e908c3f93e
OBS-URL: https://build.opensuse.org/request/show/53149 OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=21
65 lines
2.3 KiB
Diff
65 lines
2.3 KiB
Diff
From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
Date: Tue, 17 Aug 2010 08:59:35 +0200
|
|
Subject: [PATCH 2/7] update man page for pam
|
|
|
|
---
|
|
doc/coreutils.texi | 34 +++++-----------------------------
|
|
1 files changed, 5 insertions(+), 29 deletions(-)
|
|
|
|
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
|
|
index 4d17ed1..27681da 100644
|
|
--- a/doc/coreutils.texi
|
|
+++ b/doc/coreutils.texi
|
|
@@ -15172,8 +15172,11 @@ to certain shells, etc.).
|
|
@findex syslog
|
|
@command{su} can optionally be compiled to use @code{syslog} to report
|
|
failed, and optionally successful, @command{su} attempts. (If the system
|
|
-supports @code{syslog}.) However, GNU @command{su} does not check if the
|
|
-user is a member of the @code{wheel} group; see below.
|
|
+supports @code{syslog}.)
|
|
+
|
|
+This version of @command{su} has support for using PAM for
|
|
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
|
|
+to customize its behaviour.
|
|
|
|
The program accepts the following options. Also see @ref{Common options}.
|
|
|
|
@@ -15254,33 +15257,6 @@ Exit status:
|
|
the exit status of the subshell otherwise
|
|
@end display
|
|
|
|
-@cindex wheel group, not supported
|
|
-@cindex group wheel, not supported
|
|
-@cindex fascism
|
|
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
|
|
-
|
|
-(This section is by Richard Stallman.)
|
|
-
|
|
-@cindex Twenex
|
|
-@cindex MIT AI lab
|
|
-Sometimes a few of the users try to hold total power over all the
|
|
-rest. For example, in 1984, a few users at the MIT AI lab decided to
|
|
-seize power by changing the operator password on the Twenex system and
|
|
-keeping it secret from everyone else. (I was able to thwart this coup
|
|
-and give power back to the users by patching the kernel, but I
|
|
-wouldn't know how to do that in Unix.)
|
|
-
|
|
-However, occasionally the rulers do tell someone. Under the usual
|
|
-@command{su} mechanism, once someone learns the root password who
|
|
-sympathizes with the ordinary users, he or she can tell the rest. The
|
|
-``wheel group'' feature would make this impossible, and thus cement the
|
|
-power of the rulers.
|
|
-
|
|
-I'm on the side of the masses, not that of the rulers. If you are
|
|
-used to supporting the bosses and sysadmins in whatever they do, you
|
|
-might find this idea strange at first.
|
|
-
|
|
-
|
|
@node timeout invocation
|
|
@section @command{timeout}: Run a command with a time limit
|
|
|
|
--
|
|
1.7.1
|
|
|