* rename --disable-require-password to --disable-chsh-chfn-password
* is_local() is really unnecessary when linked with libuser
* fix set_value_libuser() returns codes
* fix chfn.c, there is no 'pw', but oldf.pw
* don't link with PAM when--disable-chsh-chfn-password
Signed-off-by: Karel Zak <kzak@redhat.com>
In current glibc versions, internal __secure_getenv
no longer exists and was replaced by secure_getenv()
Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
This new command can set no_new_privs, uid, gid, groups, securebits,
inheritable caps, the cap bounding set, securebits, and selinux and
apparmor labels.
[kerolasa@iki.fi: a lot of small adjustment making the command to be good
fit to util-linux project]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Inspired by unshare, nsenter is a simple wrapper around setns that
allows running a new process in the context of an existing process.
Full paths may be specified to the namespace arguments so that
namespace file descriptors may be used wherever they reside in the
filesystem.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This is very usefull if initrd can not loaded that is no /dev and no
/proc is found. Also if the /etc/shadow and /etc/passwd is copied into
the initrd the sulogin can be used in initrd even before /dev and/or /proc
are mounted.
Signed-off-by: Werner Fink <werner@suse.de>
- we need libselinux 2.x (where is security_get_initial_context())
- the latest selinux versions are linked with -lpcre
Reported-by: Gregory Nietsky <gregory@distrotech.co.za>
Signed-off-by: Karel Zak <kzak@redhat.com>
See RedHat bug for reasons why the ddate is cleaned up. The reference is
where to get the command in future.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=823156
References: https://github.com/bo0ts/ddate
Acked-by: Petr Uzel <petr.uzel@suse.cz>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
This command is based on su(1), the differences:
- based on Fedora runuser su(1) patch
- not installed with suid rights
- allowed for root users only
- don't ask for password
- uses PAM session, for example:
$ cat /etc/pam.d/runuser
auth sufficient pam_rootok.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_unix.so
$ cat /etc/pam.d/runuser-l
auth include runuser
session optional pam_keyinit.so force revoke
session include runuser
Signed-off-by: Karel Zak <kzak@redhat.com>
autoconf docs about *dir variables (e.g bindir):
... A corollary is that you should not use these variables except in
makefiles...
...you should not rely on AC_CONFIG_FILES to replace bindir and friends
in your shell scripts and other files; instead, let make manage their
replacement.
Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak
Sami Kerola
Cody Maloney
Cristian Rodríguez
Andy Lutomirski
Daniel Trebbien
Eric W. Biederman
Dave Reisner
Werner Fink
Michal Suchanek