6974df39a7
Closes #635 newuidmap and newgidmap currently take an integner pid as the first argument, determining the process id on which to act. Accept also "fd:N", where N must be an open file descriptor to the /proc/pid directory for the process to act upon. This way, if you exec 10</proc/99 newuidmap fd:10 100000 0 65536 and pid 99 dies and a new process happens to take pid 99 before newuidmap happens to do its work, then since newuidmap will use openat() using fd 10, it won't change the mapping for the new process. Example: // terminal 1: serge@jerom ~/src/nsexec$ ./nsexec -W -s 0 -S 0 -U about to unshare with 10000000 Press any key to exec (I am 129176) // terminal 2: serge@jerom ~/src/shadow$ exec 10</proc/129176 serge@jerom ~/src/shadow$ sudo chown root src/newuidmap src/newgidmap serge@jerom ~/src/shadow$ sudo chmod u+s src/newuidmap serge@jerom ~/src/shadow$ sudo chmod u+s src/newgidmap serge@jerom ~/src/shadow$ ./src/newuidmap fd:10 0 100000 10 serge@jerom ~/src/shadow$ ./src/newgidmap fd:10 0 100000 10 // Terminal 1: uid=0(root) gid=0(root) groups=0(root) Signed-off-by: Serge Hallyn <serge@hallyn.com> |
||
|---|---|---|
| .builds | ||
| .github | ||
| contrib | ||
| doc | ||
| docs | ||
| etc | ||
| lib | ||
| libmisc | ||
| libsubid | ||
| man | ||
| po | ||
| src | ||
| tests | ||
| .gitignore | ||
| .travis.yml | ||
| acinclude.m4 | ||
| AUTHORS.md | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| README.md | ||
| SECURITY.md | ||
| shadow.spec.in | ||
| TODO | ||
shadow-utils
Introduction
The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates a passwd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.
Sites
Contacts
There are several ways to contact us:
- the general discussion mailing list
- the #shadow IRC channel on libera.chat:
- irc://irc.libera.chat/shadow
Mailing archives
- the general discussion mailing list archive
- the commit mailing list archive, only used for historical purposes
Authors and maintainers
Authors and maintainers are listed in AUTHORS.md.