X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=blobdiff_plain;f=cprogs%2Freally.8;h=2344e14138934c294d30af3af61db55f5ca6d50d;hp=f86ed95ef154f47f93abe56ae877578767cf3e5c;hb=c46b09429cb3309bfb32fd57c294c9dc4d5cf6e9;hpb=a6d8af82c47d8cc2dccca89c953d42ee9e753424 diff --git a/cprogs/really.8 b/cprogs/really.8 index f86ed95..2344e14 100644 --- a/cprogs/really.8 +++ b/cprogs/really.8 @@ -1,4 +1,4 @@ -.TH readbuffer 1 2001-10-21 chiark-backup +.TH really 8 2001-10-21 chiark-backup .SH NAME really \- gain privilege or run commands a different user .SH SYNOPSIS @@ -8,11 +8,11 @@ really \- gain privilege or run commands a different user .SH DESCRIPTION .B really checks whether the caller is allowed, and if it is it changes its uids -and gids according to the command line options and executes the -specified command. +and gids (and perhaps root directory) according to the command line +options and executes the specified command. .PP If no options are specified, the uid will be set to 0 and the gids -will be left unchanged. +and root directory will be left unchanged. .PP If no command is specified, .B really @@ -20,11 +20,14 @@ will run .BR "$SHELL -i" . .PP A caller is allowed if it has write access to -.BR /etc/inittab . -This is most easily achieved by creating or using a suitable group, -containing all the appropriate users, and making +.BR /etc/inittab +and is also member of the group +.BR root . +This is most easily achieved by making inittab group-writeable by some +suitable group containing all the appropriate users, and making .B /etc/inittab -group-owned by that group and group-writeable. +group-owned by that group and group-writeable. The root group is +perhaps a good choice if it isn't being used for anything else. .SH OPTIONS .TP \fB-u\fR \fIusername\fR | \fB--user\fR \fIusername\fR @@ -68,6 +71,17 @@ relative position of .B -z in the argument list is not relevant. .TP +\fB-R\fR \fIroot-dir\fR | \fB--chroot\fR \fIroot-dir\fR +The program will have its root directory set to +.IR root-dir . + +.BR "Do not use this option unless you know what you are doing" : +Unlike chroot(8), the current working directory will remain unchanged. +This means that if the current directory isn't underneath the +specified new root, the program will still be able to access files +outside the new root by using relative pathnames. If this isn't +what you want, please use the chroot utility instead. +.TP .B \-\- Indicates the end of the options. The next argument (if present) will be interpreted as the command name, even if it starts with a hyphen. @@ -126,13 +140,13 @@ This version of .B really was written by Ian Jackson . .PP -It and this manpage are Copyright (C) 1992-5,2003 Ian Jackson +It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson . .PP .B really is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation; either version 2, +published by the Free Software Foundation; either version 3, or (at your option) any later version. .PP .B really @@ -142,8 +156,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. .PP You should have received a copy of the GNU General Public -License along with this file; if not, write to the Free Software -Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +License along with this file; if not, consult the Free Software +Foundation's website at www.fsf.org, or the GNU Project website at +www.gnu.org. .SH AVAILABILITY .B really is currently part of