NAME
really - gain privilege or run commands a different user
SYNOPSIS
really [options] [command args... ]
DESCRIPTION
really checks whether the caller is allowed, and if it is it changes
its uids and gids according to the command line options and executes
the specified command.
If no options are specified, the uid will be set to 0 and the gids will
be left unchanged.
If no command is specified, really will run $SHELL -i.
A caller is allowed if it has write access to /etc/inittab. This is
most easily achieved by creating or using a suitable group, containing
all the appropriate users, and making /etc/inittab group-owned by that
group and group-writeable.
OPTIONS
-u username | --user username
Sets the uid, gid, and supplementary group list, according to
username’s entry in the password and group databases.
-i username | --useronly username
Sets only the uid according to username’s entry in the password
database.
-I uid | --uidonly uid
Sets the uid to the numeric value uid (which need not correspond
to any existing user in the password database).
-g groupname | --group groupname
groupname is looked up in the group database and its gid is
appended to the process’s supplementary groups list. If this is
the first gid specified it will also be set as the primary gid.
-G gid | --gid gid
gid is appended to the process’s supplementary groups list.
(gid need not correspond to any existing group in the group
database.) If this is the first gid specified it will also be
set as the primary gid.
-z | --groupsclear
Clears the process’s supplementary groups list. When using this
option you must also specify -g or -G. The process’s groups
will then be exactly those specified. The relative position of
-z in the argument list is not relevant.
-- Indicates the end of the options. The next argument (if
present) will be interpreted as the command name, even if it
starts with a hyphen.
SECURITY CONSIDERATIONS
really is designed so that installing it setuid root is extremely
unlikely to compromise the security of any system. It will check using
access(2) whether the real user is allowed to write to /etc/inittab and
if this check fails really will exit without even attempting to parse
its command line.
really is not designed to be resistant to malicious command line
arguments. Do not allow untrusted processes to pass options to really,
or to specify the command to be run. Whether it is safe to allow
relatively untrusted processes to pass options to the command which is
to be run depends on the behaviour of that command and its security
status.
Attempting to use really to drop privilege is dangerous unless the
calling environment is very well understood. There are many inherited
process properties and resources which might be used by the callee to
escalate its privilege to that of the (root-equivalent) caller. For
this function, it is usually better to use userv if possible.
ENVIRONMENT
really does not manipulate the environment at all. The calling program
is run in exactly the same environment as the caller passes to really.
In particular, really will not add sbin directories to PATH so really-
enabled accounts will usually need to have these directories on their
configured PATH to start with.
SHELL is used to find the default shell to use in interactive mode (ie,
when no command is specified).
AUTHOR
This version of really was written by Ian Jackson
<ian@chiark.greenend.org.uk>.
It and this manpage are Copyright (C) 1992-5,2003 Ian Jackson
<ian@chiark.greenend.org.uk>.
really is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version.
really is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this file; if not, consult the Free Software Foundation’s website
at www.fsf.org, or the GNU Project website at www.gnu.org.
AVAILABILITY
really is currently part of chiark-utils and is available for download
from ftp.chiark.greenend.org.uk in /users/ian/chiark-utils/, in source
and pre-compiled binary form, and also from Ian Jackson’s cvsweb.
SEE ALSO
userv(1), access(2), setresuid(2), setresgid(2), setgroups(2)