From b55938df6f21e98c4f8e97774842ec254ac42e4f Mon Sep 17 00:00:00 2001 From: Christoph Anton Mitterer Date: Mon, 25 Nov 2024 02:41:13 +0100 Subject: [PATCH] man pages: use `user` rather than `username` This are also the terms used in the usage outputs of the programs and the rest of the man pages. Signed-off-by: Christoph Anton Mitterer (cherry picked from commit c8506371c644dc057d9f933cf2b0b48799a720bc) --- login-utils/runuser.1.adoc | 2 +- login-utils/su.1.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/login-utils/runuser.1.adoc b/login-utils/runuser.1.adoc index aea95f743b..b128c19841 100644 --- a/login-utils/runuser.1.adoc +++ b/login-utils/runuser.1.adoc @@ -56,7 +56,7 @@ Start the shell as a login shell with an environment similar to a real login: Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. The option is ignored if the option *--login* is specified. *-P*, *--pty*:: -Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *runuser --pty* *-u* _username_ *--* _command_ *&*). If the pseudo-terminal is enabled, then *runuser* works as a proxy between the sessions (sync stdin and stdout). +Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid TIOCSTI ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *runuser --pty* *-u* _user_ *--* _command_ *&*). If the pseudo-terminal is enabled, then *runuser* works as a proxy between the sessions (sync stdin and stdout). + This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., *echo "date" | runuser --pty -u* _user_), then the *ECHO* flag for the pseudo-terminal is disabled to avoid messy output. diff --git a/login-utils/su.1.adoc b/login-utils/su.1.adoc index 2db2e04c58..33f45833f4 100644 --- a/login-utils/su.1.adoc +++ b/login-utils/su.1.adoc @@ -64,7 +64,7 @@ PAM) from this point of view. You need to use tools like *systemd-run* or Preserve the entire environment, i.e., do not set *HOME*, *SHELL*, *USER* or *LOGNAME*. This option is ignored if the option *--login* is specified. *-P*, *--pty*:: -Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid *TIOCSTI* ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *su --pty* **-** __username__ *-c* _application_ *&*). If the pseudo-terminal is enabled, then *su* works as a proxy between the sessions (sync stdin and stdout). +Create a pseudo-terminal for the session. The independent terminal provides better security as the user does not share a terminal with the original session. This can be used to avoid *TIOCSTI* ioctl terminal injection and other security attacks against terminal file descriptors. The entire session can also be moved to the background (e.g., *su --pty* **-** __user__ *-c* _application_ *&*). If the pseudo-terminal is enabled, then *su* works as a proxy between the sessions (sync stdin and stdout). + This feature is mostly designed for interactive sessions. If the standard input is not a terminal, but for example a pipe (e.g., *echo "date" | su --pty*), then the *ECHO* flag for the pseudo-terminal is disabled to avoid messy output. -- 2.47.2