From c424fd834b4845971e9ce5ef3d7325f6f4e6b163 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Thu, 18 Aug 2016 11:12:44 +0200 Subject: su, runuser, setpriv: create links between man pages .. and add notes about differences between the utuils. Reported-by: Lennart Poettering Signed-off-by: Karel Zak --- login-utils/su.1 | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'login-utils/su.1') diff --git a/login-utils/su.1 b/login-utils/su.1 index 5e529ce3d..5d570fb21 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -39,6 +39,16 @@ configuration options found in other .B su implementations, such as support for a wheel group, have to be configured via PAM. +.PP +.B su +is mostly designed for unprivileged users, the recommended solution for +privileged users (e.g. scripts executed by root) is to use non-suid command +.BR runuser (1) +that does not require authentication and provide separate PAM configuration. If +the PAM session is not required at all then the recommend solution is to use +command +.BR setpriv (1). + .SH OPTIONS .TP .BR \-c , " \-\-command" = \fIcommand @@ -241,6 +251,7 @@ session required pam_lastlog.so nowtmp .RE .SH "SEE ALSO" .BR runuser (8), +.BR setpriv (1), .BR pam (8), .BR shells (5), .BR login.defs (5) -- cgit v1.2.3-55-g7522