From f2ee6708316d3b0cfb99bb244c98527a69bf82c2 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Fri, 29 Nov 2013 18:33:52 +0000 Subject: [PATCH] really: Document need to be in the "root" group as well. (This is better than removing the restriction, because it would be dangerous to relax this security barrier in existing deployments.) Closes:#693356. --- cprogs/really.8 | 11 +++++++---- debian/changelog | 3 +++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/cprogs/really.8 b/cprogs/really.8 index fb21f05..2344e14 100644 --- a/cprogs/really.8 +++ b/cprogs/really.8 @@ -20,11 +20,14 @@ will run .BR "$SHELL -i" . .PP A caller is allowed if it has write access to -.BR /etc/inittab . -This is most easily achieved by creating or using a suitable group, -containing all the appropriate users, and making +.BR /etc/inittab +and is also member of the group +.BR root . +This is most easily achieved by making inittab group-writeable by some +suitable group containing all the appropriate users, and making .B /etc/inittab -group-owned by that group and group-writeable. +group-owned by that group and group-writeable. The root group is +perhaps a good choice if it isn't being used for anything else. .SH OPTIONS .TP \fB-u\fR \fIusername\fR | \fB--user\fR \fIusername\fR diff --git a/debian/changelog b/debian/changelog index a17ffd0..4f71e9d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ chiark-utils (4.2.1~~iwj4) unstable; urgency=low * really: Add "danger!" warning to usage message description of -R. * really: Document -R option in the manpage. Closes:#693354. + * really: Document need to be in the "root" group as well. (This is + better than removing the restriction, because it would be dangerous to + relax this security barrier in existing deployments.) Closes:#693356. -- -- 2.30.2