X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=cprogs%2Freally.8;h=2344e14138934c294d30af3af61db55f5ca6d50d;hp=3952e4661db55e0307b9b52432f4ec0da25c0819;hb=ffe10fa0391ea0f692854791ec0a91097ded58a4;hpb=d9d8b1a736946ae91c521133dc32d5e1d6b5e506 diff --git a/cprogs/really.8 b/cprogs/really.8 index 3952e46..2344e14 100644 --- a/cprogs/really.8 +++ b/cprogs/really.8 @@ -8,11 +8,11 @@ really \- gain privilege or run commands a different user .SH DESCRIPTION .B really checks whether the caller is allowed, and if it is it changes its uids -and gids according to the command line options and executes the -specified command. +and gids (and perhaps root directory) according to the command line +options and executes the specified command. .PP If no options are specified, the uid will be set to 0 and the gids -will be left unchanged. +and root directory will be left unchanged. .PP If no command is specified, .B really @@ -20,11 +20,14 @@ will run .BR "$SHELL -i" . .PP A caller is allowed if it has write access to -.BR /etc/inittab . -This is most easily achieved by creating or using a suitable group, -containing all the appropriate users, and making +.BR /etc/inittab +and is also member of the group +.BR root . +This is most easily achieved by making inittab group-writeable by some +suitable group containing all the appropriate users, and making .B /etc/inittab -group-owned by that group and group-writeable. +group-owned by that group and group-writeable. The root group is +perhaps a good choice if it isn't being used for anything else. .SH OPTIONS .TP \fB-u\fR \fIusername\fR | \fB--user\fR \fIusername\fR @@ -68,6 +71,17 @@ relative position of .B -z in the argument list is not relevant. .TP +\fB-R\fR \fIroot-dir\fR | \fB--chroot\fR \fIroot-dir\fR +The program will have its root directory set to +.IR root-dir . + +.BR "Do not use this option unless you know what you are doing" : +Unlike chroot(8), the current working directory will remain unchanged. +This means that if the current directory isn't underneath the +specified new root, the program will still be able to access files +outside the new root by using relative pathnames. If this isn't +what you want, please use the chroot utility instead. +.TP .B \-\- Indicates the end of the options. The next argument (if present) will be interpreted as the command name, even if it starts with a hyphen. @@ -126,7 +140,7 @@ This version of .B really was written by Ian Jackson . .PP -It and this manpage are Copyright (C) 1992-5,2003 Ian Jackson +It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson . .PP .B really @@ -142,8 +156,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .PP You should have received a copy of the GNU General Public -License along with this file; if not, write to the Free Software -Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +License along with this file; if not, consult the Free Software +Foundation's website at www.fsf.org, or the GNU Project website at +www.gnu.org. .SH AVAILABILITY .B really is currently part of