summaryrefslogtreecommitdiffstats
path: root/usr.bin/su
Commit message (Collapse)AuthorAgeFilesLines
* Make check for unknown login class actually work. Previously, using the ↵trasz2013-08-121-0/+2
| | | | | | | "-c" option with login class not defined in login.conf(5) would silently fail, resulting in using the default login class.
* In su(1), fix option ordering and clarify that the login class specifiedtrasz2013-08-111-5/+7
| | | | | | must be defined in login.conf. MFC after: 1 month
* Undo r226423.ed2011-10-161-0/+2
| | | | | It seems su does build without warnings, but it requires a small fix to libbsm headers, which I have not committed to SVN yet.
* Remove WARNS line. This tool builds with WARNS=6 properly.ed2011-10-161-2/+0
|
* Attempt to clear up some confusion in the following example, by statinggjb2011-06-061-0/+6
| | | | | | | | | | the '-c' argument is passed to the shell, not to su(1), which would indicate the login class. 'su -m <user> -c <command>' Submitted by: Warren Block <wblock@wonkity.com> (followup to 157078) MFC after: 5 days
* Bump date from previous commit. :(gjb2011-06-061-1/+1
| | | | MFC after: 5 days
* Document that when running 'su -m <user> -c <command>', <command> is rungjb2011-06-061-4/+4
| | | | | | | | within a shell as <user>. PR: 157078 Submitted by: Warren Block <wblock@wonkity.com> MFC after: 5 days
* getpwnam(3) may return NULL.ume2011-03-271-3/+4
| | | | | | Requested by: nork Reviewed by: Takeharu KATO <takeharu1219__at__ybb.ne.jp>, nork MFC after: 1 week
* Remove the advertising clause from UCB copyrighted files in usr.bin. Thisjoel2010-12-112-8/+0
| | | | | | | | | is in accordance with the information provided at ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change Also add $FreeBSD$ to a few files to keep svn happy. Discussed with: imp, rwatson
* Build usr.bin/ with WARNS=6 by default.ed2010-01-021-0/+2
| | | | Also add some missing $FreeBSD$ to keep svn happy.
* Revert most part of 200420 as requested, as more review and polish isdelphij2009-12-131-0/+1
| | | | needed.
* Remove unneeded header includes from usr.bin/ except contributed code.delphij2009-12-111-1/+0
| | | | Tested with: make universe
* Fixup the parameters to audit_submit(3) the order is errno then returncsjp2009-04-041-7/+7
| | | | | | | value. This bug went un-noticed for so long because EPERM == 1 MFC after: 1 week Spotted by: sson, rwatson
* - add the -m option to the example commands because they would fail w/o itdanger2008-07-011-4/+9
| | | | | | | | as the ``man'' user does not have a valid shell by default. PR: docs/121713 Approved by: trhodes MFC after: 3 days
* Fix a strict aliasing warning - I think it is really telling usdwmalone2008-06-041-2/+3
| | | | | that the way char * and void * pointers may not be stored in the same way.
* The upper while loop has already recycled child process, so the ifdavidxu2007-10-181-3/+1
| | | | | | statement has never executed as expected, fix it. MFC after: 3 days
* Stop mentioning /usr/X11R6.delphij2007-07-241-2/+2
| | | | Approved by: re (hrs)
* Significantly reduce the memory leak as noted in BUGS section forscf2007-07-041-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | setenv(3) by tracking the size of the memory allocated instead of using strlen() on the current value. Convert all calls to POSIX from historic BSD API: - unsetenv returns an int. - putenv takes a char * instead of const char *. - putenv no longer makes a copy of the input string. - errno is set appropriately for POSIX. Exceptions involve bad environ variable and internal initialization code. These both set errno to EFAULT. Several patches to base utilities to handle the POSIX changes from Andrey Chernov's previous commit. A few I re-wrote to use setenv() instead of putenv(). New regression module for tools/regression/environ to test these functions. It also can be used to test the performance. Bump __FreeBSD_version to 700050 due to API change. PR: kern/99826 Approved by: wes Approved by: re (kensmith)
* Back out all POSIXified *env() changes.ache2007-05-011-3/+2
| | | | | | | | | Not because I admit they are technically wrong and not because of bug reports (I receive nothing). But because I surprisingly meets so strong opposition and resistance so lost any desire to continue that. Anyone who interested in POSIX can dig out what changes and how through cvs diffs.
* Prepare for upcoming POSIXed putenv() rewrite:ache2007-04-301-2/+3
| | | | don't free memory after putenv()
* Backout previous change (SIGSYS related). The fix has been applied to thesobomax2006-10-241-2/+0
| | | | | | proper place. Pointed out by: rwatson
* Ignore SIGSYS when BSM is compiled in. Otherwise, attempt to invoke su onsobomax2006-10-241-0/+2
| | | | | | | | | | | | | | | | | system that don't have audit framefork compiled into kernel or ia32 binary on amd64 system will result in SIGSYS. There is one place in su.c itself where it tries to check for errno != ENOSYS, but it has been a nop since su does not catch SIGSYS anyway. There are few other places in libbsm, where attempt to invoke audit syscal would result in SIGSYS if no audit support is present in the kernel, so that the only reliable method for now is to disable SIGSYS completely in the case when BSM is compiled in. In the long run, both direct invocation of audit-related syscalls and libbsm should be made more intellegent to handle the case when BSM is not compiled into the kernel gracefully. MFC after: 3 days (provided re@ approval)
* Markup fixes.ru2006-09-291-3/+3
|
* Do not chdir(2) until after setuid(2), otherwise "su - username" would failluoqi2006-09-291-6/+4
| | | | | | when root doesn't have the permission to enter target user's home directory. If set, PAM environment variable HOME will be used in chdir(2) instead of pwd->pw_dir, this allows pam_chroot module to continue to function.
* Remove references to the pam(8) manual page. It does not exist.joel2006-09-131-2/+1
| | | | | Requested by: novel Discussed with: brueffer, simon
* Integrate audit_submit(3) bits into su. This means that records forcsjp2006-09-012-6/+76
| | | | | | | | | | | | successful and failed su attempts will be recorded using the AUE_su event type (login or lo class) if auditing is present in the system. Currently, the records will have a header, subject, text (with the actual diagnostics), a return and trailer token. See audit_submit(3) for more information. Reviewed by: rwatson Obtained from: TrustedBSD Project
* - Mention that users need to be in the wheel group to `su - root' by ↵brd2006-01-281-3/+17
| | | | | | | | | | default, and how to change it. PR: docs/70616 Submitted by: Jilles Tjoelker <jilles at stack dot nl> Reviewed by: ru@ Approved by: ceri@ MFC after: 3 days
* Fix the other su bug reintroduced two commits ago, namelybrian2006-01-031-1/+14
| | | | | | | | | | | | | $ su % kill -STOP $$ where su is executing (t)csh. csh's job handling is a little more special than that of (a)sh, bash and even zsh and blows up a little more spectacularly. This modification restores the original mucking about with the tty pgrp, but is careful to only do it when su (or su's child) is the foreground process. While I'm here, fix a STDERR_FILENO spelling as suggested by bde.
* Handle the case (that I just broke) where the following hangs:brian2006-01-021-1/+3
| | | | | | | $ su # kill -STOP $$ Pointed out by: David Xu <davidxu@freebsd.org>
* Remove broken code that mucks about with tcsetpgrp() -- even ifbrian2006-01-021-7/+0
| | | | | | | | | | | | | | | | | | | | su isn't the foreground process. Hopefully this won't break PAM, but I couldn't find any useful information about ache's theory that it will. Specifically, this change fixes the following: # sh # echo $$ # su - root -c id & # echo $$ The PID output changes as su seems to be kill -STOP'ing itself and catching the parent shell in the process. This is especially bad if you add a ``su - user -c command &'' to an rc script! Sponsored by: Sophos/Activestate Not objected to by: des
* Sort sections.ru2005-01-181-14/+14
|
* If su(1) is run without an effective uid of 0, generate an error torwatson2005-01-171-3/+33
| | | | | | | | | the user indicating that su is not running setuid, which may help suggest to the user that it should be setuid, or should not be running from a file system mounted nosuid. Suggsted by: Ivan Voras <ivoras at fer dot hr> MFC after: 2 weeks
* Introduce the PRECIOUSPROG knob in bsd.prog.mk, similarru2004-11-031-1/+1
| | | | | | | | to PRECIOUSLIB from bsd.lib.mk. The side effect of this is making installing the world under jail(8) possible by using another knob, NOFSCHG. Reviewed by: oliver
* Bump document date for last commit.simon2004-10-041-1/+1
| | | | Noticed by: ru
* PAM configuration is now in /etc/pam.d/su.simon2004-10-031-7/+4
| | | | | | Submitted by: Jilles Tjoelker <jilles@stack.nl> (original version) PR: docs/70616 (part of) MFC after: 1 week
* Deal with double whitespace.ru2004-07-031-1/+1
|
* Mechanically kill hard sentence breaks.ru2004-07-021-1/+2
|
* Oops. My last commit included a bug that would make "su -m" alwaysmarkm2004-06-151-2/+0
| | | | use /bin/sh. Fix this.
* Paranoia, WARNS fixes and lint.markm2004-06-131-19/+19
|
* Bumped the document date.ru2004-05-191-2/+2
| | | | Fixed the grammar nit.
* Add FBSDID. Do not dot terminate errx(3) string.charnier2004-04-041-5/+6
|
* Fixed style of assignments.ru2004-02-021-2/+2
|
* When root tries to su to a non-existent user, pam_authenticate() willdes2004-01-061-4/+4
| | | | | | | | | normally succeed (because root can su to anyone), but pam_acct_mgmt() will most likely fail, causing su to log a confusing "pam_acct_mgmt: error in service module" message. To avoid this, call getpwnam() before pam_acct_mgmt(). Sponsored by: registrar.no
* Be sure to restore foreground group to parent su before parent sudavidxu2003-11-041-1/+2
| | | | | exits, otherwise shell will be confused and does not set foreground group correctly for next su command. This sounds like a bug in sh.
* It seems when su executes in a shell scripts, there is a timing race,davidxu2003-11-031-0/+2
| | | | | | | | sometimes, su will receive a SIGTTOU when parent su tries to set child su's process group as foreground group, and su will be stopped unexpectly, ignoring SIGTTOU fixes the problem. Noticed by: fjoe
* Fix broken su -m behaviour :cognet2003-10-191-4/+2
| | | | | | | chshell must return 0 if the shell is not a standard shell, or else it is possible to use an account without a valid shell. Reviewed by: des
* - Clarification to how command line arguments are processed.kensmith2003-09-281-0/+5
| | | | | | PR: docs/55613 Submitted by: gshapiro@freebsd.org Approved by: blackend (mentor)
* typocharnier2003-06-081-1/+1
|
* PAM-related improvements:des2003-04-081-37/+59
| | | | | | | | - if operating "as them" (su -l), use pam_{open,close}_session() - allow PAM to override $HOME (pam_chroot needs this) - chdir early, because later on we may be chrooted and chdir will fail Also use pid_t instead of int where applicable.
* Put child process in a different process group, ensure that the broadcastdavidxu2003-03-271-6/+22
| | | | | | | | signal never affects su directly, some shells changes its pgrp at running or suspended time, so a broadcast SIGTSTP from child will mess up su's job control. Discussed with: bde
OpenPOWER on IntegriCloud