-
Notifications
You must be signed in to change notification settings - Fork 0
/
calife.1.in
125 lines (125 loc) · 2.85 KB
/
calife.1.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
.\" Copyright (c) 1991, 2008 Ollivier Robert
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted under the GNU General Public Licence.
.\" Look into the COPYING file.
.\"
.\" @(#) $Id: calife.1.in,v 88c4f70961ac 2008/08/19 15:34:11 roberto $
.\""
.Dd September 25, 1994
.Dt CALIFE 1
.Os
.Sh NAME
.Nm calife
.Nd becomes root (or another user) legally.
.Sh SYNOPSIS
.Nm calife
.Op Ar -
.Op Ar login
.Pp
or
.Pp
.Nm ...
.Op Ar -
.Op Ar login
for some sites (check with your administrator).
.Sh DESCRIPTION
.Nm Calife
requests
.Ar user's own
password for becoming
.Ar login
(or
.Ar root ,
if no login is provided), and switches to that user and group ID after
verifying proper rights to do so. A shell is then executed. If
.Nm calife
is executed by root, no password is requested and a shell with the
appropriate user ID is executed.
.Pp
The invoked shell is the user's own except when a shell is specified in
the configuration file
.Nm calife.auth .
.Pp
If
.Nm ``-''
is specified on the command line, user's profile files are read as if it
was a login shell.
.Pp
This is
.Nm not
the traditional behavior of
.Nm su .
.Pp
Only users specified in
.Nm calife.auth
can use
.Nm calife
to become another one with this method.
.Pp
You can specify in the
.Nm calife.auth
file the list of logins allowed for users when using
.Nm calife .
See
.Xr calife.auth 5
for more details.
.Pp
.Nm calife.auth
is installed as
.Ar @ETCDIR@/calife.auth .
.Sh FILES
.Bl -tag -width /etc/calife.auth -compact
.It Pa @ETCDIR@/calife.auth
List of users authorized to use
.Nm calife
and the users they can become.
.It Pa @ETCDIR@/calife.out
This script is executed just after getting out of
.Nm calife .
.El
.Sh SEE ALSO
.Xr su 1 ,
.Xr calife.auth 5 ,
.Xr group 5 ,
.Xr environ 7
.Sh ENVIRONMENT
The original environment is kept. This is
.Nm not
a security problem as you have to be yourself at login (i.e. it does not
have the same security implications as in
.Xr su 1 ).
.Pp
Environment variables used by
.Nm calife :
.Bl -tag -width HOME
.It Ev HOME
Default home directory of real user ID.
.It Ev PATH
Default search path of real user ID unless modified as specified above.
.It Ev TERM
Provides terminal type which may be retained for the substituted
user ID.
.It Ev USER
The user ID is always the effective ID (the target user ID) after an
.Nm su
unless the user ID is 0 (root).
.El
.Sh BUGS
.Pp
The MD5-based
.Xr crypt 3
function is slower and probably stronger than the DES-based one but
it is usable only among FreeBSD 2.0+ systems.
.Sh HISTORY
A
.Nm
command appeared in DG/UX, written for Antenne 2 in 1991. It has evolved
considerably since this period with more OS support, user lists handling
and improved logging.
.Pp
PAM support was introduced in 2005 to port it to MacOS X variants (Panther
and up).
.Sh AUTHOR
Ollivier Robert <[email protected]>