Commit Graph

360 Commits

Author SHA1 Message Date
Bostjan Skufca
a113b87c45 newuidmap/newgidmap: added support for user matching by UID in /etc/sub[ug]id
Until now only exact username specification in /etc/sub[ug]id file allowed the
mapping. This prevented normal use for those users who use multiple usernames
with the same UID, as it rejected mapping even though it was allowed for
another username with the same UID.

This patch initially retains the old behaviour, for performance's sake. In the
first pass, new[ug]idmap only searches for exact username match.
If that yields no valid results, it continues into another loop, which does UID
resolution and comparison. If either definition (numeric UID mapping
specification or mapping specification for another username with the same UID as
current username) is found, it is used.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-09-17 15:48:10 -05:00
Serge Hallyn
980c804153 man: newuid and newgid: point out that root must be allocated subuids
Users may otherwise be confused and think that because the kernel
does not restrict uid mappings to the root user (within his
current uid mappings), newuidmap will ignore /etc/subuid for the
root user.  It will not.

Reported-by: Philippe Grégoire <gregoirep@hotmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
2014-06-13 09:41:09 -05:00
Serge Hallyn
50bb452dd1 newuidmap.1 and newgidmap.1: note limitation
Note that they may be used only once for a given process.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-23 15:16:43 -05:00
Nicolas François
90ac3a3207 Update translation files.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:43 +02:00
Nicolas François
684de2abff Fix encoding.
* man/newgrp.1.xml: Fix encoding.
	* man/sg.1.xml: Likewise.
2013-08-23 20:29:42 +02:00
Nicolas François
44faa3b796 Unfuzzy according to previous change.
* man/po/da.po: Unfuzzy according to previous change.
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/it.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
	* man/po/zh_CN.po: Likewise.
2013-08-23 20:29:41 +02:00
Nicolas François
138682fd30 Avoid spaces between <option> and <replaceable>
* man/chage.1.xml: Add a non breaking space between options and
	their parameter because xml2po removes those spaces. Alioth#314401
	* man/chfn.1.xml: Likewise.
	* man/chgpasswd.8.xml: Likewise.
	* man/chpasswd.8.xml: Likewise.
	* man/chsh.1.xml: Likewise.
	* man/faillog.8.xml: Likewise.
	* man/gpasswd.1.xml: Likewise.
	* man/groupadd.8.xml: Likewise.
	* man/groupdel.8.xml: Likewise.
	* man/groupmems.8.xml: Likewise.
	* man/groupmod.8.xml: Likewise.
	* man/grpck.8.xml: Likewise.
	* man/lastlog.8.xml: Likewise.
	* man/newusers.8.xml: Likewise.
	* man/passwd.1.xml: Likewise.
	* man/pwck.8.xml: Likewise.
	* man/pwconv.8.xml: Likewise.
	* man/su.1.xml: Likewise.
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/vipw.8.xml: Likewise.
2013-08-23 20:29:40 +02:00
Nicolas François
373dd2dc3d Create baseline for changing manpage options.
* man/po/shadow-man-pages.pot: Regenerated.
	* man/po/*.po: Updated PO files.
2013-08-23 20:29:39 +02:00
Nicolas François
3ea09ae998 Fix encoding.
* man/po/de.po: Fix encoding.
2013-08-23 20:29:33 +02:00
Nicolas François
c3b6417226 Remove debug info. 2013-08-16 01:11:50 +02:00
Nicolas François
eceedf43cf Improve documentation.
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
	when the user already have subordinate group IDs.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
2013-08-15 17:30:20 +02:00
Nicolas François
29bd7e1929 Document checks performed by newgidmap/newuidmap
* man/newgidmap.1.xml: Document the checks performed before
	setting the mapping in /proc.
	* man/newuidmap.1.xml: Likewise.
2013-08-13 19:38:41 +02:00
Nicolas François
e1a4b6e57b Document the semantic of ranges.
* libmisc/idmapping.h: Document what the upper and lower fields
	are in struct map_range.
	* man/newgidmap.1.xml: Document when the gid, gidlower and count
	argument are.
	* man/newuidmap.1.xml: Likewise for uid, uidlower and count.
2013-08-13 19:28:07 +02:00
Nicolas François
3bdf723bab Improve documentation.
* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
	of useradd and newusers depends on the existence of /etc/subgid.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.
2013-08-13 00:21:02 +02:00
Nicolas François
5d3a785c55 Manpages improvement for subordinate IDs.
* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
	SUB_GID_MAX, SUB_GID_COUNT, SUB_UID_MIN, SUB_UID_MAX,
	SUB_UID_COUNT.
	* man/useradd.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/usermod.8.xml: Likewise.
	* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
	* man/useradd.8.xml: Likewise.
	* man/userdel.8.xml: Likewise.
	* man/subgid.5.xml: Sort references alphabetically.
	* man/subuid.5.xml: Likewise.
	* man/subgid.5.xml: Add references to newusers(8), useradd(8),
	userdel(8), usermod(8), user_namespaces(7).
	* man/subuid.5.xml: Likewise.
2013-08-11 16:09:59 +02:00
Nicolas François
eeab0bebfa Sort references alphabetically.
* man/newgidmap.1.xml: Sort references alphabetically.
	* man/newuidmap.1.xml: Likewise.
2013-08-11 15:48:57 +02:00
Nicolas François
d611d54ed4 Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
	--disable-subordinate-ids. Enabled by default.
	* lib/prototypes.h: Include <config.h> before using its macros.
	* lib/commonio.h, lib/commonio.c: Define commonio_append only when
	ENABLE_SUBIDS is defined.
	* lib/prototypes.h, libmisc/find_new_sub_gids.c,
	libmisc/find_new_sub_uids.c: Likewise.
	* lib/subordinateio.h, lib/subordinateio.c: Likewise.
	* libmisc/user_busy.c: Only check if subordinate IDs are in use if
	ENABLE_SUBIDS is defined.
	* src/Makefile.am: Create newgidmap and newuidmap only if
	ENABLE_SUBIDS is defined.
	* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
	subordinate IDs.
	* src/useradd.c: Likewise.
	* src/userdel.c: Likewise.
	* src/usermod.c: Likewise.
	* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
	* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
	man5/subgid.5, and man5/subuid.5 (not translated yet).
	* man/generate_mans.mak: Add xsltproc conditionals
	subids/no_subids.
	* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
	condition.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/usermod.8.xml: Document options for subordinate IDs and
	reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 15:46:59 +02:00
Nicolas François
cfad7327a5 Editorial changes to usermod(8)
* man/usermod.8.xml: Fix typos and wording.
	* man/usermod.8.xml: Add references to subgid(5) and subuid(5).
2013-08-07 01:36:10 +02:00
Nicolas François
ee2b88b7b1 I find it clearer with the words in that order.
* man/subgid.5.xml: Reorder words.
	* man/subuid.5.xml: Likewise.
2013-08-06 22:25:08 +02:00
Nicolas François
1955170a14 Fix typos.
* man/subgid.5.xml: Fix typos.
	* man/subuid.5.xml: Likewise.
	* man/subgid.5.xml: Fix copy-paste errors from subuid.5.xml.
2013-08-06 22:22:57 +02:00
Nicolas François
9fdd176e45 Remove copy-pasted NOTE.
* man/newgidmap.1.xml: Remove copy-pasted NOTE.
	* man/newuidmap.1.xml: Likewise.
2013-08-06 21:01:53 +02:00
Nicolas François
95d1e146b2 Fix typos.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
	* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
	* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
	SUB_GID_COUNT.
	* man/newgidmap.1.xml: Fix Typo.
	* src/useradd.c: Fix typos.
	* lib/subordinateio.c: Fix typos.
2013-08-06 20:59:13 +02:00
Eric W. Biederman
673c2a6f9a newuidmap,newgidmap: New suid helpers for using subordinate uids and gids
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:46 -05:00
Serge Hallyn
2cffa14105 fix typo in subxid.5
login.defs, not logindefs.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
d5b3092331 usermod: Add support for subordinate uids and gids.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
23fd6cb1da login.defs.5: Document the new variables in login.defs
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Eric W. Biederman
a881a2c8d4 Documentation for /etc/subuid and /etc/subgid
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-05 10:08:45 -05:00
Nicolas François
7903a1b767 Fix su/1 documentation of -
* man/su.1.xml: With getopt, '-' does not need to be the last
	option, but it is recommended for portability.
	Closes https://bugs.launchpad.net/bugs/1100775
2013-08-04 23:45:31 +02:00
Nicolas François
08489a4e22 Fix translations (--home became --home-dir)
* man/po/da.po: Fix translation (--home became --home-dir).
	* man/po/de.po: Likewise.
	* man/po/fr.po: Likewise.
	* man/po/pl.po: Likewise.
	* man/po/ru.po: Likewise.
	* man/po/sv.po: Likewise.
2013-08-04 15:52:00 +02:00
bubulle
9be164101d Replace "--home" by "--home-dir" in useradd(8) manpage (and
translations)
2013-07-29 10:58:50 +02:00
Ville Skyttä
48b2c4bff4 Syntax fix in Japanese manpage 2013-07-29 10:18:41 +02:00
Simon Brandmair
4145b98314 German manpages translation update 2013-07-28 18:57:18 +02:00
nekral-guest
1c78e3f3b8 * man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2012-05-25 13:40:31 +00:00
nekral-guest
042d6c48b3 * man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
	man/<ll>/Makefile.am: Sort manpages per section as the generated
	manpages.
2012-05-25 11:45:21 +00:00
nekral-guest
cdd3ebfcf1 * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-05-20 21:03:11 +00:00
nekral-guest
faaa8daffb * man/Makefile.am, man/generate_mans.mak: Update clean targets,
due to the generation in separate sub folders.
2012-05-20 21:01:24 +00:00
nekral-guest
e108f473ec * man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
	* man/generate_mans.mak: Do not add a AUTHOR section in the man
	pages.
2012-05-20 17:40:23 +00:00
nekral-guest
8690c74d6a * src/useradd.c: Cleanup, return code 13 no more used.
* man/useradd.8.xml: Document return code 14, and remove return
	code 13.
2012-05-20 12:26:54 +00:00
nekral-guest
788374bd8c * NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
	which did not point to a path relative to the top-level manual
	hierarchy.
	* man/generate_mans.mak: Update man paths accordingly.
	* man/Makefile.am: Likewise.
	* man/da/Makefile.am: Likewise.
	* man/de/Makefile.am: Likewise.
	* man/fr/Makefile.am: Likewise.
	* man/it/Makefile.am: Likewise.
	* man/pl/Makefile.am: Likewise.
	* man/ru/Makefile.am: Likewise.
	* man/sv/Makefile.am: Likewise.
	* man/zh_CN/Makefile.am: Likewise.
2012-05-20 10:18:33 +00:00
bubulle
f741583f1a French translation of manpages completed 2012-05-17 09:17:53 +00:00
bubulle
de8a22a2f4 German translation of manpages updated 2012-05-17 09:13:09 +00:00
bubulle
19d5ec6921 Complete translation of logoutd(8) in Polish. Patch by Robert Luberda 2012-04-15 10:54:03 +00:00
nekral-guest
659684836d 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* man/.gitignore: Add generate_mans.deps
2012-02-13 20:04:40 +00:00
nekral-guest
19699033bf 2012-02-13 Mike Frysinger <vapier@gentoo.org>
* man/grpck.8.xml: Relocate space.
2012-02-13 20:00:34 +00:00
nekral-guest
b261fbd7bb * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-02-12 15:02:45 +00:00
nekral-guest
4f275ec75b * man/it/Makefile.am: Activate all manpages. 2012-02-11 18:29:17 +00:00
nekral-guest
1528ae16a0 * man/po/it.po: Updated after review. 2012-02-11 18:28:04 +00:00
nekral-guest
d069726634 * man/po/it.po: Updated to 1173t. 2012-02-11 09:31:17 +00:00
nekral-guest
2aa73f7823 * man/useradd.8.xml, man/su.1.xml, man/po/da.po, man/po/ru.po,
man/po/fr.po, man/po/de.po, man/po/sv.po, man/po/pl.po,
	man/po/it.po, man/po/shadow-man-pages.pot, man/po/zh_CN.po: Fix
	two typos. Thanks to Giuseppe Sacco. Unfuzzy translations
	* po/kk.po, po/nb.po, po/el.po, po/ca.po, po/ja.po: Re-generate.
	* man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
	Fix typo.
2012-02-02 19:05:34 +00:00
nekral-guest
c1eecc94ec * NEWS, configure.in, man/da/Makefile.am, man/Makefile.am: Build
manpages with more than 50% translated messages.
	* man/fr/Makefile.am: Add missing manpages: chgpasswd.8,
	groupmems.8, nologin.8, sulogin.8.
	* man/de/Makefile.am: Add missing manpages: chage.1, chgpasswd.8,
	chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3, gpasswd.1,
	groupadd.8, groupdel.8, groupmems.8, groupmod.8, grpck.8,
	grpconv.8, grpunconv.8, gshadow.5, lastlog.8, login.defs.5,
	logoutd.8, newusers.8, nologin.8, pwck.8, pwconv.8, pwunconv.8,
	sg.1, shadow.3, shadow.5, suauth.5, useradd.8, userdel.8,
	usermod.8, limits.5, login.access.5, porttime.5, id.1, sulogin.8
	* man/zh_CN/Makefile.am: Add missing manpages: chgpasswd.8,
	groupmems.8, nologin.8, sulogin.8
	* man/pl/Makefile.am, man/sv/Makefile.am, man/it/Makefile.am:
	Translate only manpages with more than 50% translated messages.
	* man/po/da.po: Do not translate names of manpages (newusers,
	limits, groups)
2012-01-28 16:53:23 +00:00