really - gain privilege or run commands a different user

       This version of really was written by Ian Jackson <ian@chiark.greenend.org.uk>.

       It and this manpage are Copyright (C) 1992-5,2004,2013 Ian Jackson <ian@chiark.greenend.org.uk>.

       really is free software; you can redistribute it and/or modify it under the  terms  of  the  GNU  General
       Public  License  as  published by the Free Software Foundation; either version 3, or (at your option) any
       later version.

       really is distributed in the hope that it will be useful, but WITHOUT  ANY  WARRANTY;  without  even  the
       implied  warranty  of  MERCHANTABILITY  or  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
       License for more details.

       You should have received a copy of the GNU General Public License along with this file; if  not,  consult
       the Free Software Foundation's website at www.fsf.org, or the GNU Project website at www.gnu.org.

really is currently part of chiark-utils and is available for download from ftp.chiark.greenend.org.uk in
       /users/ian/chiark-utils/, in source and pre-compiled binary form, and also from Ian Jackson's cvsweb.

really  checks whether the caller is allowed, and if it is it changes its uids and gids (and perhaps root
       directory) according to the command line options and executes the specified command.

       If no options are specified, the uid will be set to 0 and the  gids  and  root  directory  will  be  left
       unchanged.

       If no command is specified, really will run $SHELL-i.

       A caller is allowed if it has write access to /etc/inittab and is also member of the group root.  This is
       most  easily  achieved  by  making  inittab  group-writeable  by  some  suitable group containing all the
       appropriate users, and making /etc/inittab group-owned by that group and group-writeable.  The root group
       is perhaps a good choice if it isn't being used for anything else.

really  does  not  manipulate  the  environment  at  all.  The calling program is run in exactly the same
       environment as the caller passes to really.  In particular, really will not add sbin directories to  PATH
       so  really-enabled accounts will usually need to have these directories on their configured PATH to start
       with.

       SHELL is used to find the default shell to use in interactive mode (ie, when no command is specified).

       really - gain privilege or run commands a different user

-uusername | --userusername
              Sets the uid, gid, and supplementary group list, according to username's entry in the password and
              group databases.

       -iusername | --useronlyusername
              Sets only the uid according to username's entry in the password database.

       -Iuid | --uidonlyuid
              Sets the uid to the numeric value uid (which need not correspond  to  any  existing  user  in  the
              password database).

       -ggroupname | --groupgroupnamegroupname  is  looked  up  in  the  group  database  and  its  gid  is  appended  to the process's
              supplementary groups list.  If this is the first gid specified it will also be set as the  primary
              gid.

       -Ggid | --gidgidgid  is  appended  to  the  process's  supplementary groups list.  (gid need not correspond to any
              existing group in the group database.)  If this is the first gid specified it will also be set  as
              the primary gid.

       -z | --groupsclear
              Clears  the  process's supplementary groups list.  When using this option you must also specify -g
              or -G.  The process's groups will then be exactly those specified.  The relative position of -z in
              the argument list is not relevant.

       -Rroot-dir | --chrootroot-dir
              The program will have its root directory set to root-dir.

              Donotusethisoptionunlessyouknowwhatyouaredoing: Unlike chroot(8), the  current  working
              directory  will  remain  unchanged.  This means that if the current directory isn't underneath the
              specified new root, the program will still be able to access files outside the new root  by  using
              relative pathnames.  If this isn't what you want, please use the chroot utility instead.

       --     Indicates  the  end  of  the  options.   The next argument (if present) will be interpreted as the
              command name, even if it starts with a hyphen.

really is designed so that installing it setuid root is extremely unlikely to compromise the security  of
       any  system.  It will check using access(2) whether the real user is allowed to write to /etc/inittab and
       if this check fails really will exit without even attempting to parse its command line.

       really is not designed to be resistant to malicious command  line  arguments.   Do  not  allow  untrusted
       processes  to  pass  options to really, or to specify the command to be run.  Whether it is safe to allow
       relatively untrusted processes to pass options to the command which is to be run depends on the behaviour
       of that command and its security status.

       Attempting to use really to drop privilege is dangerous unless  the  calling  environment  is  very  well
       understood.   There are many inherited process properties and resources which might be used by the callee
       to escalate its privilege to that of the (root-equivalent) caller.  For  this  function,  it  is  usually
       better to use userv if possible.

userv(1), access(2), setresuid(2), setresgid(2), setgroups(2)

chiark-backup                                      2001-10-21                                          really(8)

really [options] [commandargs... ]