From nobody Tue Aug 19 12:50:48 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c5qFN6mwZz64sNt;
	Tue, 19 Aug 2025 12:50:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4c5qFN61gPz3KtH;
	Tue, 19 Aug 2025 12:50:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1755607848;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4k5WYg0N8wF9N8Lyton+q/s6d09GsqhYv0AgfC+1k70=;
	b=Av9FhtisBt/+7rkc3T5ELHJkk3bkUW7iGAVehV0yt/tl2FBh4zn0ya1KzW+4q4CGRrEft6
	r4q9bAAU5iRDttYukoKgjA1ldCb5Gpk/GvlersRT92Ntei/xveZGvVHiaqhVsg7n/s8YKX
	yZD//bgLXJHeiAiYx7ItmDR94TYIMQWuMYkuC8T8P3KU9kgHhZKCg0fH3Ku4yjUfUFterz
	k7VDvZrGhivqY8PgZv+iBtIe73j+e4o7S78ppX5SXjD+r/kbVPovcji5pqUVm8HxtPYQJz
	FgtOdE63WmHZLRpKYbVgXen3+YANOQTzpMTgoXw4pIE/HMPlIEW1t2Nj4DFumw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1755607848;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4k5WYg0N8wF9N8Lyton+q/s6d09GsqhYv0AgfC+1k70=;
	b=k/XBMlPtABi69wmVWF1224KMDNSzJ/WOSizZ0F3N/SW/3sknN58poTIksV9Pn/SsjVq5f6
	zHfOgUzjwPUp9SkChhGMo38nk/oWBeEpAW8qQC34kOH8tQFG1RMPAIIHlasGytCDjuGOSZ
	G3haRdbHJ4eA9hfoPfATYYge/PWsd+KTqT+6gFXPt1gSr+l7h2QEtQP/DLb4DoaA7jaLlj
	hC0tloCCQL7VTJT4dkFz2ksGjxOXriU7obO/CWMLV2BN2rXJhHjxstJ13v4lP6B7jGjau9
	KMnZDBOCHkkbnDg5EPyoDseUhh95ZLPTzDSopf2EcZ+CdU5Yu/qqVXl++NFZLg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755607848; a=rsa-sha256; cv=none;
	b=EDVs54Q10QmxPDXQndiEIBACo1/52pULk/3cYO4cM0DPHwzl9MXwKacgHiPpzLkF74TB9m
	spIVaAJ+qfzaetiWkOyH2NuWFAzF3eA31vhQtcSuea9ZcgNmlmaEWXMHrLwAVO2b+XNDa+
	I9jJgfsoGl9yPPfDNJyqu0FVnT5UfynlJgTDoLtCf/bd9ovftBCfMrpDZxKMIsAjOZuqX3
	M3KqcrH3ej5ne5QA51OAZRuj+lwbj892JPYoAuI2vfXePk3mCySDo0lWqippqU5KHrxtGk
	DSukLqVxZtgLxI1cMm0Nvlex3OeSm7t2ck3caNpQagB6iusXPvz/M0tDCkBEsw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c5qFN5c41zCJM;
	Tue, 19 Aug 2025 12:50:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57JCombE078383;
	Tue, 19 Aug 2025 12:50:48 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57JComoL078380;
	Tue, 19 Aug 2025 12:50:48 GMT
	(envelope-from git)
Date: Tue, 19 Aug 2025 12:50:48 GMT
Message-Id: <202508191250.57JComoL078380@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 142b4309f42d - main - pw: Skip root check with alternate
  root
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 142b4309f42d5018a92ad5e08943fd1081a9ea57
Auto-Submitted: auto-generated

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=142b4309f42d5018a92ad5e08943fd1081a9ea57

commit 142b4309f42d5018a92ad5e08943fd1081a9ea57
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-06-06 01:27:50 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-08-19 12:48:35 +0000

    pw: Skip root check with alternate root
    
    pw may be run by an unprivileged user for creating an image or jail.
    EPERM will still be reported from the file open if the user does not
    have appropriate permission.
    
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D50710
---
 usr.sbin/pw/pw.8      |  9 +++++++--
 usr.sbin/pw/pw.c      |  1 +
 usr.sbin/pw/pw_user.c | 18 ++++++++++++------
 usr.sbin/pw/pwupd.h   |  1 +
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/usr.sbin/pw/pw.8 b/usr.sbin/pw/pw.8
index c72623ee05b3..5eae810b6732 100644
--- a/usr.sbin/pw/pw.8
+++ b/usr.sbin/pw/pw.8
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 29, 2024
+.Dd August 19, 2025
 .Dt PW 8
 .Os
 .Sh NAME
@@ -191,7 +191,12 @@ utility handles updating the
 .Xr master.passwd 5 ,
 .Xr group 5
 and the secure and insecure
-password database files, and must be run as root.
+password database files, and must be run as root
+.Po except when using
+.Fl R
+or
+.Fl V
+.Pc .
 .Pp
 The first one or two keywords provided to
 .Nm
diff --git a/usr.sbin/pw/pw.c b/usr.sbin/pw/pw.c
index fc17f6dba022..a4c95258f3bb 100644
--- a/usr.sbin/pw/pw.c
+++ b/usr.sbin/pw/pw.c
@@ -162,6 +162,7 @@ main(int argc, char *argv[])
 				snprintf(conf.etcpath, sizeof(conf.etcpath),
 				    "%s%s", optarg, arg == 'R' ?
 				    _PATH_PWD : "");
+				conf.altroot = true;
 			} else
 				break;
 		}
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c
index d9fd8c77c13e..8a9a4342f5ef 100644
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@@ -238,6 +238,13 @@ perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd)
 	}
 }
 
+static void
+pw_check_root(void)
+{
+	if (!conf.altroot && geteuid() != 0)
+		errx(EX_NOPERM, "you must be root");
+}
+
 /*
  * The M_LOCK and M_UNLOCK functions simply add or remove
  * a "*LOCKED*" prefix from in front of the password to
@@ -256,8 +263,7 @@ pw_userlock(char *arg1, int mode)
 	bool locked = false;
 	uid_t id = (uid_t)-1;
 
-	if (geteuid() != 0)
-		errx(EX_NOPERM, "you must be root");
+	pw_check_root();
 
 	if (arg1 == NULL)
 		errx(EX_DATAERR, "username or id required");
@@ -1324,8 +1330,8 @@ pw_user_add(int argc, char **argv, char *arg1)
 	if (argc > 0)
 		usage();
 
-	if (geteuid() != 0 && ! dryrun)
-		errx(EX_NOPERM, "you must be root");
+	if (!dryrun)
+		pw_check_root();
 
 	if (quiet)
 		freopen(_PATH_DEVNULL, "w", stderr);
@@ -1641,8 +1647,8 @@ pw_user_mod(int argc, char **argv, char *arg1)
 	if (argc > 0)
 		usage();
 
-	if (geteuid() != 0 && ! dryrun)
-		errx(EX_NOPERM, "you must be root");
+	if (!dryrun)
+		pw_check_root();
 
 	if (quiet)
 		freopen(_PATH_DEVNULL, "w", stderr);
diff --git a/usr.sbin/pw/pwupd.h b/usr.sbin/pw/pwupd.h
index 262b044e07fc..a39a022ca309 100644
--- a/usr.sbin/pw/pwupd.h
+++ b/usr.sbin/pw/pwupd.h
@@ -78,6 +78,7 @@ struct pwconf {
 	char		 etcpath[MAXPATHLEN];
 	int		 fd;
 	int		 rootfd;
+	bool		 altroot;
 	bool		 checkduplicate;
 };