diff options
Diffstat (limited to 'eBones/man/ksu.1')
| -rw-r--r-- | eBones/man/ksu.1 | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/eBones/man/ksu.1 b/eBones/man/ksu.1 new file mode 100644 index 0000000..fe434d3 --- /dev/null +++ b/eBones/man/ksu.1 @@ -0,0 +1,83 @@ +.\" from: ksu.1,v 4.1 89/01/23 11:38:16 jtkohl Exp $ +.\" $Id: ksu.1,v 1.2 1994/07/19 19:27:57 g89r4222 Exp $ +.\" +.\" Copyright (c) 1988 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms are permitted +.\" provided that the above copyright notice and this paragraph are +.\" duplicated in all such forms and that any documentation, +.\" advertising materials, and other materials related to such +.\" distribution and use acknowledge that the software was developed +.\" by the University of California, Berkeley. The name of the +.\" University may not be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" @(#)su.1 6.7 (Berkeley) 12/7/88 +.\" +.TH KSU 1 "Kerberos Version 4.0" "MIT Project Athena" +.UC +.SH NAME +ksu \- substitute user id, using Kerberos +.SH SYNOPSIS +.B ksu +[-flm] [login] +.SH DESCRIPTION +\fIKsu\fP requests the password for \fIlogin\fP (or for ``root'', if no +login is provided), and switches to that user and group ID. A shell is +then invoked. +.PP +By default, your environment is unmodified with the exception of +\fIUSER\fP, \fIHOME\fP, and \fISHELL\fP. \fIHOME\fP and \fISHELL\fP +are set to the target login's \fI/etc/passwd\fP values. \fIUSER\fP +is set to the target login, unless the target login has a UID of 0, +in which case it is unmodified. The invoked shell is the target +login's. This is the traditional behavior of \fIksu\fP. +.PP +The \fI-l\fP option simulates a full login. The environment is discarded +except for \fIHOME\fP, \fISHELL\fP, \fIPATH\fP, \fITERM\fP, and \fIUSER\fP. +\fIHOME\fP and \fISHELL\fP are modified as above. \fIUSER\fP is set to +the target login. \fIPATH\fP is set to ``/usr/ucb:/bin:/usr/bin''. +\fITERM\fP is imported from your current environment. The invoked shell +is the target login's, and \fIksu\fP will change directory to the target +login's home directory. +.PP +The \fI-m\fP option causes the environment to remain unmodified, and +the invoked shell to be your login shell. No directory changes are +made. As a security precaution, if the +.I -m +option is specified, the target user's shell is a non-standard shell +(as defined by \fIgetusershell\fP(3)) and the caller's real uid is +non-zero, +.I su +will fail. +.PP +If the invoked shell is \fIcsh\fP, the \fI-f\fP option prevents it from +reading the \fI.cshrc\fP file. Otherwise, this option is ignored. +.PP +Only users with root instances listed in /\&.klogin may \fIksu\fP to +``root'' (The format of this file is described by \fIrlogin\fP(1).). When +attempting root access, \fIksu\fP attempts to fetch a +ticket-granting-ticket for ``username.root@localrealm'', where +\fIusername\fP is the username of the process. If possible, the tickets +are used to obtain, use, and verify tickets for the service +``rcmd.host@localrealm'' where \fIhost\fP is the canonical host name (as +determined by +.IR krb_get_phost (3)) +of the machine. If this verification +fails, the \fIksu\fP is disallowed (If the service +``rcmd.host@localrealm'' is not registered, the \fIksu\fP is allowed.). +.PP +By default (unless the prompt is reset by a startup file) the super-user +prompt is set to ``#'' to remind one of its awesome power. +.PP +When not attempting to switch to the ``root'' user, +.I ksu +behaves exactly like +.IR su (1). +.SH "SEE ALSO" +su(1), csh(1), login(1), rlogin(1), sh(1), krb_get_phost(3), passwd(5), +group(5), environ(7) |
