su, runuser, setpriv: create links between man pages

.. and add notes about differences between the utuils.

Reported-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
pull/345/head
Karel Zak 6 years ago
parent 0e0e167704
commit c424fd834b
  1. 7
      login-utils/runuser.1
  2. 11
      login-utils/su.1
  3. 7
      sys-utils/setpriv.1

@ -26,6 +26,10 @@ The command
.B runuser
does not have to be installed with suid permissions.
.PP
If the PAM session is not required then recommended solution is to use
.BR setpriv (1)
command.
.PP
When called without arguments,
.B runuser
defaults to running an interactive shell as
@ -223,7 +227,8 @@ global logindef config file
.BR pam (8),
.BR shells (5),
.BR login.defs (5),
.BR su (1)
.BR su (1),
.BR setpriv (1)
.SH HISTORY
This \fB runuser\fR command was
derived from coreutils' \fBsu\fR, which was based on an implementation by

@ -39,6 +39,16 @@ configuration options found in other
.B su
implementations, such as support for a wheel group, have to be
configured via PAM.
.PP
.B su
is mostly designed for unprivileged users, the recommended solution for
privileged users (e.g. scripts executed by root) is to use non-suid command
.BR runuser (1)
that does not require authentication and provide separate PAM configuration. If
the PAM session is not required at all then the recommend solution is to use
command
.BR setpriv (1).
.SH OPTIONS
.TP
.BR \-c , " \-\-command" = \fIcommand
@ -241,6 +251,7 @@ session required pam_lastlog.so nowtmp
.RE
.SH "SEE ALSO"
.BR runuser (8),
.BR setpriv (1),
.BR pam (8),
.BR shells (5),
.BR login.defs (5)

@ -9,6 +9,11 @@ setpriv \- run a program with different Linux privilege settings
.SH DESCRIPTION
Sets or queries various Linux privilege settings that are inherited across
.BR execve (2).
.PP
The difference between the commands setpriv and su (or runuser) is that setpriv does
not use open PAM session and does not ask for password. It's simple non-suid wrapper around
.B execve
syscall.
.SH OPTION
.TP
.B \-\-clear\-groups
@ -142,6 +147,8 @@ For example, setting no_new_privs and then execing a program that is
SELinux\-confined (as this tool would do) may prevent the SELinux
restrictions from taking effect.
.SH SEE ALSO
.BR su (1),
.BR runuser (1),
.BR prctl (2),
.BR capability (7)
.SH AUTHOR

Loading…
Cancel
Save