit(1);
- }
-+#endif
-
- caller = getpwuid(getuid());
- if(caller != NULL && caller->pw_name != NULL) {
-@@ -308,6 +328,11 @@
- retval = pam_set_item(pamh, PAM_TTY, tty_name);
- PAM_BAIL_P;
- }
-+#ifdef RUNUSER
-+ if (getuid() != geteuid())
-+ /* safety net: deny operation if we are suid by accident */
-+ error(EXIT_FAILURE, 1, "runuser may not be setuid");
-+#else
- retval = pam_authenticate(pamh, 0);
- PAM_BAIL_P;
- retval = pam_acct_mgmt(pamh, 0);
-@@ -317,6 +342,7 @@
- PAM_BAIL_P;
- }
- PAM_BAIL_P;
-+#endif
- /* must be authenticated if this point was reached */
- return 1;
- #else /* !USE_PAM */
-@@ -398,11 +424,22 @@
- /* Become the user and group(s) specified by PW. */
-
- static void
--change_identity (const struct passwd *pw)
-+change_identity (const struct passwd *pw
-+#ifdef RUNUSER
-+ , gid_t *groups, int num_groups
-+#endif
-+ )
- {
- #ifdef HAVE_INITGROUPS
-+ int rc = 0;
- errno = 0;
-- if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
-+#ifdef RUNUSER
-+ if (num_groups)
-+ rc = setgroups(num_groups, groups);
-+ else
-+#endif
-+ rc = initgroups(pw->pw_name, pw->pw_gid);
-+ if (rc == -1) {
- #ifdef USE_PAM
- pam_close_session(pamh, 0);
- pam_end(pamh, PAM_ABORT);
-@@ -449,7 +486,11 @@
-
- static void
- run_shell (char const *shell, char const *command, char **additional_args,
-- size_t n_additional_args, const struct passwd *pw)
-+ size_t n_additional_args, const struct passwd *pw
-+#ifdef RUNUSER
-+ , gid_t *groups, int num_groups
-+#endif
-+ )
- {
- size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
- char const **args = xnmalloc (n_args, sizeof *args);
-@@ -480,7 +521,11 @@
-
- child = fork();
- if (child == 0) { /* child shell */
-- change_identity (pw);
-+ change_identity (pw
-+#ifdef RUNUSER
-+ , groups, num_groups
-+#endif
-+ );
- pam_end(pamh, 0);
- if (!same_session)
- setsid ();
-@@ -657,6 +702,12 @@
- char *shell = NULL;
- struct passwd *pw;
- struct passwd pw_copy;
-+#ifdef RUNUSER
-+ struct group *gr;
-+ gid_t groups[NGROUPS_MAX];
-+ int num_supp_groups = 0;
-+ int use_gid = 0;
-+#endif
-
- initialize_main (&argc, &argv);
- program_name = argv[0];
-@@ -671,7 +722,11 @@
- simulate_login = false;
- change_environment = true;
-
-- while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
-+ while ((optc = getopt_long (argc, argv, "c:flmps:"
-+#ifdef RUNUSER
-+ "g:G:"
-+#endif
-+ , longopts, NULL)) != -1)
- {
- switch (optc)
- {
-@@ -701,6 +756,28 @@
- shell = optarg;
- break;
-
-+#ifdef RUNUSER
-+ case 'g':
-+ gr = getgrnam(optarg);
-+ if (!gr)
-+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
-+ use_gid = 1;
-+ groups[0] = gr->gr_gid;
-+ break;
-+
-+ case 'G':
-+ num_supp_groups++;
-+ if (num_supp_groups >= NGROUPS_MAX)
-+ error (EXIT_FAILURE, 0,
-+ _("Can't specify more than %d supplemental groups"),
-+ NGROUPS_MAX - 1);
-+ gr = getgrnam(optarg);
-+ if (!gr)
-+ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
-+ groups[num_supp_groups] = gr->gr_gid;
-+ break;
-+#endif
-+
- case_GETOPT_HELP_CHAR;
-
- case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
-@@ -739,7 +816,20 @@
- : DEFAULT_SHELL);
- endpwent ();
-
-- if (!correct_password (pw))
-+#ifdef RUNUSER
-+ if (num_supp_groups && !use_gid)
-+ {
-+ pw->pw_gid = groups[1];
-+ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
-+ }
-+ else if (use_gid)
-+ {
-+ pw->pw_gid = groups[0];
-+ num_supp_groups++;
-+ }
-+#endif
-+
-+ if (CHECKPASSWD && !correct_password (pw))
- {
- #ifdef SYSLOG_FAILURE
- log_su (pw, false);
-@@ -814,7 +814,11 @@
- modify_environment (pw, shell);
-
- #ifndef USE_PAM
-- change_identity (pw);
-+ change_identity (pw
-+#ifdef RUNUSER
-+ , groups, num_supp_groups
-+#endif
-+ );
- #endif
-
- /* error() flushes stderr, but does not check for write failure.
-@@ -825,5 +829,9 @@
- if (ferror (stderr))
- exit (EXIT_CANCELED);
-
-- run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
-+ run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
-+#ifdef RUNUSER
-+ , groups, num_supp_groups
-+#endif
-+ );
- }
-diff -urNp coreutils-8.7-orig/src/Makefile.am coreutils-8.7/src/Makefile.am
---- coreutils-8.7-orig/src/Makefile.am 2010-11-15 10:07:07.339171659 +0100
-+++ coreutils-8.7/src/Makefile.am 2010-11-15 10:12:14.847094550 +0100
-@@ -100,6 +100,7 @@ EXTRA_PROGRAMS = \
- rm \
- rmdir \
- runcon \
-+ runuser \
- seq \
- sha1sum \
- sha224sum \
-@@ -300,6 +301,10 @@ cp_LDADD += $(copy_LDADD)
- ginstall_LDADD += $(copy_LDADD)
- mv_LDADD += $(copy_LDADD)
-
-+runuser_SOURCES = su.c
-+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
-+runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
-+
- remove_LDADD =
- mv_LDADD += $(remove_LDADD)
- rm_LDADD += $(remove_LDADD)
-@@ -395,7 +400,7 @@ RELEASE_YEAR = \
- `sed -n '/.*COPYRIGHT_YEAR = \([0-9][0-9][0-9][0-9]\) };/s//\1/p' \
- $(top_srcdir)/lib/version-etc.c`
-
--all-local: su$(EXEEXT)
-+all-local: su$(EXEEXT) runuser$(EXEEXT)
-
- installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
-
-diff -urNp coreutils-8.7-orig/man/Makefile.am coreutils-8.7/man/Makefile.am
---- coreutils-8.7-orig/man/Makefile.am 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/man/Makefile.am 2010-11-15 10:09:21.768922182 +0100
-@@ -94,6 +94,7 @@ readlink.1: $(common_dep) $(srcdir)/read
- rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
- rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
- runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
-+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
- seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
- sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
- sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
-diff -urNp coreutils-8.7-orig/man/runuser.x coreutils-8.7/man/runuser.x
---- coreutils-8.7-orig/man/runuser.x 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.7/man/runuser.x 2010-11-15 10:09:57.437939015 +0100
-@@ -0,0 +1,12 @@
-+[NAME]
-+runuser \- run a shell with substitute user and group IDs
-+[DESCRIPTION]
-+.\" Add any additional description here
-+[SEE ALSO]
-+.TP
-+More detailed Texinfo documentation could be found by command
-+.TP
-+\t\fBinfo coreutils \(aqsu invocation\(aq\fR\t
-+.TP
-+since the command \fBrunuser\fR is trimmed down version of command \fBsu\fR.
-+.br
---- /dev/null 2007-01-09 09:38:07.860075128 +0000
-+++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
-@@ -0,0 +1,68 @@
-+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
-+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
-+.SH NAME
-+runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
-+.SH SYNOPSIS
-+.B runuser
-+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
-+.SH DESCRIPTION
-+.\" Add any additional description here
-+.PP
-+Change the effective user id and group id to that of USER. No PAM hooks
-+are run, and there will be no password prompt. This command is useful
-+when run as the root user. If run as a non-root user without privilege
-+to set user ID, the command will fail.
-+.TP
-+-, \fB\-l\fR, \fB\-\-login\fR
-+make the shell a login shell
-+.TP
-+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
-+pass a single COMMAND to the shell with \fB\-c\fR
-+.TP
-+\fB\-f\fR, \fB\-\-fast\fR
-+pass \fB\-f\fR to the shell (for csh or tcsh)
-+.TP
-+\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
-+specify the primary group
-+.TP
-+\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
-+specify a supplemental group
-+.TP
-+\fB\-m\fR, \fB\-\-preserve\-environment\fR
-+do not reset environment variables
-+.TP
-+\fB\-p\fR
-+same as \fB\-m\fR
-+.TP
-+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
-+run SHELL if /etc/shells allows it
-+.TP
-+\fB\-\-help\fR
-+display this help and exit
-+.TP
-+\fB\-\-version\fR
-+output version information and exit
-+.PP
-+A mere - implies \fB\-l\fR. If USER not given, assume root.
-+.SH AUTHOR
-+Written by David MacKenzie, Dan Walsh.
-+.SH "REPORTING BUGS"
-+Report bugs to <bug-coreutils at gnu.org>.
-+.SH COPYRIGHT
-+Copyright \(co 2004 Free Software Foundation, Inc.
-+.br
-+This is free software; see the source for copying conditions. There is NO
-+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-+.SH "SEE ALSO"
-+Since this command is trimmed down version of su use you can use the su manual.
-+The full documentation for
-+.B su
-+is maintained as a Texinfo manual. If the
-+.B info
-+and
-+.B su
-+programs are properly installed at your site, the command
-+.IP
-+.B info coreutils su
-+.PP
-+should give you access to the complete manual.
---- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
-+++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
-@@ -8986,6 +8986,16 @@
- msgid "warning: cannot change directory to %s"
- msgstr "uwaga: nie można zmienić katalogu na %s"
-
-+#: src/su.c:runuser
-+#, c-format
-+msgid "group %s does not exist"
-+msgstr "grupa %s nie istnieje"
-+
-+#: src/su.c:runuser
-+#, c-format
-+msgid "Can't specify more than %d supplemental groups"
-+msgstr "Nie można określić więcej niż %d grup dodatkowych"
-+
- #. This is a proper name. See the gettext manual, section Names.
- #: src/sum.c:36
- msgid "Kayvan Aghaiepour"
-diff -urNp coreutils-8.7-orig/tests/misc/help-version coreutils-8.7/tests/misc/help-version
---- coreutils-8.7-orig/tests/misc/help-version 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/tests/misc/help-version 2010-11-15 10:45:18.473682325 +0100
-@@ -32,6 +32,7 @@ expected_failure_status_nohup=125
- expected_failure_status_stdbuf=125
- expected_failure_status_su=125
- expected_failure_status_timeout=125
-+expected_failure_status_runuser=125
- expected_failure_status_printenv=2
- expected_failure_status_tty=3
- expected_failure_status_sort=2
-@@ -209,6 +210,7 @@ seq_setup () { args=10; }
- sleep_setup () { args=0; }
- su_setup () { args=--version; }
- stdbuf_setup () { args="-oL true"; }
-+runuser_setup () { args=--version; }
- timeout_setup () { args=--version; }
-
- # I'd rather not run sync, since it spins up disks that I've
-diff -urNp coreutils-8.7-orig/tests/misc/invalid-opt coreutils-8.7/tests/misc/invalid-opt
---- coreutils-8.7-orig/tests/misc/invalid-opt 2010-10-11 19:35:11.000000000 +0200
-+++ coreutils-8.7/tests/misc/invalid-opt 2010-11-15 10:45:46.451938873 +0100
-@@ -37,6 +37,7 @@ my %exit_status =
- sort => 2,
- stdbuf => 125,
- su => 125,
-+ runuser => 125,
- test => 0,
- timeout => 125,
- true => 0,
diff --git a/coreutils-split-pam.patch b/coreutils-split-pam.patch
deleted file mode 100644
index 5f6f72e..0000000
--- a/coreutils-split-pam.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -uNrp -x '*~' coreutils-5.97-orig/src/su.c coreutils-5.97/src/su.c
---- coreutils-5.97-orig/src/su.c 2006-07-13 12:14:40.000000000 +0100
-+++ coreutils-5.97/src/su.c 2006-07-13 12:24:33.000000000 +0100
-@@ -131,11 +131,15 @@
-
- #include "error.h"
-
--/* The official name of this program (e.g., no 'g' prefix). */
-+/* The official name of this program (e.g., no 'g' prefix).
-+ * - Add a "-l" to the name passed to PAM if this is a login simulation
-+ */
- #ifndef RUNUSER
- #define PROGRAM_NAME "su"
-+#define PROGRAM_NAME_L "su-l"
- #else
- #define PROGRAM_NAME "runuser"
-+#define PROGRAM_NAME_L "runuser-l"
- #endif
-
- #ifndef AUTHORS
-@@ -310,7 +314,8 @@ correct_password (const struct passwd *p
- #ifdef USE_PAM
- struct passwd *caller;
- char *tty_name, *ttyn;
-- retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
-+ retval = pam_start(simulate_login ? PROGRAM_NAME_L : PROGRAM_NAME,
-+ pw->pw_name, &conv, &pamh);
- PAM_BAIL_P;
-
- #ifndef RUNUSER
diff --git a/runuser-l.pamd b/runuser-l.pamd
deleted file mode 100644
index fa1e4d8..0000000
--- a/runuser-l.pamd
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth include runuser
-session optional pam_keyinit.so force revoke
-session include runuser
diff --git a/runuser.pamd b/runuser.pamd
deleted file mode 100644
index 5b66ff1..0000000
--- a/runuser.pamd
+++ /dev/null
@@ -1,3 +0,0 @@
-#%PAM-1.0
-auth sufficient pam_rootok.so
-session include system-auth
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/coreutils.git/commitdiff/38444ddfea3dad9821ec1a30428ace3455795297
More information about the pld-cvs-commit
mailing list