Index: doc/coreutils.info =================================================================== --- doc/coreutils.info.orig +++ doc/coreutils.info @@ -12796,6 +12796,10 @@ and optionally successful, `su' attempts `syslog'.) However, GNU `su' does not check if the user is a member of the `wheel' group; see below. + If the environment variable SU_COMMAND_SAME_SESSION is set, su will +not open a new session for running a command thus making -c behaves just +like -C. + The program accepts the following options. Also see *note Common options::. @@ -12804,6 +12808,12 @@ options::. Pass COMMAND, a single command line to run, to the shell with a `-c' option instead of starting an interactive shell. +`-C COMMAND' +`--session-command=COMMAND' + Pass COMMAND, a single command line to run, to the shell with a + `-c' option instead of starting an interactive and do not create + a new session for it. + `-f' `--fast' Pass the `-f' option to the shell. This probably only makes sense Index: src/su.c =================================================================== --- src/su.c.orig +++ src/su.c @@ -141,6 +141,9 @@ static bool simulate_login; /* If true, change some environment vars to indicate the user su'd to. */ static bool change_environment; +/* If true, then don't call setsid() with a command. */ +int same_session = 0; + #ifdef USE_PAM static bool _pam_session_opened; static bool _pam_cred_established; @@ -149,6 +152,7 @@ static bool _pam_cred_established; static struct option const longopts[] = { {"command", required_argument, NULL, 'c'}, + {"session-command", required_argument, NULL, 'C'}, {"fast", no_argument, NULL, 'f'}, {"login", no_argument, NULL, 'l'}, {"preserve-environment", no_argument, NULL, 'p'}, @@ -326,14 +330,29 @@ create_watching_parent (void) sigemptyset (&action.sa_mask); action.sa_flags = 0; sigemptyset (&ourset); - if (sigaddset (&ourset, SIGTERM) - || sigaddset (&ourset, SIGALRM) - || sigaction (SIGTERM, &action, NULL) - || sigprocmask (SIG_UNBLOCK, &ourset, NULL)) - { + + if (!same_session) + { + if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT)) + { + error (0, errno, _("cannot set signal handler")); + caught_signal = true; + } + } + if (!caught_signal && (sigaddset(&ourset, SIGTERM) + || sigaddset(&ourset, SIGALRM) + || sigaction(SIGTERM, &action, NULL) + || sigprocmask(SIG_UNBLOCK, &ourset, NULL))) + { error (0, errno, _("cannot set signal handler")); caught_signal = true; } + if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL) + || sigaction(SIGQUIT, &action, NULL))) + { + error (0, errno, _("cannot set signal handler")); + caught_signal = true; + } } if (!caught_signal) { @@ -750,6 +769,8 @@ Change the effective user id and group i \n\ -, -l, --login make the shell a login shell\n\ -c, --command=COMMAND pass a single COMMAND to the shell with -c\n\ + --session-command=COMMAND pass a single COMMAND to the shell with -c\n\ + and do not create a new session\n\ -f, --fast pass -f to the shell (for csh or tcsh)\n\ -m, --preserve-environment do not reset environment variables\n\ -p same as -m\n\ @@ -772,6 +793,7 @@ main (int argc, char **argv) int optc; const char *new_user = DEFAULT_USER; char *command = NULL; + int request_same_session = 0; char *shell = NULL; struct passwd *pw; struct passwd pw_copy; @@ -795,6 +817,14 @@ main (int argc, char **argv) { case 'c': command = optarg; + if (NULL != getenv ("SU_COMMAND_SAME_SESSION") || + NULL != getenv ("SU_COMMAND_OPENS_SESSION")) + request_same_session = 1; + break; + + case 'C': + command = optarg; + request_same_session = 1; break; case 'f': @@ -867,6 +897,9 @@ main (int argc, char **argv) } #endif + if (request_same_session || !command || !pw->pw_uid) + same_session = 1; + if (!shell && !change_environment) shell = getenv ("SHELL"); if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) @@ -889,6 +922,9 @@ main (int argc, char **argv) change_identity (pw); + if (!same_session) + setsid (); + /* Set environment after pam_open_session, which may put KRB5CCNAME into the pam_env, etc. */