2010-11-16 14:35:27 +01:00
|
|
|
From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
|
|
|
Date: Tue, 17 Aug 2010 08:59:35 +0200
|
|
|
|
|
Subject: [PATCH 2/7] update man page for pam
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
doc/coreutils.texi | 34 +++++-----------------------------
|
|
|
|
|
1 files changed, 5 insertions(+), 29 deletions(-)
|
|
|
|
|
|
2011-01-03 20:39:07 +01:00
|
|
|
Index: doc/coreutils.texi
|
|
|
|
|
===================================================================
|
2011-01-05 14:31:58 +01:00
|
|
|
--- doc/coreutils.texi.orig 2011-01-05 14:27:40.715232991 +0100
|
|
|
|
|
+++ doc/coreutils.texi 2011-01-05 14:27:41.929267939 +0100
|
|
|
|
|
@@ -15290,8 +15290,11 @@ to certain shells, etc.).
|
2010-11-16 14:35:27 +01:00
|
|
|
@findex syslog
|
|
|
|
|
@command{su} can optionally be compiled to use @code{syslog} to report
|
|
|
|
|
failed, and optionally successful, @command{su} attempts. (If the system
|
|
|
|
|
-supports @code{syslog}.) However, GNU @command{su} does not check if the
|
|
|
|
|
-user is a member of the @code{wheel} group; see below.
|
|
|
|
|
+supports @code{syslog}.)
|
|
|
|
|
+
|
|
|
|
|
+This version of @command{su} has support for using PAM for
|
|
|
|
|
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
|
|
|
|
|
+to customize its behaviour.
|
|
|
|
|
|
|
|
|
|
The program accepts the following options. Also see @ref{Common options}.
|
|
|
|
|
|
2011-01-05 14:31:58 +01:00
|
|
|
@@ -15372,33 +15375,6 @@ Exit status:
|
2010-11-16 14:35:27 +01:00
|
|
|
the exit status of the subshell otherwise
|
|
|
|
|
@end display
|
|
|
|
|
|
|
|
|
|
-@cindex wheel group, not supported
|
|
|
|
|
-@cindex group wheel, not supported
|
|
|
|
|
-@cindex fascism
|
|
|
|
|
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
|
|
|
|
|
-
|
|
|
|
|
-(This section is by Richard Stallman.)
|
|
|
|
|
-
|
|
|
|
|
-@cindex Twenex
|
|
|
|
|
-@cindex MIT AI lab
|
|
|
|
|
-Sometimes a few of the users try to hold total power over all the
|
|
|
|
|
-rest. For example, in 1984, a few users at the MIT AI lab decided to
|
|
|
|
|
-seize power by changing the operator password on the Twenex system and
|
|
|
|
|
-keeping it secret from everyone else. (I was able to thwart this coup
|
|
|
|
|
-and give power back to the users by patching the kernel, but I
|
|
|
|
|
-wouldn't know how to do that in Unix.)
|
|
|
|
|
-
|
|
|
|
|
-However, occasionally the rulers do tell someone. Under the usual
|
|
|
|
|
-@command{su} mechanism, once someone learns the root password who
|
|
|
|
|
-sympathizes with the ordinary users, he or she can tell the rest. The
|
|
|
|
|
-``wheel group'' feature would make this impossible, and thus cement the
|
|
|
|
|
-power of the rulers.
|
|
|
|
|
-
|
|
|
|
|
-I'm on the side of the masses, not that of the rulers. If you are
|
|
|
|
|
-used to supporting the bosses and sysadmins in whatever they do, you
|
|
|
|
|
-might find this idea strange at first.
|
|
|
|
|
-
|
|
|
|
|
-
|
|
|
|
|
@node timeout invocation
|
|
|
|
|
@section @command{timeout}: Run a command with a time limit
|
|
|
|
|
|
