238 lines
4.6 KiB
Groff
238 lines
4.6 KiB
Groff
.TH RUNUSER "1" "August 2012" "util-linux" "User Commands"
|
|
.SH NAME
|
|
runuser \- run a command with substitute user and group ID
|
|
.SH SYNOPSIS
|
|
.B runuser
|
|
[options] -u
|
|
.IR user
|
|
.IR "command " [ argument ...]
|
|
.LP
|
|
.B runuser
|
|
[options] [-]
|
|
[
|
|
.IR "user " [ argument ...]
|
|
]
|
|
.SH DESCRIPTION
|
|
.B runuser
|
|
allows to run commands with substitute user and group ID.
|
|
If the option \fB\-u\fR not given, fallback to
|
|
.B su
|
|
compatible semantic and shell is executed.
|
|
The difference between the commands
|
|
.B runuser
|
|
and
|
|
.B su
|
|
is that
|
|
.B runuser
|
|
does not ask for password (because it may be executed by root user only) and
|
|
it uses a different PAM configuration.
|
|
The command
|
|
.B runuser
|
|
does not have to be installed with suid permissions.
|
|
.PP
|
|
When called without arguments
|
|
.B runuser
|
|
defaults to running an interactive shell as
|
|
.IR root .
|
|
.PP
|
|
For backward compatibility
|
|
.B runuser
|
|
defaults to not change the current directory and to only set the
|
|
environment variables
|
|
.B HOME
|
|
and
|
|
.B SHELL
|
|
(plus
|
|
.B USER
|
|
and
|
|
.B LOGNAME
|
|
if the target
|
|
.I user
|
|
is not root).
|
|
This version of
|
|
.B runuser
|
|
uses PAM for session management.
|
|
.SH OPTIONS
|
|
.TP
|
|
\fB\-c\fR \fIcommand\fR, \fB\-\-command\fR=\fIcommand\fR
|
|
Pass
|
|
.I command
|
|
to the shell with the
|
|
.B \-c
|
|
option.
|
|
.TP
|
|
\fB\-\-session\-command\fR=\fIcommand\fR
|
|
Same as
|
|
.B \-c
|
|
but do not create a new session (discouraged).
|
|
.TP
|
|
\fB\-f\fR, \fB\-\-fast\fR
|
|
Pass
|
|
.B \-f
|
|
to the shell which may or may not be useful depending on the
|
|
shell.
|
|
.TP
|
|
\fB\-g\fR, \fB\-\-group\fR=\fIgroup\fR\fR
|
|
specify the primary group, this option is allowed for root user only
|
|
.TP
|
|
\fB\-G\fR, \fB\-\-supp-group\fR=\fIgroup\fR\fR
|
|
specify a supplemental group, this option is allowed for root user only
|
|
.TP
|
|
\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR
|
|
Starts the shell as login shell with an environment similar to a real
|
|
login:
|
|
.RS 10
|
|
.TP
|
|
o
|
|
clears all environment variables except for
|
|
.B TERM
|
|
.TP
|
|
o
|
|
initializes the environment variables
|
|
.BR HOME ,
|
|
.BR SHELL ,
|
|
.BR USER ,
|
|
.BR LOGNAME ,
|
|
.B PATH
|
|
.TP
|
|
o
|
|
changes to the target user's home directory
|
|
.TP
|
|
o
|
|
sets argv[0] of the shell to
|
|
.RB ' \- '
|
|
in order to make the shell a login shell
|
|
.RE
|
|
.TP
|
|
\fB\-m\fR, \fB\-p\fR, \fB\-\-preserve-environment\fR
|
|
Preserves the whole environment, ie does not set
|
|
.BR HOME ,
|
|
.BR SHELL ,
|
|
.B USER
|
|
nor
|
|
.BR LOGNAME .
|
|
.TP
|
|
\fB\-s\fR \fISHELL\fR, \fB\-\-shell\fR=\fISHELL\fR
|
|
Runs the specified shell instead of the default. The shell to run is
|
|
selected according to the following rules in order:
|
|
.RS 10
|
|
.TP
|
|
o
|
|
the shell specified with
|
|
.B \-\-shell
|
|
.TP
|
|
o
|
|
The shell specified in the environment variable
|
|
.B SHELL
|
|
if the
|
|
.B \-\-preserve-environment
|
|
option is used.
|
|
.TP
|
|
o
|
|
the shell listed in the passwd entry of the target user
|
|
.TP
|
|
o
|
|
/bin/sh
|
|
.RE
|
|
.IP
|
|
If the target user has a restricted shell (i.e. not listed in
|
|
/etc/shells) the
|
|
.B \-\-shell
|
|
option and the
|
|
.B SHELL
|
|
environment variables are ignored unless the calling user is root.
|
|
.TP
|
|
\fB\-\-help\fR
|
|
Display help text and exit.
|
|
.TP
|
|
\fB\-\-version\fR
|
|
Display version information and exit.
|
|
.SH CONFIG FILES
|
|
.B runuser
|
|
reads the
|
|
.I /etc/default/runuser
|
|
and
|
|
.I /etc/login.defs
|
|
configuration files. The following configuration items are relevant
|
|
for
|
|
.BR runuser :
|
|
.PP
|
|
.B ENV_PATH
|
|
(string)
|
|
.RS 4
|
|
Defines the PATH environment variable for a regular user. The
|
|
default value is
|
|
.IR /usr/local/bin:\:/bin:\:/usr/bin .
|
|
.RE
|
|
.PP
|
|
.B ENV_ROOTPATH
|
|
(string)
|
|
.br
|
|
.B ENV_SUPATH
|
|
(string)
|
|
.RS 4
|
|
Defines the PATH environment variable for root. The default value is
|
|
.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
|
|
.RE
|
|
.PP
|
|
.B ALWAYS_SET_PATH
|
|
(boolean)
|
|
.RS 4
|
|
If set to
|
|
.I yes
|
|
and \-\-login and \-\-preserve\-environment were not specified
|
|
.B runuser
|
|
initializes
|
|
.BR PATH .
|
|
.RE
|
|
.SH EXIT STATUS
|
|
.B runuser
|
|
normally returns the exit status of the command it executed. If the
|
|
command was killed by a signal,
|
|
.B runuser
|
|
returns the number of the signal plus 128.
|
|
.PP
|
|
Exit status generated by
|
|
.B runuser
|
|
itself:
|
|
.RS 10
|
|
.TP
|
|
1
|
|
Generic error before executing the requested command
|
|
.TP
|
|
126
|
|
The requested command could not be executed
|
|
.TP
|
|
127
|
|
The requested command could was not found
|
|
.RE
|
|
.SH FILES
|
|
.PD 0
|
|
.TP 17
|
|
/etc/pam.d/runuser
|
|
default PAM configuration file
|
|
.TP
|
|
/etc/pam.d/runuser-l
|
|
PAM configuration file if \-\-login is specified
|
|
.TP
|
|
/etc/default/runuser
|
|
runuser specific logindef config file
|
|
.TP
|
|
/etc/login.defs
|
|
global logindef config file
|
|
.PD 1
|
|
.SH "SEE ALSO"
|
|
.BR pam (8),
|
|
.BR shells (5),
|
|
.BR login.defs (5),
|
|
.BR su (1)
|
|
.SH AUTHOR
|
|
Derived from coreutils' su which was based on an implemenation from
|
|
David MacKenzie and Fedora runuser command from Dan Walsh.
|
|
.SH AVAILABILITY
|
|
The runuser command is part of the util-linux package and is
|
|
available from
|
|
.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
|
|
Linux Kernel Archive
|
|
.UE .
|