bionic (8) really.8.gz

Provided by: chiark-really_5.0.2_amd64 bug

NAME
       really - gain privilege or run commands a different user


SYNOPSIS
       really [options] [command args... ]


DESCRIPTION
       really  checks whether the caller is allowed, and if it is it changes its uids and gids (and perhaps root
       directory) according to the command line options and executes the specified command.

       If no options are specified, the uid will be set to 0 and the  gids  and  root  directory  will  be  left
       unchanged.

       If no command is specified, really will run $SHELL -i.

       A caller is allowed if it has write access to /etc/inittab and is also member of the group root.  This is
       most easily achieved by making  inittab  group-writeable  by  some  suitable  group  containing  all  the
       appropriate users, and making /etc/inittab group-owned by that group and group-writeable.  The root group
       is perhaps a good choice if it isn't being used for anything else.


OPTIONS
       -u username | --user username
              Sets the uid, gid, and supplementary group list, according to username's entry in the password and
              group databases.

       -i username | --useronly username
              Sets only the uid according to username's entry in the password database.

       -I uid | --uidonly uid
              Sets  the  uid  to  the  numeric  value uid (which need not correspond to any existing user in the
              password database).

       -g groupname | --group groupname
              groupname is looked  up  in  the  group  database  and  its  gid  is  appended  to  the  process's
              supplementary  groups list.  If this is the first gid specified it will also be set as the primary
              gid.

       -G gid | --gid gid
              gid is appended to the process's supplementary groups list.   (gid  need  not  correspond  to  any
              existing  group in the group database.)  If this is the first gid specified it will also be set as
              the primary gid.

       -z | --groupsclear
              Clears the process's supplementary groups list.  When using this option you must also  specify  -g
              or -G.  The process's groups will then be exactly those specified.  The relative position of -z in
              the argument list is not relevant.

       -R root-dir | --chroot root-dir
              The program will have its root directory set to root-dir.

              Do not use this option unless you know what you are doing: Unlike chroot(8), the  current  working
              directory  will  remain  unchanged.  This means that if the current directory isn't underneath the
              specified new root, the program will still be able to access files outside the new root  by  using
              relative pathnames.  If this isn't what you want, please use the chroot utility instead.

       --     Indicates  the  end  of  the  options.   The next argument (if present) will be interpreted as the
              command name, even if it starts with a hyphen.


SECURITY CONSIDERATIONS
       really is designed so that installing it setuid root is extremely unlikely to compromise the security  of
       any  system.  It will check using access(2) whether the real user is allowed to write to /etc/inittab and
       if this check fails really will exit without even attempting to parse its command line.

       really is not designed to be resistant to malicious command  line  arguments.   Do  not  allow  untrusted
       processes  to  pass  options to really, or to specify the command to be run.  Whether it is safe to allow
       relatively untrusted processes to pass options to the command which is to be run depends on the behaviour
       of that command and its security status.

       Attempting  to  use  really  to  drop  privilege is dangerous unless the calling environment is very well
       understood.  There are many inherited process properties and resources which might be used by the  callee
       to  escalate  its  privilege  to  that of the (root-equivalent) caller.  For this function, it is usually
       better to use userv if possible.


ENVIRONMENT
       really does not manipulate the environment at all.  The calling  program  is  run  in  exactly  the  same
       environment  as the caller passes to really.  In particular, really will not add sbin directories to PATH
       so really-enabled accounts will usually need to have these directories on their configured PATH to  start
       with.

       SHELL is used to find the default shell to use in interactive mode (ie, when no command is specified).


AUTHOR
       This version of really was written by Ian Jackson <ian@chiark.greenend.org.uk>.

       It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson <ian@chiark.greenend.org.uk>.

       really  is  free  software;  you  can redistribute it and/or modify it under the terms of the GNU General
       Public License as published by the Free Software Foundation; either version 3, or (at  your  option)  any
       later version.

       really  is  distributed  in  the  hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
       implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.   See  the  GNU  General  Public
       License for more details.

       You  should  have received a copy of the GNU General Public License along with this file; if not, consult
       the Free Software Foundation's website at www.fsf.org, or the GNU Project website at www.gnu.org.


AVAILABILITY
       really is currently part of chiark-utils and is available for download from ftp.chiark.greenend.org.uk in
       /users/ian/chiark-utils/, in source and pre-compiled binary form, and also from Ian Jackson's cvsweb.


SEE ALSO
       userv(1), access(2), setresuid(2), setresgid(2), setgroups(2)