1 diff -urNp coreutils-8.7-orig/README coreutils-8.7/README
2 --- coreutils-8.7-orig/README 2010-10-11 19:35:11.000000000 +0200
3 +++ coreutils-8.7/README 2010-11-15 10:10:43.002922253 +0100
4 @@ -12,10 +12,10 @@ The programs that can be built with this
5 factor false fmt fold groups head hostid hostname id install join kill
6 link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
7 nproc od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir
8 - runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf
9 - sleep sort split stat stdbuf stty su sum sync tac tail tee test timeout
10 - touch tr true truncate tsort tty uname unexpand uniq unlink uptime users
11 - vdir wc who whoami yes
12 + runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred
13 + shuf sleep sort split stat stdbuf stty su sum sync tac tail tee test
14 + timeout touch tr true truncate tsort tty uname unexpand uniq unlink uptime
15 + users vdir wc who whoami yes
17 See the file NEWS for a list of major changes in the current release.
19 diff -urNp coreutils-8.7-orig/AUTHORS coreutils-8.7/AUTHORS
20 --- coreutils-8.7-orig/AUTHORS 2010-10-11 19:35:11.000000000 +0200
21 +++ coreutils-8.7/AUTHORS 2010-11-15 10:08:04.222078001 +0100
22 @@ -65,6 +65,7 @@ readlink: Dmitry V. Levin
23 rm: Paul Rubin, David MacKenzie, Richard M. Stallman, Jim Meyering
24 rmdir: David MacKenzie
26 +runuser: David MacKenzie, Dan Walsh
28 sha1sum: Ulrich Drepper, Scott Miller, David Madore
29 sha224sum: Ulrich Drepper, Scott Miller, David Madore
30 diff -urNp coreutils-8.7-orig/man/help2man coreutils-8.7/man/help2man
31 --- coreutils-8.7-orig/man/help2man 2010-10-11 19:35:11.000000000 +0200
32 +++ coreutils-8.7/man/help2man 2010-11-15 10:08:51.331054884 +0100
33 @@ -555,6 +555,9 @@ while (length)
34 $include{$sect} .= $content;
37 +# There is no info documentation for runuser (shared with su).
38 +$opt_no_info = 1 if $program eq 'runuser';
40 # Refer to the real documentation.
43 --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000
44 +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000
48 /* The official name of this program (e.g., no `g' prefix). */
50 #define PROGRAM_NAME "su"
52 +#define PROGRAM_NAME "runuser"
56 #define AUTHORS proper_name ("David MacKenzie")
62 char *crypt (char const *key, char const *salt);
66 +#define CHECKPASSWD 1
69 static void run_shell (char const *, char const *, char **, size_t,
70 const struct passwd *)
75 static void run_shell (char const *, char const *, char **, size_t,
76 - const struct passwd *)
77 + const struct passwd *
79 + , gid_t *groups, int num_groups
86 {"login", no_argument, NULL, 'l'},
87 {"preserve-environment", no_argument, NULL, 'p'},
88 {"shell", required_argument, NULL, 's'},
90 + {"group", required_argument, NULL, 'g'},
91 + {"supp-group", required_argument, NULL, 'G'},
93 {GETOPT_HELP_OPTION_DECL},
94 {GETOPT_VERSION_OPTION_DECL},
97 retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
101 if (getuid() != 0 && !isatty(0)) {
102 fprintf(stderr, _("standard in must be a tty\n"));
107 caller = getpwuid(getuid());
108 if(caller != NULL && caller->pw_name != NULL) {
110 retval = pam_set_item(pamh, PAM_TTY, tty_name);
114 + if (getuid() != geteuid())
115 + /* safety net: deny operation if we are suid by accident */
116 + error(EXIT_FAILURE, 1, "runuser may not be setuid");
118 retval = pam_authenticate(pamh, 0);
120 retval = pam_acct_mgmt(pamh, 0);
126 /* must be authenticated if this point was reached */
129 @@ -398,11 +424,22 @@
130 /* Become the user and group(s) specified by PW. */
133 -change_identity (const struct passwd *pw)
134 +change_identity (const struct passwd *pw
136 + , gid_t *groups, int num_groups
140 #ifdef HAVE_INITGROUPS
143 - if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
146 + rc = setgroups(num_groups, groups);
149 + rc = initgroups(pw->pw_name, pw->pw_gid);
152 pam_close_session(pamh, 0);
153 pam_end(pamh, PAM_ABORT);
157 run_shell (char const *shell, char const *command, char **additional_args,
158 - size_t n_additional_args, const struct passwd *pw)
159 + size_t n_additional_args, const struct passwd *pw
161 + , gid_t *groups, int num_groups
165 size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
166 char const **args = xnmalloc (n_args, sizeof *args);
170 if (child == 0) { /* child shell */
171 - change_identity (pw);
172 + change_identity (pw
174 + , groups, num_groups
183 struct passwd pw_copy;
186 + gid_t groups[NGROUPS_MAX];
187 + int num_supp_groups = 0;
191 initialize_main (&argc, &argv);
192 program_name = argv[0];
194 simulate_login = false;
195 change_environment = true;
197 - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
198 + while ((optc = getopt_long (argc, argv, "c:flmps:"
202 + , longopts, NULL)) != -1)
212 + gr = getgrnam(optarg);
214 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
216 + groups[0] = gr->gr_gid;
221 + if (num_supp_groups >= NGROUPS_MAX)
222 + error (EXIT_FAILURE, 0,
223 + _("Can't specify more than %d supplemental groups"),
225 + gr = getgrnam(optarg);
227 + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg);
228 + groups[num_supp_groups] = gr->gr_gid;
232 case_GETOPT_HELP_CHAR;
234 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
239 - if (!correct_password (pw))
241 + if (num_supp_groups && !use_gid)
243 + pw->pw_gid = groups[1];
244 + memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
248 + pw->pw_gid = groups[0];
253 + if (CHECKPASSWD && !correct_password (pw))
255 #ifdef SYSLOG_FAILURE
258 modify_environment (pw, shell);
261 - change_identity (pw);
262 + change_identity (pw
264 + , groups, num_supp_groups
269 /* error() flushes stderr, but does not check for write failure.
272 exit (EXIT_CANCELED);
274 - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
275 + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
277 + , groups, num_supp_groups
281 diff -urNp coreutils-8.7-orig/src/Makefile.am coreutils-8.7/src/Makefile.am
282 --- coreutils-8.7-orig/src/Makefile.am 2010-11-15 10:07:07.339171659 +0100
283 +++ coreutils-8.7/src/Makefile.am 2010-11-15 10:12:14.847094550 +0100
284 @@ -100,6 +100,7 @@ EXTRA_PROGRAMS = \
292 @@ -300,6 +301,10 @@ cp_LDADD += $(copy_LDADD)
293 ginstall_LDADD += $(copy_LDADD)
294 mv_LDADD += $(copy_LDADD)
296 +runuser_SOURCES = su.c
297 +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
298 +runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM)
301 mv_LDADD += $(remove_LDADD)
302 rm_LDADD += $(remove_LDADD)
303 @@ -395,7 +400,7 @@ RELEASE_YEAR = \
304 `sed -n '/.*COPYRIGHT_YEAR = \([0-9][0-9][0-9][0-9]\) };/s//\1/p' \
305 $(top_srcdir)/lib/version-etc.c`
307 -all-local: su$(EXEEXT)
308 +all-local: su$(EXEEXT) runuser$(EXEEXT)
310 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
312 diff -urNp coreutils-8.7-orig/man/Makefile.am coreutils-8.7/man/Makefile.am
313 --- coreutils-8.7-orig/man/Makefile.am 2010-10-11 19:35:11.000000000 +0200
314 +++ coreutils-8.7/man/Makefile.am 2010-11-15 10:09:21.768922182 +0100
315 @@ -94,6 +94,7 @@ readlink.1: $(common_dep) $(srcdir)/read
316 rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
317 rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
318 runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
319 +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
320 seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
321 sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
322 sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c
323 diff -urNp coreutils-8.7-orig/man/runuser.x coreutils-8.7/man/runuser.x
324 --- coreutils-8.7-orig/man/runuser.x 1970-01-01 01:00:00.000000000 +0100
325 +++ coreutils-8.7/man/runuser.x 2010-11-15 10:09:57.437939015 +0100
328 +runuser \- run a shell with substitute user and group IDs
330 +.\" Add any additional description here
333 +More detailed Texinfo documentation could be found by command
335 +\t\fBinfo coreutils \(aqsu invocation\(aq\fR\t
337 +since the command \fBrunuser\fR is trimmed down version of command \fBsu\fR.
339 --- /dev/null 2007-01-09 09:38:07.860075128 +0000
340 +++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000
342 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33.
343 +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
345 +runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks
348 +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
350 +.\" Add any additional description here
352 +Change the effective user id and group id to that of USER. No PAM hooks
353 +are run, and there will be no password prompt. This command is useful
354 +when run as the root user. If run as a non-root user without privilege
355 +to set user ID, the command will fail.
357 +-, \fB\-l\fR, \fB\-\-login\fR
358 +make the shell a login shell
360 +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
361 +pass a single COMMAND to the shell with \fB\-c\fR
363 +\fB\-f\fR, \fB\-\-fast\fR
364 +pass \fB\-f\fR to the shell (for csh or tcsh)
366 +\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR
367 +specify the primary group
369 +\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR
370 +specify a supplemental group
372 +\fB\-m\fR, \fB\-\-preserve\-environment\fR
373 +do not reset environment variables
378 +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
379 +run SHELL if /etc/shells allows it
382 +display this help and exit
385 +output version information and exit
387 +A mere - implies \fB\-l\fR. If USER not given, assume root.
389 +Written by David MacKenzie, Dan Walsh.
390 +.SH "REPORTING BUGS"
391 +Report bugs to <bug-coreutils@gnu.org>.
393 +Copyright \(co 2004 Free Software Foundation, Inc.
395 +This is free software; see the source for copying conditions. There is NO
396 +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
398 +Since this command is trimmed down version of su use you can use the su manual.
399 +The full documentation for
401 +is maintained as a Texinfo manual. If the
405 +programs are properly installed at your site, the command
407 +.B info coreutils su
409 +should give you access to the complete manual.
410 --- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100
411 +++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100
412 @@ -8986,6 +8986,16 @@
413 msgid "warning: cannot change directory to %s"
414 msgstr "uwaga: nie można zmienić katalogu na %s"
418 +msgid "group %s does not exist"
419 +msgstr "grupa %s nie istnieje"
423 +msgid "Can't specify more than %d supplemental groups"
424 +msgstr "Nie można określić więcej niż %d grup dodatkowych"
426 #. This is a proper name. See the gettext manual, section Names.
428 msgid "Kayvan Aghaiepour"
429 diff -urNp coreutils-8.7-orig/tests/misc/help-version coreutils-8.7/tests/misc/help-version
430 --- coreutils-8.7-orig/tests/misc/help-version 2010-10-11 19:35:11.000000000 +0200
431 +++ coreutils-8.7/tests/misc/help-version 2010-11-15 10:45:18.473682325 +0100
432 @@ -32,6 +32,7 @@ expected_failure_status_nohup=125
433 expected_failure_status_stdbuf=125
434 expected_failure_status_su=125
435 expected_failure_status_timeout=125
436 +expected_failure_status_runuser=125
437 expected_failure_status_printenv=2
438 expected_failure_status_tty=3
439 expected_failure_status_sort=2
440 @@ -209,6 +210,7 @@ seq_setup () { args=10; }
441 sleep_setup () { args=0; }
442 su_setup () { args=--version; }
443 stdbuf_setup () { args="-oL true"; }
444 +runuser_setup () { args=--version; }
445 timeout_setup () { args=--version; }
447 # I'd rather not run sync, since it spins up disks that I've
448 diff -urNp coreutils-8.7-orig/tests/misc/invalid-opt coreutils-8.7/tests/misc/invalid-opt
449 --- coreutils-8.7-orig/tests/misc/invalid-opt 2010-10-11 19:35:11.000000000 +0200
450 +++ coreutils-8.7/tests/misc/invalid-opt 2010-11-15 10:45:46.451938873 +0100
451 @@ -37,6 +37,7 @@ my %exit_status =