SHA256
1
0
forked from pool/coreutils
coreutils/coreutils-8.6-update-man-page-for-pam.diff

65 lines
2.3 KiB
Diff

From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 17 Aug 2010 08:59:35 +0200
Subject: [PATCH 2/7] update man page for pam
---
doc/coreutils.texi | 34 +++++-----------------------------
1 files changed, 5 insertions(+), 29 deletions(-)
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 4d17ed1..27681da 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -15172,8 +15172,11 @@ to certain shells, etc.).
@findex syslog
@command{su} can optionally be compiled to use @code{syslog} to report
failed, and optionally successful, @command{su} attempts. (If the system
-supports @code{syslog}.) However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication. You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
The program accepts the following options. Also see @ref{Common options}.
@@ -15254,33 +15257,6 @@ Exit status:
the exit status of the subshell otherwise
@end display
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest. For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else. (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone. Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest. The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers. If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
-
@node timeout invocation
@section @command{timeout}: Run a command with a time limit
--
1.7.1