X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=cprogs%2Freally.8;h=2344e14138934c294d30af3af61db55f5ca6d50d;hp=45bca20fc4222b4090dd9013c7a8f878534c5af6;hb=ffe10fa0391ea0f692854791ec0a91097ded58a4;hpb=dcb3df3fda85c612a887127d5357806238c72f0b diff --git a/cprogs/really.8 b/cprogs/really.8 index 45bca20..2344e14 100644 --- a/cprogs/really.8 +++ b/cprogs/really.8 @@ -8,11 +8,11 @@ really \- gain privilege or run commands a different user .SH DESCRIPTION .B really checks whether the caller is allowed, and if it is it changes its uids -and gids according to the command line options and executes the -specified command. +and gids (and perhaps root directory) according to the command line +options and executes the specified command. .PP If no options are specified, the uid will be set to 0 and the gids -will be left unchanged. +and root directory will be left unchanged. .PP If no command is specified, .B really @@ -20,11 +20,14 @@ will run .BR "$SHELL -i" . .PP A caller is allowed if it has write access to -.BR /etc/inittab . -This is most easily achieved by creating or using a suitable group, -containing all the appropriate users, and making +.BR /etc/inittab +and is also member of the group +.BR root . +This is most easily achieved by making inittab group-writeable by some +suitable group containing all the appropriate users, and making .B /etc/inittab -group-owned by that group and group-writeable. +group-owned by that group and group-writeable. The root group is +perhaps a good choice if it isn't being used for anything else. .SH OPTIONS .TP \fB-u\fR \fIusername\fR | \fB--user\fR \fIusername\fR @@ -68,6 +71,17 @@ relative position of .B -z in the argument list is not relevant. .TP +\fB-R\fR \fIroot-dir\fR | \fB--chroot\fR \fIroot-dir\fR +The program will have its root directory set to +.IR root-dir . + +.BR "Do not use this option unless you know what you are doing" : +Unlike chroot(8), the current working directory will remain unchanged. +This means that if the current directory isn't underneath the +specified new root, the program will still be able to access files +outside the new root by using relative pathnames. If this isn't +what you want, please use the chroot utility instead. +.TP .B \-\- Indicates the end of the options. The next argument (if present) will be interpreted as the command name, even if it starts with a hyphen. @@ -126,7 +140,7 @@ This version of .B really was written by Ian Jackson . .PP -It and this manpage are Copyright (C) 1992-5,2003 Ian Jackson +It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson . .PP .B really