Provided by: chiark-really_4.3.0_amd64 bug

NAME

       really - gain privilege or run commands a different user

SYNOPSIS

       really [options] [command args... ]

DESCRIPTION

       really  checks  whether  the  caller is allowed, and if it is it changes its uids and gids
       (and perhaps root directory) according to  the  command  line  options  and  executes  the
       specified command.

       If no options are specified, the uid will be set to 0 and the gids and root directory will
       be left unchanged.

       If no command is specified, really will run $SHELL -i.

       A caller is allowed if it has write access to /etc/inittab and is also member of the group
       root.   This  is  most  easily achieved by making inittab group-writeable by some suitable
       group containing all the appropriate users, and making /etc/inittab  group-owned  by  that
       group and group-writeable.  The root group is perhaps a good choice if it isn't being used
       for anything else.

OPTIONS

       -u username | --user username
              Sets the uid, gid, and supplementary group list, according to username's  entry  in
              the password and group databases.

       -i username | --useronly username
              Sets only the uid according to username's entry in the password database.

       -I uid | --uidonly uid
              Sets  the  uid  to the numeric value uid (which need not correspond to any existing
              user in the password database).

       -g groupname | --group groupname
              groupname is looked up in the group  database  and  its  gid  is  appended  to  the
              process's  supplementary  groups  list.  If this is the first gid specified it will
              also be set as the primary gid.

       -G gid | --gid gid
              gid is appended  to  the  process's  supplementary  groups  list.   (gid  need  not
              correspond  to any existing group in the group database.)  If this is the first gid
              specified it will also be set as the primary gid.

       -z | --groupsclear
              Clears the process's supplementary groups list.  When using this  option  you  must
              also  specify -g or -G.  The process's groups will then be exactly those specified.
              The relative position of -z in the argument list is not relevant.

       -R root-dir | --chroot root-dir
              The program will have its root directory set to root-dir.

              Do not use this option unless you know what you are doing:  Unlike  chroot(8),  the
              current  working  directory  will remain unchanged.  This means that if the current
              directory isn't underneath the specified new root, the program will still  be  able
              to  access  files  outside the new root by using relative pathnames.  If this isn't
              what you want, please use the chroot utility instead.

       --     Indicates the end  of  the  options.   The  next  argument  (if  present)  will  be
              interpreted as the command name, even if it starts with a hyphen.

SECURITY CONSIDERATIONS

       really  is  designed so that installing it setuid root is extremely unlikely to compromise
       the security of any system.  It will check  using  access(2)  whether  the  real  user  is
       allowed  to  write  to  /etc/inittab and if this check fails really will exit without even
       attempting to parse its command line.

       really is not designed to be resistant to malicious command line arguments.  Do not  allow
       untrusted  processes  to  pass  options  to  really,  or to specify the command to be run.
       Whether it is safe to allow relatively untrusted processes to pass options to the  command
       which is to be run depends on the behaviour of that command and its security status.

       Attempting  to use really to drop privilege is dangerous unless the calling environment is
       very well understood.  There are many inherited process  properties  and  resources  which
       might  be  used  by  the callee to escalate its privilege to that of the (root-equivalent)
       caller.  For this function, it is usually better to use userv if possible.

ENVIRONMENT

       really does not manipulate the environment at all.  The calling program is run in  exactly
       the  same  environment as the caller passes to really.  In particular, really will not add
       sbin directories to PATH so really-enabled  accounts  will  usually  need  to  have  these
       directories on their configured PATH to start with.

       SHELL is used to find the default shell to use in interactive mode (ie, when no command is
       specified).

AUTHOR

       This version of really was written by Ian Jackson <ian@chiark.greenend.org.uk>.

       It   and   this   manpage    are    Copyright    (C)    1992-5,2004,2013    Ian    Jackson
       <ian@chiark.greenend.org.uk>.

       really  is  free software; you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation; either version 3,
       or (at your option) any later version.

       really  is  distributed  in  the  hope  that  it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this file; if
       not, consult the Free Software Foundation's website at www.fsf.org,  or  the  GNU  Project
       website at www.gnu.org.

AVAILABILITY

       really   is   currently   part   of  chiark-utils  and  is  available  for  download  from
       ftp.chiark.greenend.org.uk in /users/ian/chiark-utils/, in source and pre-compiled  binary
       form, and also from Ian Jackson's cvsweb.

SEE ALSO

       userv(1), access(2), setresuid(2), setresgid(2), setgroups(2)