From: Ian Jackson Date: Fri, 29 Nov 2013 18:33:52 +0000 (+0000) Subject: really: Document need to be in the "root" group as well. (This is better than removi... X-Git-Tag: debian/4.3.0~24 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=f2ee6708316d3b0cfb99bb244c98527a69bf82c2;p=chiark-utils.git really: Document need to be in the "root" group as well. (This is better than removing the restriction, because it would be dangerous to relax this security barrier in existing deployments.) Closes:#693356. --- diff --git a/cprogs/really.8 b/cprogs/really.8 index fb21f05..2344e14 100644 --- a/cprogs/really.8 +++ b/cprogs/really.8 @@ -20,11 +20,14 @@ will run .BR "$SHELL -i" . .PP A caller is allowed if it has write access to -.BR /etc/inittab . -This is most easily achieved by creating or using a suitable group, -containing all the appropriate users, and making +.BR /etc/inittab +and is also member of the group +.BR root . +This is most easily achieved by making inittab group-writeable by some +suitable group containing all the appropriate users, and making .B /etc/inittab -group-owned by that group and group-writeable. +group-owned by that group and group-writeable. The root group is +perhaps a good choice if it isn't being used for anything else. .SH OPTIONS .TP \fB-u\fR \fIusername\fR | \fB--user\fR \fIusername\fR diff --git a/debian/changelog b/debian/changelog index a17ffd0..4f71e9d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ chiark-utils (4.2.1~~iwj4) unstable; urgency=low * really: Add "danger!" warning to usage message description of -R. * really: Document -R option in the manpage. Closes:#693354. + * really: Document need to be in the "root" group as well. (This is + better than removing the restriction, because it would be dangerous to + relax this security barrier in existing deployments.) Closes:#693356. --