From: Michael Kerrisk Date: Sun, 4 Dec 2016 19:34:54 +0000 (+0100) Subject: docs: various pages: Use consistent terminology (set-user-ID and set-group-ID) X-Git-Tag: v2.30-rc1~352^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aedd46f66ed5462c0e0193faa977a6dfef4fd0de;p=thirdparty%2Futil-linux.git docs: various pages: Use consistent terminology (set-user-ID and set-group-ID) Use consistent terminology for set-user-ID and set-group-ID bits. There's much inconsistency in the pages. "suid", "set-user-identifier", "setuid". Stick with one terminology, "set-user-ID" and set-grout-ID, as suggested in man-pages(7). Signed-off-by: --- diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 index 04ce4ff017..e748b1ee58 100644 --- a/login-utils/runuser.1 +++ b/login-utils/runuser.1 @@ -24,7 +24,7 @@ does not ask for a password (because it may be executed by the root user only) a it uses a different PAM configuration. The command .B runuser -does not have to be installed with suid permissions. +does not have to be installed with set-user-ID permissions. .PP If the PAM session is not required then recommended solution is to use .BR setpriv (1) diff --git a/login-utils/su.1 b/login-utils/su.1 index 8685061efd..724755bdfd 100644 --- a/login-utils/su.1 +++ b/login-utils/su.1 @@ -42,7 +42,8 @@ configured via PAM. .PP .B su is mostly designed for unprivileged users, the recommended solution for -privileged users (e.g. scripts executed by root) is to use non-suid command +privileged users (e.g. scripts executed by root) is to use +non-set-user-ID command .BR runuser (1) that does not require authentication and provide separate PAM configuration. If the PAM session is not required at all then the recommend solution is to use diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 index d1ef9083f8..5623397ddb 100644 --- a/sys-utils/mount.8 +++ b/sys-utils/mount.8 @@ -571,7 +571,7 @@ Mount the partition that has the specified .TP .BR \-l , " \-\-show\-labels" Add the labels in the mount output. \fBmount\fR must have -permission to read the disk device (e.g.\& be suid root) for this to work. +permission to read the disk device (e.g.\& be set-user-ID root) for this to work. One can set such a label for ext2, ext3 or ext4 using the .BR e2label (8) utility, or for XFS using @@ -1058,11 +1058,11 @@ or Do not use the lazytime feature. .TP .B suid -Allow set-user-identifier or set-group-identifier bits to take +Allow set-user-ID or set-group-ID bits to take effect. .TP .B nosuid -Do not allow set-user-identifier or set-group-identifier bits to take +Do not allow set-user-ID or set-group-ID bits to take effect. .TP .B silent @@ -1599,8 +1599,8 @@ When .B grpid is set, it takes the group id of the directory in which it is created; otherwise (the default) it takes the fsgid of the current process, unless -the directory has the setgid bit set, in which case it takes the gid -from the parent directory, and also gets the setgid bit set +the directory has the set-group-ID bit set, in which case it takes the gid +from the parent directory, and also gets the set-group-ID bit set if it is a directory itself. .TP .BR grpquota | noquota | quota | usrquota diff --git a/sys-utils/readprofile.8 b/sys-utils/readprofile.8 index 59c930b3dd..5c72a719f9 100644 --- a/sys-utils/readprofile.8 +++ b/sys-utils/readprofile.8 @@ -74,7 +74,7 @@ because is readable by everybody but writable only by the superuser. However, you can make .B readprofile -setuid 0, in order to reset the buffer without gaining privileges. +set-user-ID 0, in order to reset the buffer without gaining privileges. .TP \fB\-s, \fB\-\-counters\fR Print individual counters within functions. diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 index 383efec376..23c1476857 100644 --- a/sys-utils/setpriv.1 +++ b/sys-utils/setpriv.1 @@ -11,7 +11,8 @@ Sets or queries various Linux privilege settings that are inherited across .BR execve (2). .PP The difference between the commands setpriv and su (or runuser) is that setpriv does -not use open PAM session and does not ask for password. It's simple non-suid wrapper around +not use open PAM session and does not ask for password. +It's simple non-set-user-ID wrapper around .B execve system call. .SH OPTION @@ -59,7 +60,8 @@ Set the .I no_new_privs bit. With this bit set, .BR execve (2) -will not grant new privileges. For example, the setuid and setgid bits as well +will not grant new privileges. +For example, the set-user-ID and set-group-ID bits as well as file capabilities will be disabled. (Executing binaries with these bits set will still work, but they will not gain privileges. Certain LSMs, especially AppArmor, may result in failures to execute certain programs.) This bit is diff --git a/term-utils/wall.1 b/term-utils/wall.1 index a7da1951ed..939810cc43 100644 --- a/term-utils/wall.1 +++ b/term-utils/wall.1 @@ -58,7 +58,8 @@ deny messages or are using a program which automatically denies messages. .PP Reading from a .I file -is refused when the invoker is not superuser and the program is suid or sgid. +is refused when the invoker is not superuser and the program is +set-user-ID or set-group-ID. .SH OPTIONS .TP .BR \-n , " \-\-nobanner"