.\"	@(#) root.1
.\"
.DA "Jan 24, 1990"
.TH ROOT 1 "1.0"
.SH NAME
root \- temporarily become super user
.SH SYNOPSIS
.B root
[
.B -nlhS
] [
.B -u
user ] [ 
.B -s
shell ] [ name=value ] ... [command args ]
.br
.B root
[
.B -nlhS
] [
.B -u
user ] [ 
.B -s
shell ]
.B -c
command-string
.br
.SH DESCRIPTION
When called with no arguments
.I root
switches to super user id (executable must be setuid to root) and
then spawns a new user shell.
The shell name is obtained from the user's SHELL environment
variable.
If SHELL is not set, the user's password entry in
.I "/etc/passwd
will be parsed for the login shell.
Note that unless either option
.B -S
or
.B -s
is given the invoking user's shell will be taken instead
of the configured super user's shell.
With option
.B -S
SHELL will be ignored and only the target user's password entry 
will be consulted.
The option
.B -s
allows the direct specification of a shell not mentioned in any
configuration file.
.PP
If a
.B command
is given, root does not spawn a shell but invokes the specified
command immediately with super user permissions.
No shell will be started so that
.I root
returns after the command has finished.
.PP
In either case, option
.B -h
will cause
.I root
to switch to the user's home directory first.
.PP
If option
.B -c
is given, the command will be executed through the user's shell
which is determined as described above.
The option
.B -c
will be passed to the shell by convention.
This will work with
.I "/bin/sh
and
.I "/bin/csh
and most other shells as well.
Using the
.B -c
option, a complete pipeline can be executed with super user permission.
Note that
.I string
must be quoted when invoked from the shell, because the executing
shell expects the commands to be contained in one single argument.
.PP
On startup
.I root
looks for a file named
.B .rootenv
in the users home directory.
This file contains environment strings to be set, before the
new shell or command is spawned.
.B .rootenv
is normally used to set environment variables like PATH, LOGNAME,
MAIL or HOME.
When option
.B -n
is given, the
.B .rootenv
file will be ignored.
.SS "Switching To Other User IDs"
.PP
When option
.B -u
is given, the corresponding user and group id will be used
instead of superuser id's.
When option
.B -u
is used, a file named
.B .userenv
will be processed instead of
.B .rootenv
where "user" will be replaced by the given user name.
However,
.I root
must be installed with setuid root in order to switch to
the new user and group id.
.PP
When
.I root
is called by a name beginning with a
.B +
character a name following it, that name will be the default.
(For example,
.B +uucp
will automatically switch to the uucp login id's.
.PP
Any string preceding command containing a "=" will also be added
to the environment.
These strings will perhaps replace strings previously set by the
.B .rootenv
file.
When an environment string starts with a ~ character, the
named string will be deleted from the current environment.
.PP
Note that option
.B -h
will work with different user ID's also.
.SS "Making root public available"
Please note that having
.I root
installed may be a serious security hole in your system.
Anybody who is permitted to execute
.I root
may switch to super user permissions immediately.
In opposition to programs like su(1),
.I root
does no password checking.
.PP
On startup,
.I root
tries to read a configuration file named
.BR /etc/root.conf .
This file contains information about which user is permitted
to switch to which user id.
Don't forget that when a user may switch to super user (root) permission
he may read and write any file in your system.
.PP
Every line in
.R /etc/root.conf
contains a user name identifying the invoking user and a comma-
separated list of one or more user names specifying the
target user ids.
These two areas must be separated by white space.
A target user named "*" means every user.
There may be more than one line for every user although this
is not recommended.
.PP
Suppose the following entries in
.BR /etc/root.conf :
.PP
	john	*,default:root
.br
	brian	uucp,news
.PP
This means that user john may switch to every user id, while user
brian's access is limited to the uucp and news login.
This allows UUCP and Usenet Administration for user brian without
giving him access to all files in the system.
If 
.I root
is invoked by the name "+",
no target user name has been specified and so
.I root
looks for an appropriate "default:"-entry.
For user john, this is "root" but it could be any other user name
too.
.PP
Note that when a user may switch to user "root", he may obtain
every other user id too using su(1M) or similar tools.
For that reason,
.I root
does no configuration file checking, when the invoking user
is the super user.
.SH AUTHOR
Tim Pritlove
.SH FILES
/etc/root.conf
.br
$HOME/.rootenv
.br
$HOME/.userenv
.SH NOTES
This command must be used with care because it may become
a real security hole in your system if the program will be
executable by a set of users.
.PP
root should be installed in a safe place, where only one or a few
user may access it or otherwise in a public directory with
executable permissions allowed only for a trusted group.
.PP
Because environment string processing is done before resolving the
user's shell, a different shell may be used by giving a new SHELL
environment string.
.SH EXAMPLES
To edit the
.I "/etc/passwd
file with super user permissions, simply type
.PP
	+ vi /etc/passwd
.PP
The command line
.PP
	+ SHELL=/bin/sh sh_script
.PP
makes sure, that
.I "/bin/sh
will be used to process the
.I sh_script
shell script.
.PP
By putting the lines
.PP
	PATH=/bin:/usr/bin:/etc
.br
	LOGNAME=root
.br
	MAIL=/usr/spool/mail
.br
	HOME=/
.PP
into the
.B ".rootenv"
configuration file you are making sure,
that you are working as the super user as if
you had logged in directly as root.
This method is therefore identical to invoking the command
.I "su\ -"
but you don't have to reenter the password every time.
.PP
The command line
.PP
	+uucp crontab -l
.PP
will list uucp's current crontab file.
Similar actions may be taken by linking
.I root
to appropriate user names (e.g. +uucp or +lp).
.SH ENVIRONMENT
.IP POSIXLY_CORRECT
To parse the command line options, this program uses the 
.BR getopt(3) 
routines, which are not POSIX conform on GNU systems, as long as
this variable is not set. If it is set, parsing stops as soon as a parameter
is found that is not an option or an option argument for this program.
All remaining parameters are also interpreted as non-option parameters,
regardless whether they start with a 
.RB ` - '.
To avoid typying a lot of ` -- ', it is highly recommended, to set 
this variable.
.SH SEE ALSO
passwd(1), passwd(5), su(1), getopt(1), getopt(3)
.SH BUGS
.I root
does not handle entries in
.I /etc/passwd
containing an asterisk (*) in the shell field.
These entries will be handled properly only by
.I login(1m)
at login time.
They are used in order to change the root directory to
the value given in the directory field and to retry the login
process assuming there exists an appropriate file system
structure in this new root directory.
.PP
.I root
will produce an error "No such file or address" or
something similar.