[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.1 Becoming another user


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.1.1 Synopsis

 
become [option…] [env-var…] user [command [argument…]]

Actually, you can put the options, env-vars and user in any order you like; the important thing is that all of them appear before the command, if any.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.1.2 Usage

The options appropriate for this mode are as follows:

-h
--help

Display a (fairly verbose) help message describing the various command line options and exits successfully.

-u
--usage

Display a terse summary of the command line options and exits successfully.

-v

Display's Become's version number and exits successfully.

-e
--preserve-environment

Selects the `preserve' login style (see section The `preserve' login style). All environment variables are preserved. The default command is the current user's own shell. The default primary group becomes the current primary group; the default group style is set to `merge'.

-s
--su
--set-user

Selects the `set-user' login style (see section The `set-user' login style). Most environment variables are preserved, but USER, LOGNAME, HOME and other user-specific variables are altered to reflect the target user's configuration. The default command is the target user's shell. The default primary group becomes the target user's primary group; the default group style is set to `merge'.

-l
--login

Selects the `login' login style (see section The `login' login style). The environment is cleared and rebuilt, in a similar way to the behaviour of login. The default command is the target user's shell. The default primary group becomes the target user's primary group; the default group style is set to `replace'.

-g group
--group=group

Selects group as the primary group; it may be either a group name or a numeric group id. Note that group must be the primary group or a subsidiary group of either the current user or the target user.

-k
--keep-groups

Selects the `keep' group style (see section Handling subsidiary group memberships). The current set of subsidiary group memberships are passed on unchanged.

-m
--merge-groups

Selects the `merge' group style (see section Handling subsidiary group memberships). The current set of subsidiary group memberships are merged with the subsidiary groups of the target user.

-r
--replace-groups

Selects the `replace' group style (see section Handling subsidiary group memberships). The target user's subsidiary group memberships are passed on; the current subsidiary groups are discarded.

-c shell-cmd
--command=shell-cmd

Sets the command and arguments to invoke /bin/sh -c shell-cmd; i.e., to execute a Bourne shell command instead of just execing a program. Note that permissions are checked for executing the Bourne shell /bin/sh; the contents of the shell-cmd are not inspected.

The env-var arguments fine-tune the environment passed to the command. Each env-var setting must be one of the following:

var=value

Assign the variable named var the value value. Protect the variable var from modifications by the login style.

var!

Protect the variable var from modifications by the login style, but don't change its value.

var-

Remove the variable var from the environment; do not pass it on.

The user specifies the user as whom the command should be executed (i.e., the target user). It may be a user name or a numeric user id.

The command specifies a command to execute. If command does not contain a path, it is looked for using the current PATH environment variable. The resulting pathname is canonified if necessary, to produce an absolute pathname. Note that symbolic links are not resolved - this prevents an attack whereby a user could invoke a program, passing it an unusual argv[0] which might cause unusual behaviour.

The command name is used both as the command to execute and passed to the command as argv[0]. It is not possible to specify an alternative value to be passed as argv[0]. Subsequent arguments, if supplied, are passed as argv[1] upwards.

If no command is given, a shell is invoked; the particulars of the shell are determined by the login style (see above).

The command is executed as follows:


[ < ] [ > ]   [ << ] [ Up ] [ >> ]

This document was generated by Mark Wooding on March, 14 2006 using texi2html 1.76.