Imported Upstream version 4.1.5.1upstream/4.1.5.1

1 files changed, 229 insertions, 0 deletions

diff --git a/man/suauth.5.xml b/man/suauth.5.xml
new file mode 100644
index 00000000..3101d5e7
--- /dev/null
+++ b/man/suauth.5.xml
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+   Copyright (c) 1996       , Marek Michałkiewicz
+   Copyright (c) 2001 - 2006, Tomasz Kłoczko
+   All rights reserved.
+  
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. The name of the copyright holders or contributors may not be used to
+      endorse or promote products derived from this software without
+      specific prior written permission.
+  
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+<refentry id='suauth.5'>
+  <!-- $Id: suauth.5.xml 3742 2012-05-25 11:45:21Z nekral-guest $ -->
+  <refentryinfo>
+    <author>
+      <firstname>Marek</firstname>
+      <surname>Michałkiewicz</surname>
+      <contrib>Creation, 1996</contrib>
+    </author>
+    <author>
+      <firstname>Thomas</firstname>
+      <surname>Kłoczko</surname>
+      <email>kloczek@pld.org.pl</email>
+      <contrib>shadow-utils maintainer, 2000 - 2007</contrib>
+    </author>
+    <author>
+      <firstname>Nicolas</firstname>
+      <surname>François</surname>
+      <email>nicolas.francois@centraliens.net</email>
+      <contrib>shadow-utils maintainer, 2007 - now</contrib>
+    </author>
+  </refentryinfo>
+  <refmeta>
+    <refentrytitle>suauth</refentrytitle>
+    <manvolnum>5</manvolnum>
+    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
+    <refmiscinfo class="source">shadow-utils</refmiscinfo>
+    <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+  </refmeta>
+  <refnamediv id='name'>
+    <refname>suauth</refname>
+    <refpurpose>detailed su control file</refpurpose>
+  </refnamediv>
+  <!-- body begins here -->
+  <refsynopsisdiv id='synopsis'>
+    <cmdsynopsis>
+      <command>/etc/suauth</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id='description'>
+    <title>DESCRIPTION</title>
+    <para>
+      The file <filename>/etc/suauth</filename> is referenced whenever the
+      su command is called. It can change the behaviour of the su command,
+      based upon:
+    </para>
+
+    <!-- .RS -->
+    <literallayout remap='.nf'>
+      1) the user su is targetting
+    </literallayout>
+    <!-- .fi -->
+    <para>
+      2) the user executing the su command (or any groups he might be
+      a member of)
+    </para>
+
+    <para>
+      The file is formatted like this, with lines starting with a # being
+      treated as comment lines and ignored;
+    </para>
+
+    <literallayout remap='RS'>
+      to-id:from-id:ACTION
+    </literallayout>
+
+    <para>
+      Where to-id is either the word <emphasis>ALL</emphasis>, a list of
+      usernames delimited by "," or the words <emphasis>ALL
+      EXCEPT</emphasis> followed by a list of usernames delimited by ",".
+    </para>
+
+    <para>
+      from-id is formatted the same as to-id except the extra word
+      <emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT
+      GROUP</emphasis> is perfectly valid too. Following
+      <emphasis>GROUP</emphasis> appears one or more group names, delimited
+      by ",". It is not sufficient to have primary group id of the relevant
+      group, an entry in
+      <citerefentry><refentrytitle>/etc/group</refentrytitle>
+      <manvolnum>5</manvolnum></citerefentry> is neccessary.
+    </para>
+
+    <para> 
+      Action can be one only of the following currently supported options.
+    </para>
+    <variablelist remap='TP'>
+      <varlistentry>
+	<term>
+	  <emphasis>DENY</emphasis>
+	</term>
+	<listitem>
+	  <para>The attempt to su is stopped before a password is
+	    even asked for.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry>
+	<term>
+	  <emphasis>NOPASS</emphasis>
+	</term>
+	<listitem>
+	  <para>
+	    The attempt to su is automatically successful; no password is
+	    asked for.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry>
+	<term>
+	  <emphasis>OWNPASS</emphasis>
+	</term>
+	<listitem>
+	  <para>
+	    For the su command to be successful, the user must enter his or
+	    her own password. They are told this.
+	  </para>
+	</listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>
+      Note there are three separate fields delimited by a colon. No
+      whitespace must surround this colon. Also note that the file is
+      examined sequentially line by line, and the first applicable rule is
+      used without examining the file further. This makes it possible for a
+      system administrator to exercise as fine control as he or she wishes.
+    </para>
+  </refsect1>
+
+  <refsect1 id='example'>
+    <title>EXAMPLE</title>
+    <literallayout remap='.nf'>
+      # sample /etc/suauth file
+      #
+      # A couple of privileged usernames may
+      # su to root with their own password.
+      #
+      root:chris,birddog:OWNPASS
+      #
+      # Anyone else may not su to root unless in
+      # group wheel. This is how BSD does things.
+      #
+      root:ALL EXCEPT GROUP wheel:DENY
+      #
+      # Perhaps terry and birddog are accounts
+      # owned by the same person.
+      # Access can be arranged between them
+      # with no password.
+      #
+      terry:birddog:NOPASS
+      birddog:terry:NOPASS
+      #
+    </literallayout>
+    <!-- .fi -->
+  </refsect1>
+
+  <refsect1 id='files'>
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+	<term><filename>/etc/suauth</filename></term>
+	<listitem><para></para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='bugs'>
+    <title>BUGS</title>
+    <para>
+      There could be plenty lurking. The file parser is particularly
+      unforgiving about syntax errors, expecting no spurious whitespace
+      (apart from beginning and end of lines), and a specific token
+      delimiting different things.
+    </para>
+  </refsect1>
+
+  <refsect1 id='diagnostics'>
+    <title>DIAGNOSTICS</title>
+    <para>
+      An error parsing the file is reported using
+      <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      as level ERR on facility AUTH.
+    </para>
+  </refsect1>
+
+  <refsect1 id='see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>.
+    </para>
+  </refsect1>
+</refentry>