From 791007d1e314e1b18d28dbd023ff12a82923c5eb Mon Sep 17 00:00:00 2001 From: christos Date: Wed, 20 Aug 2003 14:11:17 +0000 Subject: [PATCH] Normalize the program's compilation options so they are all of the form SU_ and document them. --- usr.bin/su/Makefile | 8 ++++---- usr.bin/su/su.1 | 28 +++++++++++++++++++++++++++- usr.bin/su/su.c | 22 +++++++++++----------- 3 files changed, 42 insertions(+), 16 deletions(-) diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile index b5c15144e7a3..a12145364411 100644 --- a/usr.bin/su/Makefile +++ b/usr.bin/su/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.31 2003/07/24 16:18:21 tron Exp $ +# $NetBSD: Makefile,v 1.32 2003/08/20 14:11:17 christos Exp $ # from: @(#)Makefile 8.1 (Berkeley) 7/19/93 .include @@ -12,7 +12,7 @@ CPPFLAGS+=-DLOGIN_CAP # Uncomment the following line to change the group that may su root to "sugroup" # -#CPPFLAGS+=-DSUGROUP=\"sugroup\" +#CPPFLAGS+=-DSU_GROUP=\"sugroup\" # Uncomment the following line to make su # treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect @@ -49,6 +49,6 @@ DPADD+= ${LIBSKEY} LDADD+= -lskey .endif -.ifdef SUROOTAUTH -CPPFLAGS+=-DROOTAUTH=\"${SUROOTAUTH}\" +.ifdef SU_ROOTAUTH +CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\" .endif diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index c86d86ea40ba..8471aa8675e6 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -26,7 +26,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)su.1 8.2 (Berkeley) 4/18/94 -.\" $NetBSD: su.1,v 1.33 2003/08/07 11:15:56 agc Exp $ +.\" $NetBSD: su.1,v 1.34 2003/08/20 14:11:17 christos Exp $ .\" .Dd April 27, 2003 .Dt SU 1 @@ -197,10 +197,36 @@ By default (unless the prompt is reset by a startup file) the super-user prompt is set to .Dq Sy \&# to remind one of its awesome power. +.Sh COMPILATION OPTIONS +.Pp +Several compilation time options are available that alter the program's +behavior. +These options are: +.Bl -tag -width "SU_INDIRECT_GROUP" +.It SU_GROUP +If defined, it changes the default group that is allowed to become +.Dq root , +from +.Dq wheel +to the specified string. +.It SU_ROOTAUTH +If defined, it specifies a group whose members are allowed to become +.Dq root , +by supplying their own password instead of the +.Dq root +one. +.It SU_INDIRECT_GROOP +If defined, the +.Ar SU_GROUP +and +.Ar SU_ROOTAUTH +groups are treated as indirect groups. +The group members of those two groups, are treated as groups themselves. .Sh EXIT STATUS .Nm returns the exit status of the executed subshell, or 1 if any error occurred while switching privileges. +.El .Sh ENVIRONMENT Environment variables used by .Nm : diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 60450e5d38ad..22e59ccbc53d 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $ */ +/* $NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -40,7 +40,7 @@ __COPYRIGHT( #if 0 static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ #else -__RCSID("$NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $"); +__RCSID("$NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $"); #endif #endif /* not lint */ @@ -94,8 +94,8 @@ int use_kerberos = 1; #define ARGSTRX "-dflm" #endif -#ifndef SUGROUP -#define SUGROUP "wheel" +#ifndef SU_GROUP +#define SU_GROUP "wheel" #endif #ifdef LOGIN_CAP @@ -239,30 +239,30 @@ main(argc, argv) char *pass = pwd->pw_passwd; int ok = pwd->pw_uid != 0; -#ifdef ROOTAUTH +#ifdef SU_ROOTAUTH /* * Allow those in group rootauth to su to root, by supplying * their own password. */ if (!ok) { - if ((ok = check_ingroup(-1, ROOTAUTH, username, 0))) { + if ((ok = check_ingroup(-1, SU_ROOTAUTH, username, 0))) { pass = userpass; user = username; } } #endif /* - * Only allow those in group SUGROUP to su to root, + * Only allow those in group SU_GROUP to su to root, * but only if that group has any members. - * If SUGROUP has no members, allow anyone to su root + * If SU_GROUP has no members, allow anyone to su root */ if (!ok) { - ok = check_ingroup(-1, SUGROUP, username, 1); + ok = check_ingroup(-1, SU_GROUP, username, 1); } if (!ok) errx(1, "you are not listed in the correct secondary group (%s) to su %s.", - SUGROUP, user); + SU_GROUP, user); /* if target requires a password, verify it */ if (*pass) { p = getpass("Password:"); @@ -694,7 +694,7 @@ check_ingroup (gid, gname, user, ifempty) /* * XXX we are relying on the fact that we only set ifempty when - * calling to check for SUGROUP and that is the only time a + * calling to check for SU_GROUP and that is the only time a * missing group is acceptable. */ if (gr == NULL)