diff options
Diffstat (limited to '')
-rw-r--r-- | login-utils/su.1 | 27 | ||||
-rw-r--r-- | login-utils/su.1.adoc | 23 |
2 files changed, 37 insertions, 13 deletions
diff --git a/login-utils/su.1 b/login-utils/su.1 index a768834..1ada7a0 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -2,12 +2,12 @@ .\" Title: su .\" Author: [see the "AUTHOR(S)" section] .\" Generator: Asciidoctor 2.0.20 -.\" Date: 2023-10-23 +.\" Date: 2024-03-20 .\" Manual: User Commands -.\" Source: util-linux 2.39.3 +.\" Source: util-linux 2.40 .\" Language: English .\" -.TH "SU" "1" "2023-10-23" "util\-linux 2.39.3" "User Commands" +.TH "SU" "1" "2024-03-20" "util\-linux 2.40" "User Commands" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 @@ -71,7 +71,14 @@ Specify a supplementary group. This option is available to the root user only. T .sp \fB\-\fP, \fB\-l\fP, \fB\-\-login\fP .RS 4 -Start the shell as a login shell with an environment similar to a real login: +Start the shell as a login shell with an environment similar to a real login. +.sp +Note that on systemd\-based systems, a new session may be defined as a real +entry point to the system. However, \fBsu\fP does not create a real session (by +PAM) from this point of view. You need to use tools like \fBsystemd\-run\fP or +\fBmachinectl\fP to initiate a complete, real session. +.sp +\fBsu\fP does: .sp .RS 4 .ie n \{\ @@ -132,7 +139,9 @@ This feature is mostly designed for interactive sessions. If the standard input .sp \fB\-s\fP, \fB\-\-shell\fP=\fIshell\fP .RS 4 -Run the specified \fIshell\fP instead of the default. The shell to run is selected according to the following rules, in order: +Run the specified \fIshell\fP instead of the default. If the target user has a restricted shell (i.e., not listed in \fI/etc/shells\fP), the \fB\-\-shell\fP option and the \fBSHELL\fP environment variables are ignored unless the calling user is root. +.sp +The shell to run is selected according to the following rules, in order: .sp .RS 4 .ie n \{\ @@ -179,13 +188,17 @@ the shell listed in the passwd entry of the target user .RE .RE .sp -If the target user has a restricted shell (i.e., not listed in \fI/etc/shells\fP), the \fB\-\-shell\fP option and the \fBSHELL\fP environment variables are ignored unless the calling user is root. -.sp \fB\-\-session\-command=\fP\fIcommand\fP .RS 4 Same as \fB\-c\fP, but do not create a new session. (Discouraged.) .RE .sp +\fB\-T\fP, \fB\-\-no\-pty\fP* +.RS 4 +Do not create a pseudo\-terminal, opposite of \fB\-\-pty\fP and \fB\-P\fP. +Note that running without a pseudo\-terminal opens the security risk of privilege escalation through TIOCSTI/TIOCLINUX ioctl command injection. +.RE +.sp \fB\-w\fP, \fB\-\-whitelist\-environment\fP=\fIlist\fP .RS 4 Don\(cqt reset the environment variables specified in the comma\-separated \fIlist\fP when clearing the environment for \fB\-\-login\fP. The whitelist is ignored for the environment variables \fBHOME\fP, \fBSHELL\fP, \fBUSER\fP, \fBLOGNAME\fP, and \fBPATH\fP. diff --git a/login-utils/su.1.adoc b/login-utils/su.1.adoc index 36a892f..2db2e04 100644 --- a/login-utils/su.1.adoc +++ b/login-utils/su.1.adoc @@ -46,8 +46,15 @@ Specify the primary group. This option is available to the root user only. Specify a supplementary group. This option is available to the root user only. The first specified supplementary group is also used as a primary group if the option *--group* is not specified. *-*, *-l*, *--login*:: -Start the shell as a login shell with an environment similar to a real login: - +Start the shell as a login shell with an environment similar to a real login. ++ +Note that on systemd-based systems, a new session may be defined as a real +entry point to the system. However, *su* does not create a real session (by +PAM) from this point of view. You need to use tools like *systemd-run* or +*machinectl* to initiate a complete, real session. ++ +*su* does: ++ * clears all the environment variables except *TERM* and variables specified by *--whitelist-environment* * initializes the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH* * changes to the target user's home directory @@ -62,18 +69,22 @@ Create a pseudo-terminal for the session. The independent terminal provides bett This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., *echo "date" | su --pty*), then the *ECHO* flag for the pseudo-terminal is disabled to avoid messy output. *-s*, **--shell**=__shell__:: -Run the specified _shell_ instead of the default. The shell to run is selected according to the following rules, in order: - +Run the specified _shell_ instead of the default. If the target user has a restricted shell (i.e., not listed in _/etc/shells_), the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root. ++ +The shell to run is selected according to the following rules, in order: ++ * the shell specified with *--shell* * the shell specified in the environment variable *SHELL*, if the *--preserve-environment* option is used * the shell listed in the passwd entry of the target user * /bin/sh -If the target user has a restricted shell (i.e., not listed in _/etc/shells_), the *--shell* option and the *SHELL* environment variables are ignored unless the calling user is root. - **--session-command=**__command__:: Same as *-c*, but do not create a new session. (Discouraged.) +*-T*, *--no-pty**:: +Do not create a pseudo-terminal, opposite of *--pty* and *-P*. +Note that running without a pseudo-terminal opens the security risk of privilege escalation through TIOCSTI/TIOCLINUX ioctl command injection. + *-w*, **--whitelist-environment**=__list__:: Don't reset the environment variables specified in the comma-separated _list_ when clearing the environment for *--login*. The whitelist is ignored for the environment variables *HOME*, *SHELL*, *USER*, *LOGNAME*, and *PATH*. |