Hi, The first patch standardizes the usage message of 'login' to the use of angular brackets, the second standardizes the spelling of "super-user" to the more common "superuser", the third makes a minor tweak, and in the fourth patch I got carried away and reviewed all the comments in login.c -- if this is too much, I can redo the patch to contain just the grammar and typo fixes ("accout", "reinilizalize", ...). Regards, Benno -- http://www.fastmail.fm - Accessible with your email software or over the web
From d2f1a68d4e26b1cb341960e6f444bbb6f2709888 Mon Sep 17 00:00:00 2001 From: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> Date: Wed, 29 May 2013 19:46:23 +0200 Subject: [PATCH 1/4] textual: standardize synopsis for login, and improve an error message Signed-off-by: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> --- login-utils/login.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/login-utils/login.c b/login-utils/login.c index 442ad40..37dc9d0 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -1277,7 +1277,7 @@ int main(int argc, char **argv) case 'h': if (getuid()) { fprintf(stderr, - _("login: -h for super-user only.\n")); + _("login: -h is for superuser only\n")); exit(EXIT_FAILURE); } init_remote_info(&cxt, optarg); @@ -1292,7 +1292,7 @@ int main(int argc, char **argv) return EXIT_SUCCESS; case '?': default: - fprintf(stderr, _("usage: login [ -p ] [ -h host ] [ -H ] [ -f username | username ]\n")); + fprintf(stderr, _("Usage: login [-p] [-h <host>] [-H] [[-f] <username>]\n")); exit(EXIT_FAILURE); } argc -= optind; -- 1.7.0.4
From c34b5ba9fa6ca16a99fcd46926dbf9095e163d6e Mon Sep 17 00:00:00 2001 From: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> Date: Wed, 29 May 2013 19:47:48 +0200 Subject: [PATCH 2/4] textual: standardize the spelling of "superuser" Signed-off-by: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> --- login-utils/su-common.c | 2 +- sys-utils/renice.1 | 6 +++--- term-utils/wall.1 | 2 +- term-utils/write.1 | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/login-utils/su-common.c b/login-utils/su-common.c index a41d015..ee34053 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -499,7 +499,7 @@ modify_environment (const struct passwd *pw, const char *shell) } else { - /* Set HOME, SHELL, and if not becoming a super-user, + /* Set HOME, SHELL, and (if not becoming a superuser) USER and LOGNAME. */ if (change_environment) { diff --git a/sys-utils/renice.1 b/sys-utils/renice.1 index 705138c..f90ebe2 100644 --- a/sys-utils/renice.1 +++ b/sys-utils/renice.1 @@ -83,12 +83,12 @@ PIDs 987 and 32, plus all processes owned by the users daemon and root: .TP .B " renice" +1 987 -u daemon root -p 32 .SH NOTES -Users other than the super-user may only alter the priority of processes they +Users other than the superuser may only alter the priority of processes they own, and can only monotonically increase their ``nice value'' (for security reasons) within the range 0 to .BR PRIO_MAX \ (20), unless a nice resource limit is set (Linux 2.6.12 and higher). The -super-user may alter the priority of any process and set the priority to any +superuser may alter the priority of any process and set the priority to any value in the range .BR PRIO_MIN \ (\-20) to @@ -104,7 +104,7 @@ to map user names to user IDs .BR getpriority (2), .BR setpriority (2) .SH BUGS -Non super-users can not increase scheduling priorities of their own processes, +Non-superusers cannot increase scheduling priorities of their own processes, even if they were the ones that decreased the priorities in the first place. .PP The Linux kernel (at least version 2.0.0) and linux libc (at least version diff --git a/term-utils/wall.1 b/term-utils/wall.1 index 88e816c..4d2a9f7 100644 --- a/term-utils/wall.1 +++ b/term-utils/wall.1 @@ -48,7 +48,7 @@ in users. The command will cut over 79 character long lines to new lines. Short lines are white space padded to have 79 characters. The command will always put carriage return and new line at the end of each line. .PP -Only the super-user can write on the terminals of users who have chosen to +Only the superuser can write on the terminals of users who have chosen to deny messages or are using a program which automatically denies messages. .PP Reading from a file is refused when the invoker is not superuser and the diff --git a/term-utils/write.1 b/term-utils/write.1 index b606575..33eb914 100644 --- a/term-utils/write.1 +++ b/term-utils/write.1 @@ -66,7 +66,7 @@ user will see the message .B EOF indicating that the conversation is over. .PP -You can prevent people (other than the super-user) from writing to you with +You can prevent people (other than the superuser) from writing to you with the .BR mesg (1) command. Some commands, for example -- 1.7.0.4
From daedff992d16c39a0d657db109dc963ddc0c4eb2 Mon Sep 17 00:00:00 2001 From: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> Date: Wed, 29 May 2013 19:53:38 +0200 Subject: [PATCH 3/4] textual: tiny alphabetical and grammatical tweak Signed-off-by: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> --- login-utils/su-common.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/login-utils/su-common.c b/login-utils/su-common.c index ee34053..8b08df1 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -632,7 +632,7 @@ usage (int status) fputs (_("\n" "Run <command> with the effective user ID and group ID of <user>. If -u is\n" "not given, fall back to su(1)-compatible semantics and execute standard shell.\n" - "The options -l, -c, -f, -s are mutually exclusive to -u.\n"), stdout); + "The options -c, -f, -l, and -s are mutually exclusive with -u.\n"), stdout); fputs(USAGE_OPTIONS, stdout); -- 1.7.0.4
From 436d77eda9c14f10300c5bba176fa60125ac0ba7 Mon Sep 17 00:00:00 2001 From: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> Date: Wed, 29 May 2013 20:09:20 +0200 Subject: [PATCH 4/4] docs: improve grammar and consistency of comments in login.c Signed-off-by: Benno Schulenberg <bensberg@xxxxxxxxxxxxx> --- login-utils/login.c | 162 ++++++++++++++++++++++++--------------------------- 1 files changed, 77 insertions(+), 85 deletions(-) diff --git a/login-utils/login.c b/login-utils/login.c index 37dc9d0..6df2910 100644 --- a/login-utils/login.c +++ b/login-utils/login.c @@ -110,13 +110,13 @@ struct login_context { char vcsan[VCS_PATH_MAX]; #endif - char *thishost; /* this machine */ - char *thisdomain; /* this machine domain */ - char *hostname; /* remote machine */ - char hostaddress[16]; /* remote address */ + char *thishost; /* this machine */ + char *thisdomain; /* this machine's domain */ + char *hostname; /* remote machine */ + char hostaddress[16]; /* remote address */ pid_t pid; - int quiet; /* 1 is hush file exists */ + int quiet; /* 1 if hush file exists */ unsigned int remote:1, /* login -h */ nohost:1, /* login -H */ @@ -125,7 +125,7 @@ struct login_context { }; /* - * This bounds the time given to login. Not a define so it can + * This bounds the time given to login. Not a define, so it can * be patched on machines where it's too small. */ static unsigned int timeout = LOGIN_TIMEOUT; @@ -154,7 +154,7 @@ static int is_consoletty(int fd) * soaking up pts's. What they seem to hung up on is trying to write out the * message 'Login timed out after %d seconds' when the connection has already * been dropped. - * What I did was add a second timeout while trying to write the message so + * What I did was add a second timeout while trying to write the message, so * the process just exits if the second timeout expires. */ static void __attribute__ ((__noreturn__)) @@ -182,11 +182,11 @@ static void timedout(int sig __attribute__ ((__unused__))) /* * This handler allows to inform a shell about signals to login. If you have - * (root) permissions you can kill all login childrent by one signal to login - * process. + * (root) permissions, you can kill all login children by one signal to the + * login process. * - * Also, parent who is session leader is able (before setsid() in child) to - * inform child when controlling tty goes away (e.g. modem hangup, SIGHUP). + * Also, a parent who is session leader is able (before setsid() in the child) + * to inform the child when the controlling tty goes away (e.g. modem hangup). */ static void sig_handler(int signal) { @@ -199,8 +199,8 @@ static void sig_handler(int signal) } /* - * Let use delay for all exit() calls when user is not authenticated or - * session fully initialized (loginpam_session()). + * Let us delay all exit() calls when the user is not authenticated + * or the session not fully initialized (loginpam_session()). */ static void __attribute__ ((__noreturn__)) sleepexit(int eval) { @@ -228,12 +228,12 @@ static const char *get_thishost(struct login_context *cxt, const char **domain) } /* - * Output the /etc/motd file + * Output the /etc/motd file. * - * motd() determines the name of a login announcement file and outputs it to - * the user's terminal at login time. The MOTD_FILE configuration option is a - * colon-delimited list of filenames. The empty MOTD_FILE option disables motd - * printing at all. + * It determines the name of a login announcement file and outputs it to the + * user's terminal at login time. The MOTD_FILE configuration option is a + * colon-delimited list of filenames. An empty MOTD_FILE option disables + * message-of-the-day printing completely. */ static void motd(void) { @@ -266,15 +266,15 @@ static void motd(void) } /* - * Nice and simple code provided by Linus Torvalds 16-Feb-93 - * Nonblocking stuff by Maciej W. Rozycki, macro@xxxxxxxxxxxxx, 1999. + * Nice and simple code provided by Linus Torvalds 16-Feb-93. + * Non-blocking stuff by Maciej W. Rozycki, macro@xxxxxxxxxxxxx, 1999. * * He writes: "Login performs open() on a tty in a blocking mode. * In some cases it may make login wait in open() for carrier infinitely, * for example if the line is a simplistic case of a three-wire serial - * connection. I believe login should open the line in the non-blocking mode + * connection. I believe login should open the line in non-blocking mode, * leaving the decision to make a connection to getty (where it actually - * belongs). + * belongs)." */ static void open_tty(const char *tty) { @@ -338,7 +338,7 @@ static void chown_tty(struct login_context *cxt) if (chmod(cxt->vcsn, cxt->tty_mode)) chmod_err(cxt->vcsn, cxt->tty_mode); - if (chown(cxt->vcsan, uid, gid)) /* vcsa */ + if (chown(cxt->vcsan, uid, gid)) /* vcsa */ chown_err(cxt->vcsan, uid, gid); if (chmod(cxt->vcsan, cxt->tty_mode)) chmod_err(cxt->vcsan, cxt->tty_mode); @@ -347,7 +347,7 @@ static void chown_tty(struct login_context *cxt) } /* - * Reads the currect terminal path and initialize cxt->tty_* variables. + * Reads the currect terminal path and initializes cxt->tty_* variables. */ static void init_tty(struct login_context *cxt) { @@ -418,7 +418,7 @@ static void init_tty(struct login_context *cxt) /* - * Log failed login attempts in _PATH_BTMP if that exists. + * Logs failed login attempts in _PATH_BTMP, if it exists. * Must be called only with username the name of an actual user. * The most common login failure is to give password instead of username. */ @@ -510,7 +510,7 @@ static void log_lastlog(struct login_context *cxt) goto done; /* - * Print last log message + * Print last log message. */ if (!cxt->quiet) { if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && @@ -546,7 +546,7 @@ done: } /* - * Update wtmp and utmp logs + * Update wtmp and utmp logs. */ static void log_utmp(struct login_context *cxt) { @@ -562,7 +562,7 @@ static void log_utmp(struct login_context *cxt) * login sometimes overwrites the runlevel entry in /var/run/utmp, * confusing sysvinit. I added a test for the entry type, and the * problem was gone. (In a runlevel entry, st_pid is not really a pid - * but some number calculated from the previous and current runlevel). + * but some number calculated from the previous and current runlevel.) * -- Michael Riepe <michael@xxxxxxxxxxxxxxxxxxxx> */ while ((utp = getutent())) @@ -572,8 +572,7 @@ static void log_utmp(struct login_context *cxt) break; /* If we can't find a pre-existing entry by pid, try by line. - * BSD network daemons may rely on this. - */ + * BSD network daemons may rely on this. */ if (utp == NULL && cxt->tty_name) { setutent(); ut.ut_type = LOGIN_PROCESS; @@ -582,7 +581,7 @@ static void log_utmp(struct login_context *cxt) } /* If we can't find a pre-existing entry by pid and line, try it by id. - * Very stupid telnetd deamons don't set up utmp at all (kzak) */ + * Very stupid telnetd daemons don't set up utmp at all. (kzak) */ if (utp == NULL && cxt->tty_number) { setutent(); ut.ut_type = DEAD_PROCESS; @@ -708,7 +707,7 @@ static void loginpam_err(pam_handle_t *pamh, int retcode) } /* - * Composes "<host> login: " string; or returns "login: " is -H is given + * Composes "<host> login: " string; or returns "login: " if -H is given. */ static const char *loginpam_get_prompt(struct login_context *cxt) { @@ -734,7 +733,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) /* * username is initialized to NULL and if specified on the command line - * it is set. Therefore, we are safe not setting it to anything + * it is set. Therefore, we are safe not setting it to anything. */ rc = pam_start(cxt->remote ? "remote" : "login", cxt->username, &cxt->conv, &pamh); @@ -746,8 +745,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) } /* hostname & tty are either set to NULL or their correct values, - * depending on how much we know - */ + * depending on how much we know. */ rc = pam_set_item(pamh, PAM_RHOST, cxt->hostname); if (is_pam_failure(rc)) loginpam_err(pamh, rc); @@ -765,7 +763,7 @@ static pam_handle_t *init_loginpam(struct login_context *cxt) if (is_pam_failure(rc)) loginpam_err(pamh, rc); - /* we need't the original username. We have to follow PAM. */ + /* We don't need the original username. We have to follow PAM. */ free(cxt->username); cxt->username = NULL; cxt->pamh = pamh; @@ -804,8 +802,8 @@ static void loginpam_auth(struct login_context *cxt) if (rc == PAM_USER_UNKNOWN && !show_unknown) /* - * logging unknown usernames may be a security issue if - * an user enter her password instead of her login name + * Logging unknown usernames may be a security issue if + * a user enters her password instead of her login name. */ cxt->username = NULL; else @@ -869,7 +867,7 @@ static void loginpam_acct(struct login_context *cxt) loginpam_err(pamh, rc); /* - * Grab the user information out of the password file for future usage + * Grab the user information out of the password file for future use. * First get the username that we are actually using, though. */ rc = loginpam_get_username(pamh, &cxt->username); @@ -886,15 +884,15 @@ static void loginpam_acct(struct login_context *cxt) } /* - * Note that position of the pam_setcred() call is discussable: + * Note that the position of the pam_setcred() call is discussable: * - * - the PAM docs recommends pam_setcred() before pam_open_session() + * - the PAM docs recommend pam_setcred() before pam_open_session() * - but the original RFC http://www.opengroup.org/rfc/mirror-rfc/rfc86.0.txt * uses pam_setcred() after pam_open_session() * * The old login versions (before year 2011) followed the RFC. This is probably - * not optimal, because there could be dependence between some session modules - * and user's credentials. + * not optimal, because there could be a dependence between some session modules + * and the user's credentials. * * The best is probably to follow openssh and call pam_setcred() before and * after pam_open_session(). -- kzak@xxxxxxxxxx (18-Nov-2011) @@ -923,9 +921,9 @@ static void loginpam_session(struct login_context *cxt) } /* - * We need to check effective UID/GID. For example $HOME could be on root - * squashed NFS or on NFS with UID mapping and access(2) uses real UID/GID. - * The open(2) seems as the surest solution. + * We need to check the effective UID/GID. For example, $HOME could be on a + * root-squashed NFS or on an NFS with UID mapping, and access(2) uses the + * real UID/GID. Then open(2) seems as the surest solution. * -- kzak@xxxxxxxxxx (10-Apr-2009) */ static int effective_access(const char *path, int mode) @@ -937,19 +935,19 @@ static int effective_access(const char *path, int mode) } /* - * Check per accout or global hush-login setting. + * Check the per-account or the global hush-login setting. * * Hushed mode is enabled: * - * a) if global (e.g. /etc/hushlogins) hush file exists: + * a) if a global (e.g. /etc/hushlogins) hush file exists: * 1) for ALL ACCOUNTS if the file is empty - * 2) for the current user if the username or shell are found in the file + * 2) for the current user if the username or shell is found in the file * - * b) if ~/.hushlogin file exists + * b) if a ~/.hushlogin file exists * - * The ~/.hushlogin is ignored if the global hush file exists. + * The ~/.hushlogin file is ignored if the global hush file exists. * - * The HUSHLOGIN_FILE login.def variable overwrites the default hush filename. + * The HUSHLOGIN_FILE login.def variable overrides the default hush filename. * * Note that shadow-utils login(1) does not support "a1)". The "a1)" is * necessary if you want to use PAM for "Last login" message. @@ -957,13 +955,13 @@ static int effective_access(const char *path, int mode) * -- Karel Zak <kzak@xxxxxxxxxx> (26-Aug-2011) * * - * Per-account check requires some explanation: As root we may not be able to - * read the directory of the user if it is on an NFS mounted filesystem. We - * temporarily set our effective uid to the user-uid making sure that we keep - * root privs. in the real uid. + * The per-account check requires some explanation: As root we may not be able + * to read the directory of the user if it is on an NFS-mounted filesystem. We + * temporarily set our effective uid to the user-uid, making sure that we keep + * root privileges in the real uid. * * A portable solution would require a fork(), but we rely on Linux having the - * BSD setreuid() + * BSD setreuid(). */ static int get_hushlogin_status(struct passwd *pwd) { @@ -986,7 +984,7 @@ static int get_hushlogin_status(struct passwd *pwd) file = files[i]; - /* Global hush-file*/ + /* global hush-file */ if (*file == '/') { struct stat st; FILE *f; @@ -1013,7 +1011,7 @@ static int get_hushlogin_status(struct passwd *pwd) return 0; /* ignore per-account files */ } - /* Per-account setting */ + /* per-account setting */ if (strlen(pwd->pw_dir) + sizeof(file) + 2 > sizeof(buf)) continue; else { @@ -1041,8 +1039,8 @@ static int get_hushlogin_status(struct passwd *pwd) } /* - * Detach the controlling terminal, fork, restore syslog stuff and create a new - * session. + * Detach the controlling terminal, fork, restore syslog stuff, and create + * a new session. */ static void fork_session(struct login_context *cxt) { @@ -1059,15 +1057,15 @@ static void fork_session(struct login_context *cxt) sigaction(SIGHUP, &sa, &oldsa_hup); /* ignore when TIOCNOTTY */ /* - * detach the controlling tty - * -- we needn't the tty in parent who waits for child only. - * The child calls setsid() that detach from the tty as well. + * Detach the controlling tty. + * We don't need the tty in a parent who only waits for a child. + * The child calls setsid() that detaches from the tty as well. */ ioctl(0, TIOCNOTTY, NULL); /* - * We have care about SIGTERM, because leave PAM session without - * pam_close_session() is pretty bad thing. + * We have to beware of SIGTERM, because leaving a PAM session + * without pam_close_session() is a pretty bad thing. */ sa.sa_handler = sig_handler; sigaction(SIGHUP, &sa, NULL); @@ -1076,14 +1074,11 @@ static void fork_session(struct login_context *cxt) closelog(); /* - * We must fork before setuid() because we need to call + * We must fork before setuid(), because we need to call * pam_close_session() as root. */ child_pid = fork(); if (child_pid < 0) { - /* - * fork() error - */ warn(_("fork failed")); pam_setcred(cxt->pamh, PAM_DELETE_CRED); @@ -1093,7 +1088,7 @@ static void fork_session(struct login_context *cxt) if (child_pid) { /* - * parent - wait for child to finish, then cleanup session + * parent - wait for child to finish, then clean up session */ close(0); close(1); @@ -1186,7 +1181,7 @@ static void init_environ(struct login_context *cxt) } /* - * Called for -h option, initialize cxt->{hostname,hostaddress} + * This is called for the -h option, initializes cxt->{hostname,hostaddress}. */ static void init_remote_info(struct login_context *cxt, char *remotehost) { @@ -1302,8 +1297,8 @@ int main(int argc, char **argv) char *p = *argv; cxt.username = xstrdup(p); - /* wipe name - some people mistype their password here */ - /* (of course we are too late, but perhaps this helps a little ..) */ + /* Wipe the name - some people mistype their password here. */ + /* (Of course we are too late, but perhaps this helps a little...) */ while (*p) *p++ = ' '; } @@ -1327,8 +1322,8 @@ int main(int argc, char **argv) /* * Authentication may be skipped (for example, during krlogin, rlogin, * etc...), but it doesn't mean that we can skip other account checks. - * The account could be disabled or password expired (although - * kerberos ticket is valid). -- kzak@xxxxxxxxxx (22-Feb-2006) + * The account could be disabled or the password has expired (although + * the kerberos ticket is valid). -- kzak@xxxxxxxxxx (22-Feb-2006) */ loginpam_acct(&cxt); @@ -1345,10 +1340,9 @@ int main(int argc, char **argv) /* * Initialize the supplementary group list. This should be done before - * pam_setcred because the PAM modules might add groups during - * pam_setcred. + * pam_setcred, because PAM modules might add groups during that call. * - * For root we don't call initgroups, instead we call setgroups with + * For root we don't call initgroups, instead we call setgroups with * group 0. This avoids the need to step through the whole group file, * which can cause problems if NIS, NIS+, LDAP or something similar * is used and the machine has network problems. @@ -1363,7 +1357,7 @@ int main(int argc, char **argv) } /* - * Open PAM session (after successful authentication and account check) + * Open PAM session (after successful authentication and account check). */ loginpam_session(&cxt); @@ -1420,12 +1414,12 @@ int main(int argc, char **argv) } /* - * Detach the controlling terminal, fork() and create, new session - * and reinilizalize syslog stuff. + * Detach the controlling terminal, fork, and create a new session + * and reinitialize syslog stuff. */ fork_session(&cxt); - /* discard permissions last so can't get killed and drop core */ + /* discard permissions last so we can't get killed and drop core */ if (setuid(pwd->pw_uid) < 0 && pwd->pw_uid) { syslog(LOG_ALERT, _("setuid() failed")); exit(EXIT_FAILURE); @@ -1475,5 +1469,3 @@ int main(int argc, char **argv) exit(EXIT_SUCCESS); } - - -- 1.7.0.4