NAME¶
calife —
becomes root (or another user)
legally.
SYNOPSIS¶
... |
[-]
[login] for some sites
(check with your administrator). |
DESCRIPTION¶
Calife requests
user's own password for
becoming
login (or
root, if no
login is provided), and switches to that user and group ID after verifying
proper rights to do so. A shell is then executed. If
calife
is executed by root, no password is requested and a shell with the appropriate
user ID is executed.
The invoked shell is the user's own except when a shell is specified in the
configuration file
calife.auth.
If
``-'' is specified on the command line, user's profile
files are read as if it was a login shell.
This is
not the traditional behavior of
su.
Only users specified in
calife.auth can use
calife to become another one with this method.
You can specify in the
calife.auth file the list of logins
allowed for users when using
calife. See
calife.auth(5) for more details.
calife.auth is installed as
/etc/calife.auth.
FILES¶
- /etc/calife.auth
- List of users authorized to use calife
and the users they can become.
- /etc/calife.out
- This script is executed just after getting out of
calife.
SEE ALSO¶
su(1),
calife.auth(5),
group(5),
environ(7)
ENVIRONMENT¶
The original environment is kept. This is
not a security
problem as you have to be yourself at login (i.e. it does not have the same
security implications as in
su(1) ).
Environment variables used by
calife:
HOME
- Default home directory of real user ID.
PATH
- Default search path of real user ID unless modified as
specified above.
TERM
- Provides terminal type which may be retained for the
substituted user ID.
USER
- The user ID is always the effective ID (the target user ID)
after an su unless the user ID is 0 (root).
BUGS¶
The MD5-based
crypt(3) function is slower and probably
stronger than the DES-based one but it is usable only among FreeBSD 2.0+
systems.
HISTORY¶
A
calife command appeared in DG/UX, written for Antenne 2 in
1991. It has evolved considerably since this period with more OS support, user
lists handling and improved logging.
PAM support was introduced in 2005 to port it to MacOS X variants (Panther and
up).
AUTHOR¶
Ollivier Robert <roberto@keltia.freenix.fr>