SHA256
1
0
forked from pool/coreutils
coreutils/coreutils-su.patch
Bernhard Voelker 767847bef8 Accepting request 163146 from home:bernhard-voelker
- Update to 8.21 (2013-02-14) [stable]
- Port su(1) deleted upstreams from previous OS package
- Fix multibyte issue in unexpand (rh#821262)

OBS-URL: https://build.opensuse.org/request/show/163146
OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=183
2013-04-08 12:07:25 +00:00

1665 lines
45 KiB
Diff

From: Bernhard Voelker <mail@bernhard-voelker.de>
Date: Tue, 19 Mar 2013 17:00:00 +0200
Subject: add su again for compatibility
As su(1) has been moved from coreutils to util-linux upstreams, this package
must provide it via compatibility symlinks to the old coreutils version.
This is needed until there is a newer version of the receiving util-linux
package available which would then provide su.
---
doc/coreutils.texi | 141 +++++++
man/local.mk | 2
man/su.x | 4
po/coreutils.pot | 67 +++
src/cu-progs.mk | 1
src/getdef.c | 259 +++++++++++++
src/getdef.h | 29 +
src/local.mk | 6
src/su.c | 945 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/local.mk | 1
tests/misc/su-fail.sh | 30 +
11 files changed, 1483 insertions(+), 2 deletions(-)
Index: src/cu-progs.mk
===================================================================
--- src/cu-progs.mk.orig
+++ src/cu-progs.mk
@@ -87,6 +87,7 @@ default__progs += src/sleep
default__progs += src/sort
default__progs += src/split
default__progs += src/stat
+default__progs += src/su
default__progs += src/sum
default__progs += src/sync
default__progs += src/tac
Index: src/local.mk
===================================================================
--- src/local.mk.orig
+++ src/local.mk
@@ -205,6 +205,12 @@ src_who_LDADD = $(LDADD)
src_whoami_LDADD = $(LDADD)
src_yes_LDADD = $(LDADD)
+
+src_su_CFLAGS = -fpie -DUSE_PAM=1
+src_su_LDFLAGS = -pie
+PAM_LIBS = -lpam -lpam_misc
+src_su_LDADD = src/getdef.c $(LDADD) -lcrypt $(PAM_LIBS)
+
# Synonyms. Recall that Automake transliterates '[' and '/' to '_'.
src___LDADD = $(src_test_LDADD)
src_dir_LDADD = $(src_ls_LDADD)
Index: src/su.c
===================================================================
--- /dev/null
+++ src/su.c
@@ -0,0 +1,945 @@
+/* su for GNU. Run a shell with substitute user and group IDs.
+ Copyright (C) 1992-2012 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Run a shell with the real and effective UID and GID and groups
+ of USER, default 'root'.
+
+ The shell run is taken from USER's password entry, /bin/sh if
+ none is specified there. If the account has a password, su
+ prompts for a password unless run by a user with real UID 0.
+
+ Does not change the current directory.
+ Sets 'HOME' and 'SHELL' from the password entry for USER, and if
+ USER is not root, sets 'USER' and 'LOGNAME' to USER.
+ The subshell is not a login shell.
+
+ If one or more ARGs are given, they are passed as additional
+ arguments to the subshell.
+
+ Does not handle /bin/sh or other shells specially
+ (setting argv[0] to "-su", passing -c only to certain shells, etc.).
+ I don't see the point in doing that, and it's ugly.
+
+ This program intentionally does not support a "wheel group" that
+ restricts who can su to UID 0 accounts. RMS considers that to
+ be fascist.
+
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.d/su
+
+#endif
+
+ Compile-time options:
+ -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
+ -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
+
+ -DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
+ Never logs attempted su's to nonexistent accounts.
+
+ Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
+
+#include <config.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <signal.h>
+#include <sys/wait.h>
+#include <sys/fsuid.h>
+#endif
+
+#include "system.h"
+#include "getpass.h"
+
+#if HAVE_SYSLOG_H && HAVE_SYSLOG
+# include <syslog.h>
+# define SYSLOG_SUCCESS 1
+# define SYSLOG_FAILURE 1
+# define SYSLOG_NON_ROOT 1
+#else
+# undef SYSLOG_SUCCESS
+# undef SYSLOG_FAILURE
+# undef SYSLOG_NON_ROOT
+#endif
+
+#if HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+
+#ifndef HAVE_ENDGRENT
+# define endgrent() ((void) 0)
+#endif
+
+#ifndef HAVE_ENDPWENT
+# define endpwent() ((void) 0)
+#endif
+
+#if HAVE_SHADOW_H
+# include <shadow.h>
+#endif
+
+#include "error.h"
+
+/* The official name of this program (e.g., no 'g' prefix). */
+#define PROGRAM_NAME "su"
+
+#define AUTHORS proper_name ("David MacKenzie")
+
+#if HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+#include "getdef.h"
+
+/* The default PATH for simulated logins to non-superuser accounts. */
+#define DEFAULT_LOGIN_PATH "/usr/local/bin:/bin:/usr/bin"
+
+/* The default PATH for simulated logins to superuser accounts. */
+#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin"
+
+/* The shell to run if none is given in the user's passwd entry. */
+#define DEFAULT_SHELL "/bin/sh"
+
+/* The user to become if none is specified. */
+#define DEFAULT_USER "root"
+
+#ifndef USE_PAM
+char *crypt (char const *key, char const *salt);
+#endif
+
+static void run_shell (char const *, char const *, char **, size_t)
+ ATTRIBUTE_NORETURN;
+
+/* If true, pass the '-f' option to the subshell. */
+static bool fast_startup;
+
+/* If true, simulate a login instead of just starting a shell. */
+static bool simulate_login;
+
+/* If true, change some environment vars to indicate the user su'd to. */
+static bool change_environment;
+
+/* If true, then don't call setsid() with a command. */
+int same_session = 0;
+
+#ifdef USE_PAM
+static bool _pam_session_opened;
+static bool _pam_cred_established;
+#endif
+
+static struct option const longopts[] =
+{
+ {"command", required_argument, NULL, 'c'},
+ {"session-command", required_argument, NULL, 'C'},
+ {"fast", no_argument, NULL, 'f'},
+ {"login", no_argument, NULL, 'l'},
+ {"preserve-environment", no_argument, NULL, 'p'},
+ {"shell", required_argument, NULL, 's'},
+ {GETOPT_HELP_OPTION_DECL},
+ {GETOPT_VERSION_OPTION_DECL},
+ {NULL, 0, NULL, 0}
+};
+
+/* Add NAME=VAL to the environment, checking for out of memory errors. */
+
+static void
+xsetenv (char const *name, char const *val)
+{
+ size_t namelen = strlen (name);
+ size_t vallen = strlen (val);
+ char *string = xmalloc (namelen + 1 + vallen + 1);
+ strcpy (string, name);
+ string[namelen] = '=';
+ strcpy (string + namelen + 1, val);
+ if (putenv (string) != 0)
+ xalloc_die ();
+}
+
+#if defined SYSLOG_SUCCESS || defined SYSLOG_FAILURE
+/* Log the fact that someone has run su to the user given by PW;
+ if SUCCESSFUL is true, they gave the correct password, etc. */
+
+static void
+log_su (struct passwd const *pw, bool successful)
+{
+ const char *new_user, *old_user, *tty;
+
+# ifndef SYSLOG_NON_ROOT
+ if (pw->pw_uid)
+ return;
+# endif
+ new_user = pw->pw_name;
+ /* The utmp entry (via getlogin) is probably the best way to identify
+ the user, especially if someone su's from a su-shell. */
+ old_user = getlogin ();
+ if (!old_user)
+ {
+ /* getlogin can fail -- usually due to lack of utmp entry.
+ Resort to getpwuid. */
+ errno = 0;
+ uid_t ruid = getuid ();
+ uid_t NO_UID = -1;
+ struct passwd *pwd = (ruid == NO_UID && errno ? NULL : getpwuid (ruid));
+ old_user = (pwd ? pwd->pw_name : "");
+ }
+ tty = ttyname (STDERR_FILENO);
+ if (!tty)
+ tty = "none";
+ /* 4.2BSD openlog doesn't have the third parameter. */
+ openlog (last_component (program_name), 0
+# ifdef LOG_AUTH
+ , LOG_AUTH
+# endif
+ );
+ syslog (LOG_NOTICE,
+# ifdef SYSLOG_NON_ROOT
+ "%s(to %s) %s on %s",
+# else
+ "%s%s on %s",
+# endif
+ successful ? "" : "FAILED SU ",
+# ifdef SYSLOG_NON_ROOT
+ new_user,
+# endif
+ old_user, tty);
+ closelog ();
+}
+#endif
+
+#ifdef USE_PAM
+#define PAM_SERVICE_NAME PROGRAM_NAME
+#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l"
+static sig_atomic_t volatile caught_signal = false;
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv =
+{
+ misc_conv,
+ NULL
+};
+
+#define PAM_BAIL_P(a) \
+ if (retval) \
+ { \
+ pam_end (pamh, retval); \
+ a; \
+ }
+
+static void
+cleanup_pam (int retcode)
+{
+ if (_pam_session_opened)
+ pam_close_session (pamh, 0);
+
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ pam_end(pamh, retcode);
+}
+
+/* Signal handler for parent process. */
+static void
+su_catch_sig (int sig)
+{
+ caught_signal = true;
+}
+
+/* Export env variables declared by PAM modules. */
+static void
+export_pamenv (void)
+{
+ char **env;
+
+ /* This is a copy but don't care to free as we exec later anyways. */
+ env = pam_getenvlist (pamh);
+ while (env && *env)
+ {
+ if (putenv (*env) != 0)
+ xalloc_die ();
+ env++;
+ }
+}
+
+static void
+create_watching_parent (void)
+{
+ pid_t child;
+ sigset_t ourset;
+ int status = 0;
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ cleanup_pam (retval);
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
+ pam_strerror (pamh, retval));
+ }
+ else
+ _pam_session_opened = 1;
+
+ child = fork ();
+ if (child == (pid_t) -1)
+ {
+ cleanup_pam (PAM_ABORT);
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
+ }
+
+ /* the child proceeds to run the shell */
+ if (child == 0)
+ return;
+
+ /* In the parent watch the child. */
+
+ /* su without pam support does not have a helper that keeps
+ sitting on any directory so let's go to /. */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot block signals"));
+ caught_signal = true;
+ }
+ if (!caught_signal)
+ {
+ struct sigaction action;
+ action.sa_handler = su_catch_sig;
+ sigemptyset (&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset (&ourset);
+
+ if (!same_session)
+ {
+ if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal && (sigaddset(&ourset, SIGTERM)
+ || sigaddset(&ourset, SIGALRM)
+ || sigaction(SIGTERM, &action, NULL)
+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL)
+ || sigaction(SIGQUIT, &action, NULL)))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal)
+ {
+ pid_t pid;
+ for (;;)
+ {
+ pid = waitpid (child, &status, WUNTRACED);
+
+ if (pid != (pid_t)-1 && WIFSTOPPED (status))
+ {
+ kill (getpid (), SIGSTOP);
+ /* once we get here, we must have resumed */
+ kill (pid, SIGCONT);
+ }
+ else
+ break;
+ }
+ if (pid != (pid_t)-1)
+ if (WIFSIGNALED (status))
+ status = WTERMSIG (status) + 128;
+ else
+ status = WEXITSTATUS (status);
+ else
+ status = 1;
+ }
+ else
+ status = 1;
+
+ if (caught_signal)
+ {
+ fprintf (stderr, _("\nSession terminated, killing shell..."));
+ kill (child, SIGTERM);
+ }
+
+ cleanup_pam (PAM_SUCCESS);
+
+ if (caught_signal)
+ {
+ sleep (2);
+ kill (child, SIGKILL);
+ fprintf (stderr, _(" ...killed.\n"));
+ }
+ exit (status);
+}
+#endif
+
+/* Ask the user for a password.
+ If PAM is in use, let PAM ask for the password if necessary.
+ Return true if the user gives the correct password for entry PW,
+ false if not. Return true without asking for a password if run by UID 0
+ or if PW has an empty password. */
+
+static bool
+correct_password (const struct passwd *pw)
+{
+#ifdef USE_PAM
+ const struct passwd *lpw;
+ const char *cp;
+
+ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
+ pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P (return false);
+
+ if (isatty (0) && (cp = ttyname (0)) != NULL)
+ {
+ const char *tty;
+
+ if (strncmp (cp, "/dev/", 5) == 0)
+ tty = cp + 5;
+ else
+ tty = cp;
+ retval = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_BAIL_P (return false);
+ }
+#if 0 /* Manpage discourages use of getlogin. */
+ cp = getlogin ();
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
+#endif
+ lpw = getpwuid (getuid ());
+ if (lpw && lpw->pw_name)
+ {
+ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
+ PAM_BAIL_P (return false);
+ }
+ retval = pam_authenticate (pamh, 0);
+ PAM_BAIL_P (return false);
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD)
+ {
+ /* Password has expired. Offer option to change it. */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P (return false);
+ }
+ PAM_BAIL_P (return false);
+ /* Must be authenticated if this point was reached. */
+ return true;
+#else /* !USE_PAM */
+ char *unencrypted, *encrypted, *correct;
+#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
+ /* Shadow passwd stuff for SVR3 and maybe other systems. */
+ const struct spwd *sp = getspnam (pw->pw_name);
+
+ endspent ();
+ if (sp)
+ correct = sp->sp_pwdp;
+ else
+#endif
+ correct = pw->pw_passwd;
+
+ if (getuid () == 0 || !correct || correct[0] == '\0')
+ return true;
+
+ unencrypted = getpass (_("Password:"));
+ if (!unencrypted)
+ {
+ error (0, 0, _("getpass: cannot open /dev/tty"));
+ return false;
+ }
+ encrypted = crypt (unencrypted, correct);
+ memset (unencrypted, 0, strlen (unencrypted));
+ return STREQ (encrypted, correct);
+#endif /* !USE_PAM */
+}
+
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
+/* Update 'environ' for the new shell based on PW, with SHELL being
+ the value for the SHELL environment variable. */
+
+static void
+modify_environment (const struct passwd *pw, const char *shell)
+{
+ if (simulate_login)
+ {
+ /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
+ Unset all other environment variables. */
+ char const *term = getenv ("TERM");
+ if (term)
+ term = xstrdup (term);
+ environ = xmalloc ((6 + !!term) * sizeof (char *));
+ environ[0] = NULL;
+ if (term)
+ xsetenv ("TERM", term);
+ xsetenv ("HOME", pw->pw_dir);
+ xsetenv ("SHELL", shell);
+ xsetenv ("USER", pw->pw_name);
+ xsetenv ("LOGNAME", pw->pw_name);
+ xsetenv ("PATH", (pw->pw_uid
+ ? getdef_str ("PATH", DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH", DEFAULT_ROOT_LOGIN_PATH)));
+ }
+ else
+ {
+ /* Set HOME, SHELL, and if not becoming a super-user,
+ USER and LOGNAME. */
+ if (change_environment)
+ {
+ xsetenv ("HOME", pw->pw_dir);
+ xsetenv ("SHELL", shell);
+ if (getdef_bool ("ALWAYS_SET_PATH", 0))
+ xsetenv ("PATH", (pw->pw_uid
+ ? getdef_str ("PATH",
+ DEFAULT_LOGIN_PATH)
+ : getdef_str ("SUPATH",
+ DEFAULT_ROOT_LOGIN_PATH)));
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new);
+ free (new);
+ }
+ }
+ if (pw->pw_uid)
+ {
+ xsetenv ("USER", pw->pw_name);
+ xsetenv ("LOGNAME", pw->pw_name);
+ }
+ }
+ }
+
+#ifdef USE_PAM
+ export_pamenv ();
+#endif
+}
+
+/* Become the user and group(s) specified by PW. */
+
+static void
+init_groups (const struct passwd *pw)
+{
+#ifdef HAVE_INITGROUPS
+ errno = 0;
+ if (initgroups (pw->pw_name, pw->pw_gid) == -1)
+ {
+#ifdef USE_PAM
+ cleanup_pam (PAM_ABORT);
+#endif
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
+ }
+ endgrent ();
+#endif
+
+#ifdef USE_PAM
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval));
+ else
+ _pam_cred_established = 1;
+#endif
+}
+
+static void
+change_identity (const struct passwd *pw)
+{
+ if (setgid (pw->pw_gid))
+ error (EXIT_CANCELED, errno, _("cannot set group id"));
+ if (setuid (pw->pw_uid))
+ error (EXIT_CANCELED, errno, _("cannot set user id"));
+}
+
+/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
+ If COMMAND is nonzero, pass it to the shell with the -c option.
+ Pass ADDITIONAL_ARGS to the shell as more arguments; there
+ are N_ADDITIONAL_ARGS extra arguments. */
+
+static void
+run_shell (char const *shell, char const *command, char **additional_args,
+ size_t n_additional_args)
+{
+ size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
+ char const **args = xnmalloc (n_args, sizeof *args);
+ size_t argno = 1;
+
+ if (simulate_login)
+ {
+ char *arg0;
+ char *shell_basename;
+
+ shell_basename = last_component (shell);
+ arg0 = xmalloc (strlen (shell_basename) + 2);
+ arg0[0] = '-';
+ strcpy (arg0 + 1, shell_basename);
+ args[0] = arg0;
+ }
+ else
+ args[0] = last_component (shell);
+ if (fast_startup)
+ args[argno++] = "-f";
+ if (command)
+ {
+ args[argno++] = "-c";
+ args[argno++] = command;
+ }
+ memcpy (args + argno, additional_args, n_additional_args * sizeof *args);
+ args[argno + n_additional_args] = NULL;
+ execv (shell, (char **) args);
+
+ {
+ int exit_status = (errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE);
+ error (0, errno, "%s", shell);
+ exit (exit_status);
+ }
+}
+
+/* Return true if SHELL is a restricted shell (one not returned by
+ getusershell), else false, meaning it is a standard shell. */
+
+static bool
+restricted_shell (const char *shell)
+{
+ char *line;
+
+ setusershell ();
+ while ((line = getusershell ()) != NULL)
+ {
+ if (*line != '#' && STREQ (line, shell))
+ {
+ endusershell ();
+ return false;
+ }
+ }
+ endusershell ();
+ return true;
+}
+
+void
+usage (int status)
+{
+ if (status != EXIT_SUCCESS)
+ emit_try_help ();
+ else
+ {
+ printf (_("Usage: %s [OPTION]... [-] [USER [ARG]...]\n"), program_name);
+ fputs (_("\
+Change the effective user id and group id to that of USER.\n\
+\n\
+ -, -l, --login make the shell a login shell\n\
+ -c, --command=COMMAND pass a single COMMAND to the shell with -c\n\
+ --session-command=COMMAND pass a single COMMAND to the shell with -c\n\
+ and do not create a new session\n\
+ -f, --fast pass -f to the shell (for csh or tcsh)\n\
+ -m, --preserve-environment do not reset environment variables\n\
+ -p same as -m\n\
+ -s, --shell=SHELL run SHELL if /etc/shells allows it\n\
+"), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+ fputs (_("\
+\n\
+A mere - implies -l. If USER not given, assume root.\n\
+"), stdout);
+ emit_ancillary_info ();
+ }
+ exit (status);
+}
+
+int
+main (int argc, char **argv)
+{
+ int optc;
+ const char *new_user = DEFAULT_USER;
+ char *command = NULL;
+ int request_same_session = 0;
+ char *shell = NULL;
+ struct passwd *pw;
+ struct passwd pw_copy;
+
+ initialize_main (&argc, &argv);
+ set_program_name (argv[0]);
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ initialize_exit_failure (EXIT_CANCELED);
+ atexit (close_stdout);
+
+ fast_startup = false;
+ simulate_login = false;
+ change_environment = true;
+
+ while ((optc = getopt_long (argc, argv, "c:C:flmps:", longopts, NULL)) != -1)
+ {
+ switch (optc)
+ {
+ case 'c':
+ command = optarg;
+ if (NULL != getenv ("SU_COMMAND_SAME_SESSION") ||
+ NULL != getenv ("SU_COMMAND_OPENS_SESSION"))
+ request_same_session = 1;
+ break;
+
+ case 'C':
+ command = optarg;
+ request_same_session = 1;
+ break;
+
+ case 'f':
+ fast_startup = true;
+ break;
+
+ case 'l':
+ simulate_login = true;
+ break;
+
+ case 'm':
+ case 'p':
+ change_environment = false;
+ break;
+
+ case 's':
+ shell = optarg;
+ break;
+
+ case_GETOPT_HELP_CHAR;
+
+ case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+
+ default:
+ usage (EXIT_CANCELED);
+ }
+ }
+
+ if (optind < argc && STREQ (argv[optind], "-"))
+ {
+ simulate_login = true;
+ ++optind;
+ }
+ if (optind < argc)
+ new_user = argv[optind++];
+
+ pw = getpwnam (new_user);
+ if (! (pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir && pw->pw_dir[0]
+ && pw->pw_passwd))
+ error (EXIT_CANCELED, 0, _("user %s does not exist"), new_user);
+
+ /* Make a copy of the password information and point pw at the local
+ copy instead. Otherwise, some systems (e.g. GNU/Linux) would clobber
+ the static data through the getlogin call from log_su.
+ Also, make sure pw->pw_shell is a nonempty string.
+ It may be NULL when NEW_USER is a username that is retrieved via NIS (YP),
+ but that doesn't have a default shell listed. */
+ pw_copy = *pw;
+ pw = &pw_copy;
+ pw->pw_name = xstrdup (pw->pw_name);
+ pw->pw_passwd = xstrdup (pw->pw_passwd);
+ pw->pw_dir = xstrdup (pw->pw_dir);
+ pw->pw_shell = xstrdup (pw->pw_shell && pw->pw_shell[0]
+ ? pw->pw_shell
+ : DEFAULT_SHELL);
+ endpwent ();
+
+ if (!correct_password (pw))
+ {
+#ifdef SYSLOG_FAILURE
+ log_su (pw, false);
+#endif
+ sleep (getdef_num ("FAIL_DELAY", 1));
+ error (EXIT_CANCELED, 0, _("incorrect password"));
+ }
+#ifdef SYSLOG_SUCCESS
+ else
+ {
+ log_su (pw, true);
+ }
+#endif
+
+ if (request_same_session || !command || !pw->pw_uid)
+ same_session = 1;
+
+ if (!shell && !change_environment)
+ shell = getenv ("SHELL");
+ if (shell && getuid () != 0 && restricted_shell (pw->pw_shell))
+ {
+ /* The user being su'd to has a nonstandard shell, and so is
+ probably a uucp account or has restricted access. Don't
+ compromise the account by allowing access with a standard
+ shell. */
+ error (0, 0, _("using restricted shell %s"), pw->pw_shell);
+ shell = NULL;
+ }
+ shell = xstrdup (shell ? shell : pw->pw_shell);
+
+ init_groups (pw);
+
+#ifdef USE_PAM
+ create_watching_parent ();
+ /* Now we're in the child. */
+#endif
+
+ change_identity (pw);
+
+ if (!same_session)
+ setsid ();
+
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
+ into the pam_env, etc. */
+
+ modify_environment (pw, shell);
+
+ if (simulate_login && chdir (pw->pw_dir) != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+
+ /* error() flushes stderr, but does not check for write failure.
+ Normally, we would catch this via our atexit() hook of
+ close_stdout, but execv() gets in the way. If stderr
+ encountered a write failure, there is no need to try calling
+ error() again. */
+ if (ferror (stderr))
+ exit (EXIT_CANCELED);
+
+ run_shell (shell, command, argv + optind, MAX (0, argc - optind));
+}
Index: src/getdef.h
===================================================================
--- /dev/null
+++ src/getdef.h
@@ -0,0 +1,29 @@
+/* Copyright (C) 2003, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk <kukuk@suse.de>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 or
+ later published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifndef _GETDEF_H_
+
+#define _GETDEF_H_ 1
+
+extern int getdef_bool (const char *name, int dflt);
+extern long getdef_num (const char *name, long dflt);
+extern unsigned long getdef_unum (const char *name, unsigned long dflt);
+extern const char *getdef_str (const char *name, const char *dflt);
+
+/* Free all data allocated by getdef_* calls before. */
+extern void free_getdef_data (void);
+
+#endif /* _GETDEF_H_ */
Index: src/getdef.c
===================================================================
--- /dev/null
+++ src/getdef.c
@@ -0,0 +1,259 @@
+/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk <kukuk@suse.de>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License version 2 or
+ later as published by the Free Software Foundation.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#define _GNU_SOURCE
+
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+
+#include "getdef.h"
+
+struct item {
+ char *name; /* Name of the option. */
+ char *value; /* Value of the option. */
+ struct item *next; /* Pointer to next option. */
+};
+
+static struct item *list = NULL;
+
+void
+free_getdef_data (void)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ struct item *tmp;
+ tmp = ptr->next;
+ free (ptr->name);
+ free (ptr->value);
+ free (ptr);
+ ptr = tmp;
+ }
+
+ list = NULL;
+}
+
+/* Add a new entry to the list. */
+static void
+store (const char *name, const char *value)
+{
+ struct item *new = malloc (sizeof (struct item));
+
+ if (new == NULL)
+ abort ();
+
+ if (name == NULL)
+ abort ();
+
+ new->name = strdup (name);
+ new->value = strdup (value ?: "");
+ new->next = list;
+ list = new;
+}
+
+/* Search a special entry in the list and return the value. */
+static const char *
+search (const char *name)
+{
+ struct item *ptr;
+
+ ptr = list;
+ while (ptr != NULL)
+ {
+ if (strcasecmp (name, ptr->name) == 0)
+ return ptr->value;
+ ptr = ptr->next;
+ }
+
+ return NULL;
+}
+
+/* Load the login.defs file (/etc/login.defs). */
+static void
+load_defaults_internal (const char *filename)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+
+ fp = fopen (filename, "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ char *tmp, *cp;
+#if defined(HAVE_GETLINE)
+ ssize_t n = getline (&buf, &buflen, fp);
+#elif defined (HAVE_GETDELIM)
+ ssize_t n = getdelim (&buf, &buflen, '\n', fp);
+#else
+ ssize_t n;
+
+ if (buf == NULL)
+ {
+ buflen = 8096;
+ buf = malloc (buflen);
+ }
+ buf[0] = '\0';
+ fgets (buf, buflen - 1, fp);
+ if (buf != NULL)
+ n = strlen (buf);
+ else
+ n = 0;
+#endif /* HAVE_GETLINE / HAVE_GETDELIM */
+ cp = buf;
+
+ if (n < 1)
+ break;
+
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ tmp = strsep (&cp, " \t=");
+ if (cp != NULL)
+ while (isspace ((unsigned char) *cp) || *cp == '=')
+ ++cp;
+
+ store (tmp, cp);
+ }
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+}
+
+static void
+load_defaults (void)
+{
+ load_defaults_internal ("/etc/default/su");
+ load_defaults_internal ("/etc/login.defs");
+}
+
+int
+getdef_bool (const char *name, int dflt)
+{
+ const char *val;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ return (strcasecmp (val, "yes") == 0);
+}
+
+long
+getdef_num (const char *name, long dflt)
+{
+ const char *val;
+ char *cp;
+ long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtol (val, &cp, 0);
+ if (*cp != '\0'
+ || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+unsigned long
+getdef_unum (const char *name, unsigned long dflt)
+{
+ const char *val;
+ char *cp;
+ unsigned long retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ val = search (name);
+
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtoul (val, &cp, 0);
+ if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
+ name, val);
+ retval = dflt;
+ }
+ return retval;
+}
+
+const char *
+getdef_str (const char *name, const char *dflt)
+{
+ const char *retval;
+
+ if (list == NULL)
+ load_defaults ();
+
+ retval = search (name);
+
+ return retval ?: dflt;
+}
+
+#if defined(TEST)
+
+int
+main ()
+{
+ printf ("CYPT=%s\n", getdef_str ("cRypt", "no"));
+ printf ("LOG_UNKFAIL_ENAB=%s\n", getdef_str ("log_unkfail_enab",""));
+ printf ("DOESNOTEXIST=%s\n", getdef_str ("DOESNOTEXIST","yes"));
+ return 0;
+}
+
+#endif
Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig
+++ doc/coreutils.texi
@@ -109,6 +109,7 @@
* stat: (coreutils)stat invocation. Report file(system) status.
* stdbuf: (coreutils)stdbuf invocation. Modify stdio buffering.
* stty: (coreutils)stty invocation. Print/change terminal settings.
+* su: (coreutils)su invocation. Modify user and group ID.
* sum: (coreutils)sum invocation. Print traditional checksum.
* sync: (coreutils)sync invocation. Synchronize memory and disk.
* tac: (coreutils)tac invocation. Reverse files.
@@ -199,7 +200,7 @@ Free Documentation License''.
* User information:: id logname whoami groups users who
* System context:: date arch nproc uname hostid uptime
* SELinux context:: chcon runcon
-* Modified command invocation:: chroot env nice nohup stdbuf timeout
+* Modified command invocation:: chroot env nice nohup stdbuf su timeout
* Process control:: kill
* Delaying:: sleep
* Numeric operations:: factor seq
@@ -444,6 +445,7 @@ Modified command invocation
* nice invocation:: Run a command with modified niceness
* nohup invocation:: Run a command immune to hangups
* stdbuf invocation:: Run a command with modified I/O buffering
+* su invocation:: Run a command with substitute user and group ID
* timeout invocation:: Run a command with a time limit
Process control
@@ -767,7 +769,8 @@ meanings with the values @samp{0} and @s
Here are some of the exceptions:
@command{chroot}, @command{env}, @command{expr}, @command{nice},
@command{nohup}, @command{numfmt}, @command{printenv}, @command{sort},
-@command{stdbuf}, @command{test}, @command{timeout}, @command{tty}.
+@command{su}, @command{stdbuf}, @command{test}, @command{timeout},
+@command{tty}.
@node Backup options
@@ -15762,6 +15765,7 @@ user, etc.
* nice invocation:: Modify niceness.
* nohup invocation:: Immunize to hangups.
* stdbuf invocation:: Modify buffering of standard streams.
+* su invocation:: Modify user and group ID.
* timeout invocation:: Run with time limit.
@end menu
@@ -16293,6 +16297,149 @@ the exit status of @var{command} otherwi
@end display
+@node su invocation
+@section @command{su}: Run a command with substitute user and group ID
+
+@pindex su
+@cindex substitute user and group IDs
+@cindex user ID, switching
+@cindex super-user, becoming
+@cindex root, becoming
+
+@command{su} allows one user to temporarily become another user. It runs a
+command (often an interactive shell) with the real and effective user
+ID, group ID, and supplemental groups of a given @var{user}. Synopsis:
+
+@example
+su [@var{option}]@dots{} [@var{user} [@var{arg}]@dots{}]
+@end example
+
+@cindex passwd entry, and @command{su} shell
+@flindex /bin/sh
+@flindex /etc/passwd
+If no @var{user} is given, the default is @code{root}, the super-user.
+The shell to use is taken from @var{user}'s @code{passwd} entry, or
+@file{/bin/sh} if none is specified there. If @var{user} has a
+password, @command{su} prompts for the password unless run by a user with
+effective user ID of zero (the super-user).
+
+@vindex HOME
+@vindex SHELL
+@vindex USER
+@vindex LOGNAME
+@cindex login shell
+By default, @command{su} does not change the current directory.
+It sets the environment variables @env{HOME} and @env{SHELL}
+from the password entry for @var{user}, and if @var{user} is not
+the super-user, sets @env{USER} and @env{LOGNAME} to @var{user}.
+By default, the shell is not a login shell.
+
+Any additional @var{arg}s are passed as additional arguments to the
+shell.
+
+@cindex @option{-su}
+GNU @command{su} does not treat @file{/bin/sh} or any other shells specially
+(e.g., by setting @code{argv[0]} to @option{-su}, passing @option{-c} only
+to certain shells, etc.).
+
+@findex syslog
+@command{su} can optionally be compiled to use @code{syslog} to report
+failed, and optionally successful, @command{su} attempts. (If the system
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
+
+If the environment variable SU_COMMAND_SAME_SESSION is set, @command{su} su will
+not open a new session for running a command thus making @option{-c} behaves
+just like @option{--session-command}.
+
+The program accepts the following options. Also see @ref{Common options}.
+
+@table @samp
+@item -c @var{command}
+@itemx --command=@var{command}
+@opindex -c
+@opindex --command
+Pass @var{command}, a single command line to run, to the shell with
+a @option{-c} option instead of starting an interactive shell.
+
+@itemx --session-command=@var{command}
+@opindex --session-command
+Pass @var{command}, a single command line to run, to the shell with a
+@option{-c} option instead of starting an interactive and do not create
+a new session for it.
+
+@item -f
+@itemx --fast
+@opindex -f
+@opindex --fast
+@flindex .cshrc
+@cindex file name pattern expansion, disabled
+@cindex globbing, disabled
+Pass the @option{-f} option to the shell. This probably only makes sense
+if the shell run is @command{csh} or @command{tcsh}, for which the @option{-f}
+option prevents reading the startup file (@file{.cshrc}). With
+Bourne-like shells, the @option{-f} option disables file name pattern
+expansion (globbing), which is not likely to be useful.
+
+@item -
+@itemx -l
+@itemx --login
+@opindex -
+@opindex -l
+@opindex --login
+@c other variables already indexed above
+@vindex TERM
+@vindex PATH
+@cindex login shell, creating
+Make the shell a login shell. This means the following. Unset all
+environment variables except @env{TERM}, @env{HOME}, and @env{SHELL}
+(which are set as described above), and @env{USER} and @env{LOGNAME}
+(which are set, even for the super-user, as described above), and set
+@env{PATH} to a compiled-in default value. Change to @var{user}'s home
+directory. Prepend @samp{-} to the shell's name, intended to make it
+read its login startup file(s).
+
+@item -m
+@itemx -p
+@itemx --preserve-environment
+@opindex -m
+@opindex -p
+@opindex --preserve-environment
+@cindex environment, preserving
+@flindex /etc/shells
+@cindex restricted shell
+Do not change the environment variables @env{HOME}, @env{USER},
+@env{LOGNAME}, or @env{SHELL}. Run the shell given in the environment
+variable @env{SHELL} instead of the shell from @var{user}'s passwd
+entry, unless the user running @command{su} is not the super-user and
+@var{user}'s shell is restricted. A @dfn{restricted shell} is one that
+is not listed in the file @file{/etc/shells}, or in a compiled-in list
+if that file does not exist. Parts of what this option does can be
+overridden by @option{--login} and @option{--shell}.
+
+@item -s @var{shell}
+@itemx --shell=@var{shell}
+@opindex -s
+@opindex --shell
+Run @var{shell} instead of the shell from @var{user}'s passwd entry,
+unless the user running @command{su} is not the super-user and @var{user}'s
+shell is restricted (see @option{-m} just above).
+
+@end table
+
+@cindex exit status of @command{su}
+Exit status:
+
+@display
+125 if @command{su} itself fails
+126 if subshell is found but cannot be invoked
+127 if subshell cannot be found
+the exit status of the subshell otherwise
+@end display
+
@node timeout invocation
@section @command{timeout}: Run a command with a time limit
Index: man/local.mk
===================================================================
--- man/local.mk.orig
+++ man/local.mk
@@ -26,6 +26,7 @@ run_help2man = $(SHELL) $(srcdir)/man/du
endif
man1_MANS = @man1_MANS@
+man1_MANS += man/su.1
EXTRA_DIST += $(man1_MANS:.1=.x)
EXTRA_MANS = @EXTRA_MANS@
@@ -144,6 +145,7 @@ man/split.1: src/split
man/stat.1: src/stat
man/stdbuf.1: src/stdbuf
man/stty.1: src/stty
+man/su.1: src/su
man/sum.1: src/sum
man/sync.1: src/sync
man/tac.1: src/tac
Index: man/su.x
===================================================================
--- /dev/null
+++ man/su.x
@@ -0,0 +1,4 @@
+[NAME]
+su \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
Index: tests/misc/su-fail.sh
===================================================================
--- /dev/null
+++ tests/misc/su-fail.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Test su failure cases
+
+# Copyright (C) 2009-2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ su
+
+#require_built_ su
+
+# Very little that we can test without a root password
+su --- / true # unknown option
+test $? = 125 || fail=1
+su no_such_user
+test $? = 125 || fail=1
+
+Exit $fail
Index: tests/local.mk
===================================================================
--- tests/local.mk.orig
+++ tests/local.mk
@@ -361,6 +361,7 @@ all_tests = \
tests/misc/stty-invalid.sh \
tests/misc/stty-pairs.sh \
tests/misc/stty-row-col.sh \
+ tests/misc/su-fail.sh \
tests/misc/sum.pl \
tests/misc/sum-sysv.sh \
tests/misc/tac.pl \
Index: po/coreutils.pot
===================================================================
--- po/coreutils.pot.orig
+++ po/coreutils.pot
@@ -8461,6 +8461,73 @@ msgstr ""
msgid "invalid integer argument %s"
msgstr ""
+#: src/su.c:229
+msgid "Password:"
+msgstr ""
+
+#: src/su.c:232
+#, c-format
+msgid "getpass: cannot open /dev/tty"
+msgstr ""
+
+#: src/su.c:290
+#, c-format
+msgid "cannot set groups"
+msgstr ""
+
+#: src/su.c:294
+#, c-format
+msgid "cannot set group id"
+msgstr ""
+
+#: src/su.c:296
+#, c-format
+msgid "cannot set user id"
+msgstr ""
+
+#: src/su.c:371
+#, c-format
+msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
+msgstr ""
+
+#: src/su.c:372
+msgid ""
+"Change the effective user id and group id to that of USER.\n"
+"\n"
+" -, -l, --login make the shell a login shell\n"
+" -c, --command=COMMAND pass a single COMMAND to the shell with -c\n"
+" -f, --fast pass -f to the shell (for csh or tcsh)\n"
+" -m, --preserve-environment do not reset environment variables\n"
+" -p same as -m\n"
+" -s, --shell=SHELL run SHELL if /etc/shells allows it\n"
+msgstr ""
+
+#: src/su.c:384
+msgid ""
+"\n"
+"A mere - implies -l. If USER not given, assume root.\n"
+msgstr ""
+
+#: src/su.c:461
+#, c-format
+msgid "user %s does not exist"
+msgstr ""
+
+#: src/su.c:484
+#, c-format
+msgid "incorrect password"
+msgstr ""
+
+#: src/su.c:501
+#, c-format
+msgid "using restricted shell %s"
+msgstr ""
+
+#: src/su.c:509
+#, c-format
+msgid "warning: cannot change directory to %s"
+msgstr ""
+
#. This is a proper name. See the gettext manual, section Names.
#: src/sum.c:37
msgid "Kayvan Aghaiepour"
Index: README
===================================================================
--- README.orig
+++ README
@@ -13,7 +13,7 @@ The programs that can be built with this
link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup
nproc numfmt od paste pathchk pinky pr printenv printf ptx pwd readlink
realpath rm rmdir runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum
- shred shuf sleep sort split stat stdbuf stty sum sync tac tail tee test
+ shred shuf sleep sort split stat stdbuf stty su sum sync tac tail tee test
timeout touch tr true truncate tsort tty uname unexpand uniq unlink
uptime users vdir wc who whoami yes