Use consistent terminology for set-user-ID and set-group-ID bits.
There's much inconsistency in the pages. "suid",
"set-user-identifier", "setuid". Stick with one terminology,
"set-user-ID" and set-grout-ID, as suggested in man-pages(7).
Signed-off-by: <mtk.man-pages@gmail.com>
it uses a different PAM configuration.
The command
.B runuser
-does not have to be installed with suid permissions.
+does not have to be installed with set-user-ID permissions.
.PP
If the PAM session is not required then recommended solution is to use
.BR setpriv (1)
.PP
.B su
is mostly designed for unprivileged users, the recommended solution for
-privileged users (e.g. scripts executed by root) is to use non-suid command
+privileged users (e.g. scripts executed by root) is to use
+non-set-user-ID command
.BR runuser (1)
that does not require authentication and provide separate PAM configuration. If
the PAM session is not required at all then the recommend solution is to use
.TP
.BR \-l , " \-\-show\-labels"
Add the labels in the mount output. \fBmount\fR must have
-permission to read the disk device (e.g.\& be suid root) for this to work.
+permission to read the disk device (e.g.\& be set-user-ID root) for this to work.
One can set such a label for ext2, ext3 or ext4 using the
.BR e2label (8)
utility, or for XFS using
Do not use the lazytime feature.
.TP
.B suid
-Allow set-user-identifier or set-group-identifier bits to take
+Allow set-user-ID or set-group-ID bits to take
effect.
.TP
.B nosuid
-Do not allow set-user-identifier or set-group-identifier bits to take
+Do not allow set-user-ID or set-group-ID bits to take
effect.
.TP
.B silent
.B grpid
is set, it takes the group id of the directory in which it is created;
otherwise (the default) it takes the fsgid of the current process, unless
-the directory has the setgid bit set, in which case it takes the gid
-from the parent directory, and also gets the setgid bit set
+the directory has the set-group-ID bit set, in which case it takes the gid
+from the parent directory, and also gets the set-group-ID bit set
if it is a directory itself.
.TP
.BR grpquota | noquota | quota | usrquota
is readable by everybody but writable only by the superuser.
However, you can make
.B readprofile
-setuid 0, in order to reset the buffer without gaining privileges.
+set-user-ID 0, in order to reset the buffer without gaining privileges.
.TP
\fB\-s, \fB\-\-counters\fR
Print individual counters within functions.
.BR execve (2).
.PP
The difference between the commands setpriv and su (or runuser) is that setpriv does
-not use open PAM session and does not ask for password. It's simple non-suid wrapper around
+not use open PAM session and does not ask for password.
+It's simple non-set-user-ID wrapper around
.B execve
system call.
.SH OPTION
.I no_new_privs
bit. With this bit set,
.BR execve (2)
-will not grant new privileges. For example, the setuid and setgid bits as well
+will not grant new privileges.
+For example, the set-user-ID and set-group-ID bits as well
as file capabilities will be disabled. (Executing binaries with these bits set
will still work, but they will not gain privileges. Certain LSMs, especially
AppArmor, may result in failures to execute certain programs.) This bit is
.PP
Reading from a
.I file
-is refused when the invoker is not superuser and the program is suid or sgid.
+is refused when the invoker is not superuser and the program is
+set-user-ID or set-group-ID.
.SH OPTIONS
.TP
.BR \-n , " \-\-nobanner"
projects / thirdparty / util-linux.git / commitdiff
