2 * Copyright (c) 1989 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2000, Marek Michałkiewicz
4 * Copyright (c) 2000 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2011, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 /* Some parts substantially derived from an ancestor of:
34 su for GNU. Run a shell with substitute user and group IDs.
36 Copyright (C) 1992-2003 Free Software Foundation, Inc.
38 This program is free software; you can redistribute it and/or modify
39 it under the terms of the GNU General Public License as published by
40 the Free Software Foundation; either version 2, or (at your option)
43 This program is distributed in the hope that it will be useful,
44 but WITHOUT ANY WARRANTY; without even the implied warranty of
45 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
46 GNU General Public License for more details.
48 You should have received a copy of the GNU General Public License
49 along with this program; if not, write to the Free Software
50 Foundation, Inc., 51 Franklin Street, Fifth Floor,
51 Boston, MA 02110-1301, USA. */
63 #include <sys/types.h>
64 #include "prototypes.h"
72 #include "exitcodes.h"
75 * Assorted #defines to control su's behavior
82 /* not needed by sulog.c anymore */
83 static char name[BUFSIZ];
84 static char oldname[BUFSIZ];
86 /* If nonzero, change some environment vars to indicate the user su'd to. */
87 static bool change_environment;
90 static pam_handle_t *pamh = NULL;
91 static int caught = 0;
92 /* PID of the child, in case it needs to be killed */
93 static pid_t pid_child = 0;
96 extern struct passwd pwent;
99 * External identifiers
102 extern char **newenvp;
103 extern char **environ;
104 extern size_t newenvc;
106 /* local function prototypes */
108 static void execve_shell (const char *shellstr,
112 static RETSIGTYPE kill_child (int unused(s));
114 static RETSIGTYPE die (int);
115 static bool iswheel (const char *);
116 #endif /* !USE_PAM */
117 static void check_perms (void);
121 * die - set or reset termio modes.
123 * die() is called before processing begins. signal() is then called
124 * with die() as the signal handler. If signal later calls die() with a
125 * signal number, the terminal modes are then reset.
127 static RETSIGTYPE die (int killed)
143 static bool iswheel (const char *username)
147 grp = getgrnam ("wheel"); /* !USE_PAM, no need for xgetgrnam */
149 || (NULL == grp->gr_mem)) {
152 return is_on_list (grp->gr_mem, username);
155 static RETSIGTYPE kill_child (int unused(s))
157 if (0 != pid_child) {
158 (void) kill (pid_child, SIGKILL);
159 (void) fputs (_(" ...killed.\n"), stderr);
161 (void) fputs (_(" ...waiting for child to terminate.\n"),
168 /* borrowed from GNU sh-utils' "su.c" */
169 static bool restricted_shell (const char *shellstr)
174 while ((line = getusershell ()) != NULL) {
175 if (('#' != *line) && (strcmp (line, shellstr) == 0)) {
184 static void su_failure (const char *tty)
186 sulog (tty, false, oldname, name); /* log failed attempt */
188 if (getdef_bool ("SYSLOG_SU_ENAB")) {
189 SYSLOG (((0 != pwent.pw_uid) ? LOG_INFO : LOG_NOTICE,
191 ('\0' != oldname[0]) ? oldname : "???",
192 ('\0' != name[0]) ? name : "???"));
200 * execve_shell - Execute a shell with execve, or interpret it with
203 static void execve_shell (const char *shellstr,
208 (void) execve (shellstr, (char **) args, envp);
211 if (access (shellstr, R_OK|X_OK) == 0) {
213 * Assume this is a shell script (with no shebang).
214 * Interpret it with /bin/sh
218 while (NULL != args[n_args]) {
221 targs = (char **) xmalloc ((n_args + 3) * sizeof (args[0]));
224 targs[2] = xstrdup (shellstr);
225 targs[n_args+2] = NULL;
226 while (1 != n_args) {
227 targs[n_args+1] = args[n_args - 1];
231 (void) execve (SHELL, targs, envp);
238 /* Signal handler for parent process later */
239 static void catch_signals (int sig)
244 /* This I ripped out of su.c from sh-utils after the Mandrake pam patch
245 * have been applied. Some work was needed to get it integrated into
248 static void run_shell (const char *shellstr, char *args[], bool doshell,
257 if (child == 0) { /* child shell */
259 * PAM_DATA_SILENT is not supported by some modules, and
260 * there is no strong need to clean up the process space's
261 * memory since we will either call exec or exit.
262 pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
266 (void) shell (shellstr, (char *) args[0], envp);
268 /* There is no need for a controlling terminal.
269 * This avoids the callee to inject commands on
270 * the caller's tty. */
273 execve_shell (shellstr, (char **) args, envp);
276 exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
277 } else if ((pid_t)-1 == child) {
278 (void) fprintf (stderr,
279 _("%s: Cannot fork user shell\n"),
281 SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
287 sigfillset (&ourset);
288 if (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0) {
289 (void) fprintf (stderr,
290 _("%s: signal malfunction\n"),
295 struct sigaction action;
297 action.sa_handler = catch_signals;
298 sigemptyset (&action.sa_mask);
300 sigemptyset (&ourset);
302 if ( (sigaddset (&ourset, SIGTERM) != 0)
303 || (sigaddset (&ourset, SIGALRM) != 0)
304 || (sigaction (SIGTERM, &action, NULL) != 0)
305 || ( !doshell /* handle SIGINT (Ctrl-C), SIGQUIT
306 * (Ctrl-\), and SIGTSTP (Ctrl-Z)
307 * since the child does not control
310 && ( (sigaddset (&ourset, SIGINT) != 0)
311 || (sigaddset (&ourset, SIGQUIT) != 0)
312 || (sigaddset (&ourset, SIGTSTP) != 0)
313 || (sigaction (SIGINT, &action, NULL) != 0)
314 || (sigaction (SIGQUIT, &action, NULL) != 0))
315 || (sigaction (SIGTSTP, &action, NULL) != 0))
316 || (sigprocmask (SIG_UNBLOCK, &ourset, NULL) != 0)
319 _("%s: signal masking malfunction\n"),
332 pid = waitpid (-1, &status, WUNTRACED);
334 /* When interrupted by signal, the signal will be
335 * forwarded to the child, and termination will be
338 if ( ((pid_t)-1 == pid)
340 && (SIGTSTP == caught)) {
341 /* Except for SIGTSTP, which request to
343 * We will SIGSTOP ourself on the next
346 kill (child, SIGSTOP);
348 } else if ( ((pid_t)-1 != pid)
349 && (0 != WIFSTOPPED (status))) {
350 /* The child (shell) was suspended.
352 kill (getpid (), SIGSTOP);
353 /* wake child when resumed */
361 (void) fputs ("\n", stderr);
362 (void) fputs (_("Session terminated, terminating shell..."),
364 (void) kill (child, caught);
367 ret = pam_close_session (pamh, 0);
368 if (PAM_SUCCESS != ret) {
369 SYSLOG ((LOG_ERR, "pam_close_session: %s",
370 pam_strerror (pamh, ret)));
371 fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
372 (void) pam_end (pamh, ret);
376 ret = pam_end (pamh, PAM_SUCCESS);
379 (void) signal (SIGALRM, kill_child);
382 (void) wait (&status);
383 (void) fputs (_(" ...terminated.\n"), stderr);
386 exit ((0 != WIFEXITED (status)) ? WEXITSTATUS (status)
387 : WTERMSIG (status) + 128);
392 * usage - print command line syntax and exit
394 static void usage (int status)
396 fputs (_("Usage: su [options] [LOGIN]\n"
399 " -c, --command COMMAND pass COMMAND to the invoked shell\n"
400 " -h, --help display this help message and exit\n"
401 " -, -l, --login make the shell a login shell\n"
403 " --preserve-environment do not reset environment variables, and\n"
404 " keep the same shell\n"
405 " -s, --shell SHELL use SHELL instead of the default in passwd\n"
406 "\n"), (E_SUCCESS != status) ? stderr : stdout);
411 * check_perms - check permissions to switch to the user 'name'
413 * In case of subsystem login, the user is first authenticated in the
414 * caller's root subsystem, and then in the user's target subsystem.
416 static void check_perms (void)
419 * The password file entries for the user is gotten and the account
422 pw = xgetpwnam (name);
424 (void) fprintf (stderr, _("Unknown id: %s\n"), name);
430 if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
431 spwd = getspnam (name); /* !USE_PAM, no need for xgetspnam */
433 pw->pw_passwd = spwd->sp_pwdp;
436 #endif /* !USE_PAM */
441 * BSD systems only allow "wheel" to SU to root. USG systems don't,
442 * so we make this a configurable option.
445 /* The original Shadow 3.3.2 did this differently. Do it like BSD:
447 * - check for UID 0 instead of name "root" - there are systems with
448 * several root accounts under different names,
450 * - check the contents of /etc/group instead of the current group
451 * set (you must be listed as a member, GID 0 is not sufficient).
453 * In addition to this traditional feature, we now have complete su
454 * access control (allow, deny, no password, own password). Thanks
455 * to Chris Evans <lady0110@sable.ox.ac.uk>.
459 if ( (0 == pwent.pw_uid)
460 && getdef_bool ("SU_WHEEL_ONLY")
461 && !iswheel (oldname)) {
463 _("You are not authorized to su %s\n"),
468 switch (check_su_auth (oldname, name)) {
469 case 0: /* normal su, require target user's password */
471 case 1: /* require no password */
472 pwent.pw_passwd = ""; /* XXX warning: const */
474 case 2: /* require own password */
475 puts (_("(Enter your own password)"));
476 pwent.pw_passwd = oldpass;
478 default: /* access denied (-1) or unexpected value */
480 _("You are not authorized to su %s\n"),
484 #endif /* SU_ACCESS */
486 #endif /* !USE_PAM */
488 (void) signal (SIGINT, SIG_IGN);
489 (void) signal (SIGQUIT, SIG_IGN);
491 ret = pam_authenticate (pamh, 0);
492 if (PAM_SUCCESS != ret) {
493 SYSLOG ((LOG_ERR, "pam_authenticate: %s",
494 pam_strerror (pamh, ret)));
495 fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
496 (void) pam_end (pamh, ret);
500 ret = pam_acct_mgmt (pamh, 0);
501 if (PAM_SUCCESS != ret) {
504 _("%s: %s\n(Ignored)\n"),
505 Prog, pam_strerror (pamh, ret));
506 } else if (PAM_NEW_AUTHTOK_REQD == ret) {
507 ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
508 if (PAM_SUCCESS != ret) {
509 SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
510 pam_strerror (pamh, ret)));
513 Prog, pam_strerror (pamh, ret));
514 (void) pam_end (pamh, ret);
518 SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
519 pam_strerror (pamh, ret)));
522 Prog, pam_strerror (pamh, ret));
523 (void) pam_end (pamh, ret);
529 * Set up a signal handler in case the user types QUIT.
532 oldsig = signal (SIGQUIT, die);
535 * See if the system defined authentication method is being used.
536 * The first character of an administrator defined method is an '@'
540 && (pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0) != 0)) {
541 SYSLOG (((pwent.pw_uid != 0)? LOG_NOTICE : LOG_WARN,
542 "Authentication failed for %s", name));
543 fprintf(stderr, _("%s: Authentication failure\n"), Prog);
546 (void) signal (SIGQUIT, oldsig);
549 * Check to see if the account is expired. root gets to ignore any
550 * expired accounts, but normal users can't become a user with an
553 if ((!amroot) && (NULL != spwd)) {
554 (void) expire (&pwent, spwd);
558 * Check to see if the account permits "su". root gets to ignore any
559 * restricted accounts, but normal users can't become a user if
560 * there is a "SU" entry in the /etc/porttime file denying access to
564 if (!isttytime (pwent.pw_name, "SU", time ((time_t *) 0))) {
565 SYSLOG (((0 != pwent.pw_uid) ? LOG_WARN : LOG_CRIT,
566 "SU by %s to restricted account %s",
569 _("%s: You are not authorized to su at that time\n"),
574 #endif /* !USE_PAM */
576 (void) signal (SIGINT, SIG_DFL);
577 (void) signal (SIGQUIT, SIG_DFL);
580 * Even if --shell is specified, the subsystem login test is based on
581 * the shell specified in /etc/passwd (not the one specified with
582 * --shell, which will be the one executed in the chroot later).
584 if ('*' == pwent.pw_shell[0]) { /* subsystem root required */
585 subsystem (&pwent); /* change to the subsystem root */
586 endpwent (); /* close the old password databases */
588 return check_perms (); /* authenticate in the subsystem */
594 * su - switch user id
596 * su changes the user's ids to the values for the specified user. if
597 * no new user name is specified, "root" or UID 0 is used by default.
599 * Any additional arguments are passed to the user's shell. In
600 * particular, the argument "-c" will cause the next argument to be
601 * interpreted as a command by the common shell programs.
603 int main (int argc, char **argv)
606 const char *tty = NULL; /* Name of tty SU is run from */
607 bool doshell = false;
608 bool fakelogin = false;
611 struct passwd *pw = NULL;
612 char **envp = environ;
613 char *shellstr = NULL;
614 char *command = NULL;
622 RETSIGTYPE (*oldsig) (int);
625 struct spwd *spwd = 0;
630 #endif /* !USE_PAM */
632 (void) setlocale (LC_ALL, "");
633 (void) bindtextdomain (PACKAGE, LOCALEDIR);
634 (void) textdomain (PACKAGE);
636 change_environment = true;
639 * Get the program name. The program name is used as a prefix to
640 * most error messages.
642 Prog = Basename (argv[0]);
647 * Process the command line arguments.
652 * Parse the command line options.
654 int option_index = 0;
656 static struct option long_options[] = {
657 {"command", required_argument, NULL, 'c'},
658 {"help", no_argument, NULL, 'h'},
659 {"login", no_argument, NULL, 'l'},
660 {"preserve-environment", no_argument, NULL, 'p'},
661 {"shell", required_argument, NULL, 's'},
662 {NULL, 0, NULL, '\0'}
666 getopt_long (argc, argv, "c:hlmps:", long_options,
667 &option_index)) != -1) {
680 /* This will only have an effect if the target
681 * user do not have a restricted shell, or if
682 * su is called by root.
684 change_environment = false;
690 usage (E_USAGE); /* NOT REACHED */
694 if ((optind < argc) && (strcmp (argv[optind], "-") == 0)) {
698 && (strcmp (argv[optind], "--") == 0)) {
707 amroot = (my_uid == 0);
710 * Get the tty name. Entries will be logged indicating that the user
711 * tried to change to the named new user from the current terminal.
714 if ((isatty (0) != 0) && (NULL != tty)) {
716 is_console = console (tty);
720 * Be more paranoid, like su from SimplePAMApps. --marekm
724 _("%s: must be run from a terminal\n"),
732 * The next argument must be either a user ID, or some flag to a
733 * subshell. Pretty sticky since you can't have an argument which
734 * doesn't start with a "-" unless you specify the new user name.
735 * Any remaining arguments will be passed to the user's login shell.
737 if ((optind < argc) && ('-' != argv[optind][0])) {
738 STRFCPY (name, argv[optind++]); /* use this login id */
739 if ((optind < argc) && (strcmp (argv[optind], "--") == 0)) {
743 if ('\0' == name[0]) { /* use default user */
744 struct passwd *root_pw = getpwnam ("root");
745 if ((NULL != root_pw) && (0 == root_pw->pw_uid)) {
746 (void) strcpy (name, "root");
748 root_pw = getpwuid (0);
749 if (NULL == root_pw) {
750 SYSLOG ((LOG_CRIT, "There is no UID 0 user."));
753 (void) strcpy (name, root_pw->pw_name);
757 doshell = (argc == optind); /* any arguments remaining? */
758 if (NULL != command) {
763 * Get the user's real name. The current UID is used to determine
764 * who has executed su. That user ID must exist.
766 pw = get_my_pwent ();
769 _("%s: Cannot determine your user name.\n"),
771 SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
772 (unsigned long) my_uid));
775 STRFCPY (oldname, pw->pw_name);
780 * Sort out the password of user calling su, in case needed later
783 spwd = getspnam (oldname); /* !USE_PAM, no need for xgetspnam */
785 pw->pw_passwd = spwd->sp_pwdp;
787 oldpass = xstrdup (pw->pw_passwd);
788 #endif /* SU_ACCESS */
791 ret = pam_start ("su", name, &conv, &pamh);
792 if (PAM_SUCCESS != ret) {
793 SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
795 _("%s: pam_start: error %d\n"),
800 ret = pam_set_item (pamh, PAM_TTY, (const void *) tty);
801 if (PAM_SUCCESS == ret) {
802 ret = pam_set_item (pamh, PAM_RUSER, (const void *) oldname);
804 if (PAM_SUCCESS != ret) {
805 SYSLOG ((LOG_ERR, "pam_set_item: %s",
806 pam_strerror (pamh, ret)));
807 fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
815 /* If the user do not want to change the environment,
816 * use the current SHELL.
817 * (unless another shell is required by the command line)
819 if ((NULL == shellstr) && !change_environment) {
820 shellstr = getenv ("SHELL");
823 /* If su is not called by root, and the target user has a
824 * restricted shell, the environment must be changed and the shell
825 * must be the one specified in /etc/passwd.
828 && restricted_shell (pwent.pw_shell)) {
830 change_environment = true;
833 /* If the shell is not set at this time, use the shell specified
836 if (NULL == shellstr) {
837 shellstr = (char *) strdup (pwent.pw_shell);
841 * Set the default shell.
843 if ((NULL == shellstr) || ('\0' == shellstr[0])) {
848 * If a new login is being set up, the old environment will be
849 * ignored and a new one created later on.
851 if (change_environment && fakelogin) {
853 * The terminal type will be left alone if it is present in
854 * the environment already.
856 cp = getenv ("TERM");
862 * For some terminals COLORTERM seems to be the only way
863 * for checking for that specific terminal. For instance,
864 * gnome-terminal sets its TERM as "xterm" but its
865 * COLORTERM as "gnome-terminal". The COLORTERM variable
866 * is also of use when running GNU screen since it sets
867 * TERM to "screen" but doesn't touch COLORTERM.
869 cp = getenv ("COLORTERM");
871 addenv ("COLORTERM", cp);
875 cp = getdef_str ("ENV_TZ");
877 addenv (('/' == *cp) ? tz (cp) : cp, NULL);
881 * The clock frequency will be reset to the login value if required
883 cp = getdef_str ("ENV_HZ");
885 addenv (cp, NULL); /* set the default $HZ, if one */
887 #endif /* !USE_PAM */
890 * Also leave DISPLAY and XAUTHORITY if present, else
891 * pam_xauth will not work.
893 cp = getenv ("DISPLAY");
895 addenv ("DISPLAY", cp);
897 cp = getenv ("XAUTHORITY");
899 addenv ("XAUTHORITY", cp);
902 while (NULL != *envp) {
903 addenv (*envp, NULL);
908 cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
910 addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
911 } else if (strchr (cp, '=') != NULL) {
917 if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
918 addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
921 sulog (tty, true, oldname, name); /* save SU information */
925 if (getdef_bool ("SYSLOG_SU_ENAB")) {
926 SYSLOG ((LOG_INFO, "+ %s %s:%s", tty,
927 ('\0' != oldname[0]) ? oldname : "???",
928 ('\0' != name[0]) ? name : "???"));
933 /* set primary group id and supplementary groups */
934 if (setup_groups (&pwent) != 0) {
935 pam_end (pamh, PAM_ABORT);
940 * pam_setcred() may do things like resource limits, console groups,
941 * and much more, depending on the configured modules
943 ret = pam_setcred (pamh, PAM_ESTABLISH_CRED);
944 if (PAM_SUCCESS != ret) {
945 SYSLOG ((LOG_ERR, "pam_setcred: %s", pam_strerror (pamh, ret)));
946 fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
947 (void) pam_end (pamh, ret);
951 ret = pam_open_session (pamh, 0);
952 if (PAM_SUCCESS != ret) {
953 SYSLOG ((LOG_ERR, "pam_open_session: %s",
954 pam_strerror (pamh, ret)));
955 fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
956 pam_setcred (pamh, PAM_DELETE_CRED);
957 (void) pam_end (pamh, ret);
961 /* we need to setup the environment *after* pam_open_session(),
962 * else the UID is changed before stuff like pam_xauth could
963 * run, and we cannot access /etc/shadow and co
965 environ = newenvp; /* make new environment active */
967 if (change_environment) {
968 /* update environment with all pam set variables */
969 envcp = pam_getenvlist (pamh);
971 while (NULL != *envcp) {
972 addenv (*envcp, NULL);
978 /* become the new user */
979 if (change_uid (&pwent) != 0) {
980 pam_close_session (pamh, 0);
981 pam_setcred (pamh, PAM_DELETE_CRED);
982 (void) pam_end (pamh, PAM_ABORT);
986 environ = newenvp; /* make new environment active */
988 /* no limits if su from root (unless su must fake login's behavior) */
989 if (!amroot || fakelogin) {
990 setup_limits (&pwent);
993 if (setup_uid_gid (&pwent, is_console) != 0) {
996 #endif /* !USE_PAM */
998 if (change_environment) {
1000 pwent.pw_shell = shellstr;
1003 addenv ("HOME", pwent.pw_dir);
1004 addenv ("USER", pwent.pw_name);
1005 addenv ("LOGNAME", pwent.pw_name);
1006 addenv ("SHELL", shellstr);
1011 * This is a workaround for Linux libc bug/feature (?) - the
1012 * /dev/log file descriptor is open without the close-on-exec flag
1013 * and used to be passed to the new shell. There is "fcntl(LogFile,
1014 * F_SETFD, 1)" in libc/misc/syslog.c, but it is commented out (at
1015 * least in 5.4.33). Why? --marekm
1020 * See if the user has extra arguments on the command line. In that
1021 * case they will be provided to the new user's shell as arguments.
1026 cp = getdef_str ("SU_NAME");
1028 cp = Basename (shellstr);
1031 arg0 = xmalloc (strlen (cp) + 2);
1033 strcpy (arg0 + 1, cp);
1036 cp = Basename (shellstr);
1040 /* Position argv to the remaining arguments */
1042 if (NULL != command) {
1048 * Use the shell and create an argv
1049 * with the rest of the command line included.
1053 execve_shell (shellstr, &argv[-1], environ);
1055 (void) fputs (_("No shell\n"), stderr);
1056 SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
1058 exit ((ENOENT == err) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
1060 run_shell (shellstr, &argv[-1], false, environ); /* no return */
1064 err = shell (shellstr, cp, environ);
1065 exit ((ENOENT == err) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
1067 run_shell (shellstr, &cp, true, environ);