aboutsummaryrefslogtreecommitdiff
path: root/usr.bin/su
Commit message (Collapse)AuthorAgeFilesLines
...
* Ignore SIGSYS when BSM is compiled in. Otherwise, attempt to invoke su onMaxim Sobolev2006-10-241-0/+2
| | | | | | | | | | | | | | | | | | | | system that don't have audit framefork compiled into kernel or ia32 binary on amd64 system will result in SIGSYS. There is one place in su.c itself where it tries to check for errno != ENOSYS, but it has been a nop since su does not catch SIGSYS anyway. There are few other places in libbsm, where attempt to invoke audit syscal would result in SIGSYS if no audit support is present in the kernel, so that the only reliable method for now is to disable SIGSYS completely in the case when BSM is compiled in. In the long run, both direct invocation of audit-related syscalls and libbsm should be made more intellegent to handle the case when BSM is not compiled into the kernel gracefully. MFC after: 3 days (provided re@ approval) Notes: svn path=/head/; revision=163641
* Markup fixes.Ruslan Ermilov2006-09-291-3/+3
| | | | Notes: svn path=/head/; revision=162792
* Do not chdir(2) until after setuid(2), otherwise "su - username" would failLuoqi Chen2006-09-291-6/+4
| | | | | | | | | when root doesn't have the permission to enter target user's home directory. If set, PAM environment variable HOME will be used in chdir(2) instead of pwd->pw_dir, this allows pam_chroot module to continue to function. Notes: svn path=/head/; revision=162761
* Remove references to the pam(8) manual page. It does not exist.Joel Dahl2006-09-131-2/+1
| | | | | | | | Requested by: novel Discussed with: brueffer, simon Notes: svn path=/head/; revision=162286
* Integrate audit_submit(3) bits into su. This means that records forChristian S.J. Peron2006-09-012-6/+76
| | | | | | | | | | | | | | | successful and failed su attempts will be recorded using the AUE_su event type (login or lo class) if auditing is present in the system. Currently, the records will have a header, subject, text (with the actual diagnostics), a return and trailer token. See audit_submit(3) for more information. Reviewed by: rwatson Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=161815
* - Mention that users need to be in the wheel group to `su - root' by ↵Brad Davis2006-01-281-3/+17
| | | | | | | | | | | | | default, and how to change it. PR: docs/70616 Submitted by: Jilles Tjoelker <jilles at stack dot nl> Reviewed by: ru@ Approved by: ceri@ MFC after: 3 days Notes: svn path=/head/; revision=154945
* Fix the other su bug reintroduced two commits ago, namelyBrian Somers2006-01-031-1/+14
| | | | | | | | | | | | | | | | $ su % kill -STOP $$ where su is executing (t)csh. csh's job handling is a little more special than that of (a)sh, bash and even zsh and blows up a little more spectacularly. This modification restores the original mucking about with the tty pgrp, but is careful to only do it when su (or su's child) is the foreground process. While I'm here, fix a STDERR_FILENO spelling as suggested by bde. Notes: svn path=/head/; revision=153985
* Handle the case (that I just broke) where the following hangs:Brian Somers2006-01-021-1/+3
| | | | | | | | | | $ su # kill -STOP $$ Pointed out by: David Xu <davidxu@freebsd.org> Notes: svn path=/head/; revision=153966
* Remove broken code that mucks about with tcsetpgrp() -- even ifBrian Somers2006-01-021-7/+0
| | | | | | | | | | | | | | | | | | | | | | | su isn't the foreground process. Hopefully this won't break PAM, but I couldn't find any useful information about ache's theory that it will. Specifically, this change fixes the following: # sh # echo $$ # su - root -c id & # echo $$ The PID output changes as su seems to be kill -STOP'ing itself and catching the parent shell in the process. This is especially bad if you add a ``su - user -c command &'' to an rc script! Sponsored by: Sophos/Activestate Not objected to by: des Notes: svn path=/head/; revision=153964
* Sort sections.Ruslan Ermilov2005-01-181-14/+14
| | | | Notes: svn path=/head/; revision=140420
* If su(1) is run without an effective uid of 0, generate an error toRobert Watson2005-01-171-3/+33
| | | | | | | | | | | | the user indicating that su is not running setuid, which may help suggest to the user that it should be setuid, or should not be running from a file system mounted nosuid. Suggsted by: Ivan Voras <ivoras at fer dot hr> MFC after: 2 weeks Notes: svn path=/head/; revision=140392
* Introduce the PRECIOUSPROG knob in bsd.prog.mk, similarRuslan Ermilov2004-11-031-1/+1
| | | | | | | | | | | to PRECIOUSLIB from bsd.lib.mk. The side effect of this is making installing the world under jail(8) possible by using another knob, NOFSCHG. Reviewed by: oliver Notes: svn path=/head/; revision=137164
* Bump document date for last commit.Simon L. B. Nielsen2004-10-041-1/+1
| | | | | | | Noticed by: ru Notes: svn path=/head/; revision=136114
* PAM configuration is now in /etc/pam.d/su.Simon L. B. Nielsen2004-10-031-7/+4
| | | | | | | | | Submitted by: Jilles Tjoelker <jilles@stack.nl> (original version) PR: docs/70616 (part of) MFC after: 1 week Notes: svn path=/head/; revision=136102
* Deal with double whitespace.Ruslan Ermilov2004-07-031-1/+1
| | | | Notes: svn path=/head/; revision=131507
* Mechanically kill hard sentence breaks.Ruslan Ermilov2004-07-021-1/+2
| | | | Notes: svn path=/head/; revision=131491
* Oops. My last commit included a bug that would make "su -m" alwaysMark Murray2004-06-151-2/+0
| | | | | | | use /bin/sh. Fix this. Notes: svn path=/head/; revision=130541
* Paranoia, WARNS fixes and lint.Mark Murray2004-06-131-19/+19
| | | | Notes: svn path=/head/; revision=130409
* Bumped the document date.Ruslan Ermilov2004-05-191-2/+2
| | | | | | | Fixed the grammar nit. Notes: svn path=/head/; revision=129434
* Add FBSDID. Do not dot terminate errx(3) string.Philippe Charnier2004-04-041-5/+6
| | | | Notes: svn path=/head/; revision=127848
* Fixed style of assignments.Ruslan Ermilov2004-02-021-2/+2
| | | | Notes: svn path=/head/; revision=125334
* When root tries to su to a non-existent user, pam_authenticate() willDag-Erling Smørgrav2004-01-061-4/+4
| | | | | | | | | | | | normally succeed (because root can su to anyone), but pam_acct_mgmt() will most likely fail, causing su to log a confusing "pam_acct_mgmt: error in service module" message. To avoid this, call getpwnam() before pam_acct_mgmt(). Sponsored by: registrar.no Notes: svn path=/head/; revision=124166
* Be sure to restore foreground group to parent su before parent suDavid Xu2003-11-041-1/+2
| | | | | | | | exits, otherwise shell will be confused and does not set foreground group correctly for next su command. This sounds like a bug in sh. Notes: svn path=/head/; revision=122061
* It seems when su executes in a shell scripts, there is a timing race,David Xu2003-11-031-0/+2
| | | | | | | | | | | sometimes, su will receive a SIGTTOU when parent su tries to set child su's process group as foreground group, and su will be stopped unexpectly, ignoring SIGTTOU fixes the problem. Noticed by: fjoe Notes: svn path=/head/; revision=122013
* Fix broken su -m behaviour :Olivier Houchard2003-10-191-4/+2
| | | | | | | | | | chshell must return 0 if the shell is not a standard shell, or else it is possible to use an account without a valid shell. Reviewed by: des Notes: svn path=/head/; revision=121236
* - Clarification to how command line arguments are processed.Ken Smith2003-09-281-0/+5
| | | | | | | | | PR: docs/55613 Submitted by: gshapiro@freebsd.org Approved by: blackend (mentor) Notes: svn path=/head/; revision=120557
* typoPhilippe Charnier2003-06-081-1/+1
| | | | Notes: svn path=/head/; revision=116047
* PAM-related improvements:Dag-Erling Smørgrav2003-04-081-37/+59
| | | | | | | | | | | - if operating "as them" (su -l), use pam_{open,close}_session() - allow PAM to override $HOME (pam_chroot needs this) - chdir early, because later on we may be chrooted and chdir will fail Also use pid_t instead of int where applicable. Notes: svn path=/head/; revision=113262
* Put child process in a different process group, ensure that the broadcastDavid Xu2003-03-271-6/+22
| | | | | | | | | | | signal never affects su directly, some shells changes its pgrp at running or suspended time, so a broadcast SIGTSTP from child will mess up su's job control. Discussed with: bde Notes: svn path=/head/; revision=112695
* Fix style bugs in the previous commit (which weren't in bde's patch)Dag-Erling Smørgrav2003-03-111-2/+0
| | | | Notes: svn path=/head/; revision=112087
* Reset SIGTSTP handler to default both for parent and child process.David Xu2003-03-111-3/+4
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=112085
* Fix long standing job control bug. SIGTSTP shouldn't be ignored.David Xu2003-03-111-1/+0
| | | | | | | | | Special instructions tested: suspend stop $$ Notes: svn path=/head/; revision=112072
* Pass the correct, verified username to PAM instead of getlogin().Dag-Erling Smørgrav2003-02-061-1/+1
| | | | Notes: svn path=/head/; revision=110456
* mdoc(7) police: markup polishing.Ruslan Ermilov2002-11-261-1/+1
| | | | | | | Approved by: re Notes: svn path=/head/; revision=107276
* Add a new '-s' option to su(1): if the flag is present, attempt toRobert Watson2002-10-232-5/+23
| | | | | | | | | | | | | also set the user's MAC label as part of the user credential setup by setting setusercontext(3)'s SETMAC flag. By default, change only traditional process properties. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=105758
* When a user gets refused because the password is wrong, use theMark Murray2002-10-181-0/+4
| | | | | | | | | | older "BAD SU" syslog message that folks prefer. There is quite a bit more tweaking that can be done with other similar messages. Asked for by: tjr Notes: svn path=/head/; revision=105386
* Style: use sa_handler instead of __sigaction_u.__sa_handler.Tim J. Robbins2002-10-171-1/+1
| | | | Notes: svn path=/head/; revision=105362
* Remove an unused variable.Poul-Henning Kamp2002-10-141-2/+0
| | | | Notes: svn path=/head/; revision=105080
* Fix typing error in prev. commitAndrey A. Chernov2002-08-121-1/+1
| | | | Notes: svn path=/head/; revision=101749
* Fix style bug in prev. commitAndrey A. Chernov2002-08-121-2/+1
| | | | Notes: svn path=/head/; revision=101748
* Fix su job control (recently introduced for PAM cleanup purposes) to notAndrey A. Chernov2002-08-121-3/+6
| | | | | | | | | | kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since this bug occurse on -stable too, it is not kernel threads bug. Submitted by: David Xu <bsddiy@yahoo.com> Notes: svn path=/head/; revision=101722
* Back out workaround of fixing "suspend/fg" by price of breaking "stop $$/fg".Andrey A. Chernov2002-08-071-1/+3
| | | | | | | | This is real kernel bug (threads) and don't attempt to mask it by workarounds to increase chances to fix it in the kernel. Notes: svn path=/head/; revision=101446
* Remove tcsetpgrp() stuff across suspend/continue because it cause upper levelAndrey A. Chernov2002-07-091-3/+1
| | | | | | | | tcsh killed on resume (fg). It is because tcsh is interactive itself and do its own things with terminal group. Notes: svn path=/head/; revision=99685
* This is Alexander Kabaev's patch to solve the signal problem with suMatthew Dillon2002-06-261-0/+11
| | | | | | | | | | (see 'zsh exits upon ^C' thread). This may be temporary be he's been running it for a year without incident so we should be golden with it. Approved by: des Notes: svn path=/head/; revision=98837
* Backout 1.51 on DES's request.Matthew Dillon2002-06-261-2/+0
| | | | | | | Approved by: des Notes: svn path=/head/; revision=98836
* Make our child the leader of its own process group to avoid receivingDag-Erling Smørgrav2002-05-291-0/+2
| | | | | | | signals in its stead. This fixes the dread "zsh exits upon ^C" bug. Notes: svn path=/head/; revision=97438
* Drive-by whitespace cleanup & add NAI copyrightDag-Erling Smørgrav2002-05-281-2/+9
| | | | Notes: svn path=/head/; revision=97377
* Use `The .Nm utility'Philippe Charnier2002-04-201-2/+3
| | | | Notes: svn path=/head/; revision=95124
* Fix a few typos.Giorgos Keramidas2002-03-301-2/+2
| | | | | | | | | | | | as a user ID -> has a user ID command constitutes of -> command consists of PR: misc/36523 Submitted by: Chris Pepper <pepper@mail.rockefeller.edu> MFC after: 3 days Notes: svn path=/head/; revision=93417
* Belatedly OpenPAMify. I forgot this patch in last night's megacommit.Dag-Erling Smørgrav2002-03-061-2/+2
| | | | | | | Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=91745
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 23:49:05 +0000