Commit Graph

149 Commits

Author SHA1 Message Date
gjb
7089418fe7 Attempt to clear up some confusion in the following example, by stating
the '-c' argument is passed to the shell, not to su(1), which would
indicate the login class.

	'su -m <user> -c <command>'

Submitted by:	Warren Block <wblock@wonkity.com> (followup to 157078)
MFC after:	5 days
2011-06-06 19:33:19 +00:00
gjb
257b067001 Bump date from previous commit. :(
MFC after:	5 days
2011-06-06 15:21:53 +00:00
gjb
32935a5430 Document that when running 'su -m <user> -c <command>', <command> is run
within a shell as <user>.

PR:		157078
Submitted by:	Warren Block <wblock@wonkity.com>
MFC after:	5 days
2011-06-06 15:17:55 +00:00
ume
985728498a getpwnam(3) may return NULL.
Requested by:   nork
Reviewed by:    Takeharu KATO <takeharu1219__at__ybb.ne.jp>, nork
MFC after:      1 week
2011-03-27 12:53:20 +00:00
joel
29af67e52c Remove the advertising clause from UCB copyrighted files in usr.bin. This
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change

Also add $FreeBSD$ to a few files to keep svn happy.

Discussed with:	imp, rwatson
2010-12-11 08:32:16 +00:00
ed
9b380e30d4 Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
delphij
0842b7d53f Revert most part of 200420 as requested, as more review and polish is
needed.
2009-12-13 03:14:06 +00:00
delphij
b963db4652 Remove unneeded header includes from usr.bin/ except contributed code.
Tested with:	make universe
2009-12-11 23:35:38 +00:00
csjp
049dc5709e Fixup the parameters to audit_submit(3) the order is errno then return
value.  This bug went un-noticed for so long because EPERM == 1

MFC after:	1 week
Spotted by:	sson, rwatson
2009-04-04 20:58:18 +00:00
danger
6e72a32935 - add the -m option to the example commands because they would fail w/o it
as the ``man'' user does not have a valid shell by default.

PR:		docs/121713
Approved by:	trhodes
MFC after:	3 days
2008-07-01 20:56:23 +00:00
dwmalone
b04619598b Fix a strict aliasing warning - I think it is really telling us
that the way char * and void * pointers may not be stored in the
same way.
2008-06-04 19:16:54 +00:00
davidxu
3d81878b1f The upper while loop has already recycled child process, so the if
statement has never executed as expected, fix it.

MFC after: 3 days
2007-10-18 11:05:30 +00:00
delphij
90cc29c58c Stop mentioning /usr/X11R6.
Approved by:	re (hrs)
2007-07-24 06:41:07 +00:00
scf
196b6346ba Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
ache
6ccaf050cc Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.

Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
2007-05-01 16:02:44 +00:00
ache
123c99294b Prepare for upcoming POSIXed putenv() rewrite:
don't free memory after putenv()
2007-04-30 12:51:02 +00:00
sobomax
19094a2bf3 Backout previous change (SIGSYS related). The fix has been applied to the
proper place.

Pointed out by:	rwatson
2006-10-24 17:41:28 +00:00
sobomax
1d06416b30 Ignore SIGSYS when BSM is compiled in. Otherwise, attempt to invoke su on
system that don't have audit framefork compiled into kernel or ia32 binary
on amd64 system will result in SIGSYS. There is one place in su.c itself
where it tries to check for errno != ENOSYS, but it has been a nop since su
does not catch SIGSYS anyway. There are few other places in libbsm,
where attempt to invoke audit syscal would result in SIGSYS if no audit
support is present in the kernel, so that the only reliable method for
now is to disable SIGSYS completely in the case when BSM is compiled in.

In the long run, both direct invocation of audit-related syscalls and
libbsm should be made more intellegent to handle the case when BSM is not
compiled into the kernel gracefully.

MFC after: 3 days
           (provided re@ approval)
2006-10-24 08:18:10 +00:00
ru
33e34aeeb5 Markup fixes. 2006-09-29 15:20:48 +00:00
luoqi
16c630b2da Do not chdir(2) until after setuid(2), otherwise "su - username" would fail
when root doesn't have the permission to enter target user's home directory.
If set, PAM environment variable HOME will be used in chdir(2) instead of
pwd->pw_dir, this allows pam_chroot module to continue to function.
2006-09-29 04:41:37 +00:00
joel
e532d7ce17 Remove references to the pam(8) manual page. It does not exist.
Requested by:	novel
Discussed with:	brueffer, simon
2006-09-13 17:46:20 +00:00
csjp
5c107d0b0f Integrate audit_submit(3) bits into su. This means that records for
successful and failed su attempts will be recorded using the AUE_su
event type (login or lo class) if auditing is present in the system.
Currently, the records will have a header, subject, text (with the
actual diagnostics), a return and trailer token.

See audit_submit(3) for more information.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2006-09-01 13:39:02 +00:00
brd
93d466e244 - Mention that users need to be in the wheel group to `su - root' by default, and how to change it.
PR:		docs/70616
Submitted by:	Jilles Tjoelker <jilles at stack dot nl>
Reviewed by:	ru@
Approved by:	ceri@
MFC after:	3 days
2006-01-28 01:11:11 +00:00
brian
75107ac807 Fix the other su bug reintroduced two commits ago, namely
$ su
    % kill -STOP $$

where su is executing (t)csh.  csh's job handling is a little more
special than that of (a)sh, bash and even zsh and blows up a little
more spectacularly.  This modification restores the original mucking
about with the tty pgrp, but is careful to only do it when su (or
su's child) is the foreground process.

While I'm here, fix a STDERR_FILENO spelling as suggested by bde.
2006-01-03 09:17:04 +00:00
brian
6e6de63b65 Handle the case (that I just broke) where the following hangs:
$ su
    # kill -STOP $$

Pointed out by:	David Xu <davidxu@freebsd.org>
2006-01-02 09:46:38 +00:00
brian
9866b0b749 Remove broken code that mucks about with tcsetpgrp() -- even if
su isn't the foreground process.  Hopefully this won't break PAM,
but I couldn't find any useful information about ache's theory
that it will.

Specifically, this change fixes the following:

    # sh
    # echo $$
    # su - root -c id &
    # echo $$

The PID output changes as su seems to be kill -STOP'ing itself
and catching the parent shell in the process.  This is especially
bad if you add a ``su - user -c command &'' to an rc script!

Sponsored by:		Sophos/Activestate
Not objected to by:	des
2006-01-02 08:51:21 +00:00
ru
7f3c7f0d46 Sort sections. 2005-01-18 13:43:56 +00:00
rwatson
0012bc8f92 If su(1) is run without an effective uid of 0, generate an error to
the user indicating that su is not running setuid, which may help
suggest to the user that it should be setuid, or should not be
running from a file system mounted nosuid.

Suggsted by:	Ivan Voras <ivoras at fer dot hr>
MFC after:	2 weeks
2005-01-17 19:57:59 +00:00
ru
f0fbc30e0d Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
simon
1eacded275 Bump document date for last commit.
Noticed by:	ru
2004-10-04 12:06:05 +00:00
simon
f0c65463ba PAM configuration is now in /etc/pam.d/su.
Submitted by:	Jilles Tjoelker <jilles@stack.nl> (original version)
PR:		docs/70616 (part of)
MFC after:	1 week
2004-10-03 21:44:42 +00:00
ru
ee5b7e52fa Deal with double whitespace. 2004-07-03 00:24:45 +00:00
ru
fb1d8b3724 Mechanically kill hard sentence breaks. 2004-07-02 22:22:35 +00:00
markm
e7ed8bc0a8 Oops. My last commit included a bug that would make "su -m" always
use /bin/sh. Fix this.
2004-06-15 20:23:02 +00:00
markm
ea8442f9ea Paranoia, WARNS fixes and lint. 2004-06-13 11:21:06 +00:00
ru
275ab135c7 Bumped the document date.
Fixed the grammar nit.
2004-05-19 09:53:41 +00:00
charnier
055112142a Add FBSDID. Do not dot terminate errx(3) string. 2004-04-04 18:56:53 +00:00
ru
0ed839756a Fixed style of assignments. 2004-02-02 18:01:19 +00:00
des
77da48ef10 When root tries to su to a non-existent user, pam_authenticate() will
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message.  To avoid this, call getpwnam()
before pam_acct_mgmt().

Sponsored by:	registrar.no
2004-01-06 09:47:24 +00:00
davidxu
b5882bdf82 Be sure to restore foreground group to parent su before parent su
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
2003-11-04 14:51:34 +00:00
davidxu
8792262eee It seems when su executes in a shell scripts, there is a timing race,
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.

Noticed by: fjoe
2003-11-03 23:54:55 +00:00
cognet
eb4121cb0d Fix broken su -m behaviour :
chshell must return 0 if the shell is not a standard shell, or else it is
possible to use an account without a valid shell.

Reviewed by:	des
2003-10-19 02:09:36 +00:00
kensmith
9c75463c34 - Clarification to how command line arguments are processed.
PR:		docs/55613
Submitted by:	gshapiro@freebsd.org
Approved by:	blackend (mentor)
2003-09-28 17:54:48 +00:00
charnier
32299344de typo 2003-06-08 13:51:40 +00:00
des
e3a20d4e48 PAM-related improvements:
- if operating "as them" (su -l), use pam_{open,close}_session()
 - allow PAM to override $HOME (pam_chroot needs this)
 - chdir early, because later on we may be chrooted and chdir will fail

Also use pid_t instead of int where applicable.
2003-04-08 16:59:53 +00:00
davidxu
e173b93e2a Put child process in a different process group, ensure that the broadcast
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.

Discussed with: bde
2003-03-27 01:32:51 +00:00
des
118ffeb10c Fix style bugs in the previous commit (which weren't in bde's patch) 2003-03-11 11:35:24 +00:00
davidxu
59af771a3e Reset SIGTSTP handler to default both for parent and child process.
Submitted by: bde
2003-03-11 09:16:51 +00:00
davidxu
5bae8e4c5d Fix long standing job control bug. SIGTSTP shouldn't be ignored.
Special instructions tested:
suspend
stop $$
2003-03-11 00:10:22 +00:00
des
c4a7a7ecc1 Pass the correct, verified username to PAM instead of getlogin(). 2003-02-06 14:29:28 +00:00