* su for Plan 9 4th ed.
* ver.1.5
* update: 2005/01/28
* auther: Kenar (Kenji Arisawa)
* E-mail: [email protected]
Here is Plan 9 su command.
Plan 9 already has a command "auth/login".
However the command is assumed to be run only on the authentication server.
On the other hand my su command can be run on any Plan 9 environment, i.e.,
terminal, cpu server, as well as authentication server.
Su is similar to Unix su command but it will gives you more
comfortable life, because Plan 9 su has an interface to factotum.
usage: su [-Dfnuw] [-p password] [user [cmd arg ...]]
options:
-D: debug
-f: force authentication if hostowner is reliable. (look /lib/ndb/auth)
-n: you stay in your namespace
-u: you keep uid
-w: nowait
-p passwd: password for user. allowed only for hostowner.
-p. : password will be prompted
password is visible in the screen of terminal
sorry for my laxness ...
In most cases su is simply executed like:
su alice
in all environment such as on terminal, on cpu servers and auth server.
password will be prompted automatically if required.
hostdomain is required for su.
if you are hostowner, you can set hostdomain by
term% echo -n aichi-u.ac.jp >/dev/hostdomain
if /dev/hostdomain is not set, hostdomain value will be also prompted:
term% su alice
hostdomain: aichi-u.ac.jp
password: xxxxx
These value is pushed into factotum.
We have two type of ownership:
1. owner of a process
ps | grep ps
2. owner of a file
touch foo; ls -l foo
- Host owner of terminal with 9pcf or 9pcdisk kernel can be any user without password.
- Host owner of auth server with 9pcauth kernel can be any user without password.
- Host owner of a cpu server with 9pccpu kernel can be any user without password.
- Host owner of a terminal with 9pc kernel can be any user without password.
However namespace is not be established.
- Any user can be su'ed with password both as process owner and file owner.
If something weird, check the followings:
- registered in /adm/user ? push them to user table
- isn't in noworld ? look /adm/user, push them to user table
- rejected ? look /lib/ndb/auth
- real user ? look /usr/$user
- has he profile ? look /usr/$user/profile
- is password given ? look /mnt/keys/$user of auth server.
Ref:
- cap(3)
- sechash(2)
- auth(2)
- mount(2)
- amount(2)
- factotum(4)
- /sys/src/cmd/auth
- /sys/src/cmd/auth/cron.c
- /sys/src/cmd/cpu.c
- /sys/src/cmd/mount.c
- /sys/src/libauth
- /sys/src/libauth/auth_chuid.c
- /sys/src/libauth/login.c
- /sys/src/libauth/auth_userpasswd.c
|