NAME¶
really - gain privilege or run commands a different user
SYNOPSIS¶
really [
options] [
command args... ]
DESCRIPTION¶
really checks whether the caller is allowed, and if it is it changes its
uids and gids (and perhaps root directory) according to the command line
options and executes the specified command.
If no options are specified, the uid will be set to 0 and the gids and root
directory will be left unchanged.
If no command is specified,
really will run
$SHELL -i.
A caller is allowed if it has write access to
/etc/inittab and is also
member of the group
root. This is most easily achieved by making
inittab group-writeable by some suitable group containing all the appropriate
users, and making
/etc/inittab group-owned by that group and
group-writeable. The root group is perhaps a good choice if it isn't being
used for anything else.
OPTIONS¶
- -u username | --user username
- Sets the uid, gid, and supplementary group list, according to
username's entry in the password and group databases.
- -i username | --useronly username
- Sets only the uid according to username's entry in the password
database.
- -I uid | --uidonly uid
- Sets the uid to the numeric value uid (which need not correspond to
any existing user in the password database).
- -g groupname | --group groupname
- groupname is looked up in the group database and its gid is
appended to the process's supplementary groups list. If this is the first
gid specified it will also be set as the primary gid.
- -G gid | --gid gid
- gid is appended to the process's supplementary groups list.
(gid need not correspond to any existing group in the group
database.) If this is the first gid specified it will also be set as the
primary gid.
- -z | --groupsclear
- Clears the process's supplementary groups list. When using this option you
must also specify -g or -G. The process's groups will then
be exactly those specified. The relative position of -z in the
argument list is not relevant.
- -R root-dir | --chroot root-dir
- The program will have its root directory set to root-dir.
Do not use this option unless you know what you are doing: Unlike
chroot(8), the current working directory will remain unchanged. This means
that if the current directory isn't underneath the specified new root, the
program will still be able to access files outside the new root by using
relative pathnames. If this isn't what you want, please use the chroot
utility instead.
- --
- Indicates the end of the options. The next argument (if present) will be
interpreted as the command name, even if it starts with a hyphen.
SECURITY CONSIDERATIONS¶
really is designed so that installing it setuid root is extremely
unlikely to compromise the security of any system. It will check using
access(2) whether the real user is allowed to write to
/etc/inittab and if this check fails
really will exit without
even attempting to parse its command line.
really is
not designed to be resistant to malicious command line
arguments. Do not allow untrusted processes to pass options to really, or to
specify the command to be run. Whether it is safe to allow relatively
untrusted processes to pass options to the command which is to be run depends
on the behaviour of that command and its security status.
Attempting to use
really to drop privilege is dangerous unless the
calling environment is very well understood. There are many inherited process
properties and resources which might be used by the callee to escalate its
privilege to that of the (root-equivalent) caller. For this function, it is
usually better to use
userv if possible.
ENVIRONMENT¶
really does not manipulate the environment at all. The calling program is
run in exactly the same environment as the caller passes to
really. In
particular,
really will not add
sbin directories to
PATH
so
really-enabled accounts will usually need to have these directories
on their configured
PATH to start with.
SHELL is used to find the default shell to use in interactive mode (ie,
when no command is specified).
AUTHOR¶
This version of
really was written by Ian Jackson
<ian@chiark.greenend.org.uk>.
It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson
<ian@chiark.greenend.org.uk>.
really is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
really is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this file; if not, consult the Free Software Foundation's website at
www.fsf.org, or the GNU Project website at www.gnu.org.
AVAILABILITY¶
really is currently part of
chiark-utils and is available for
download from ftp.chiark.greenend.org.uk in /users/ian/chiark-utils/, in
source and pre-compiled binary form, and also from Ian Jackson's cvsweb.
SEE ALSO¶
userv(1),
access(2),
setresuid(2),
setresgid(2),
setgroups(2)