tools: source the "Permission denied" message from the OS (#159)

src/shadow-core/Cargo.toml

@@ -18,6 +18,7 @@ path = "src/lib.rs"
 libc = { workspace = true }
 rustix = { workspace = true }
 thiserror = { workspace = true }
+uucore = { workspace = true }
 zeroize = { workspace = true }
 subtle = { workspace = true }
 landlock = { workspace = true, optional = true }

src/shadow-core/src/lib.rs

@@ -10,6 +10,7 @@
 
 pub mod cli;
 pub mod error;
+pub mod os_error;
 pub mod passwd;
 pub mod validate;
 

src/shadow-core/src/os_error.rs

@@ -0,0 +1,40 @@
+// This file is part of the shadow-rs package.
+//
+// For the full copyright and license information, please view the LICENSE
+// file that was distributed with this source code.
+
+//! Error text sourced from the operating system instead of hardcoded.
+//!
+//! Wording for conditions that map to a libc `errno` is taken from the OS
+//! (libc's `strerror`, surfaced through [`std::io::Error`]) rather than
+//! carried as a string literal in our tree. This keeps the text matching the
+//! host OS and lets glibc translate it on localized systems — the same way
+//! GNU coreutils renders system errors (e.g. `cat: /tmp: Is a directory`).
+//! See issue #159.
+
+/// The OS message for `EACCES` ("Permission denied"), sourced from libc.
+///
+/// Rendered as "Permission denied" on English locales and the translated
+/// equivalent elsewhere; on a libc that does not translate (musl) it is the
+/// untranslated English text. `strip_errno` (the helper uucore uses for its
+/// own I/O errors) drops the " (os error N)" suffix that `io::Error`'s
+/// `Display` appends, leaving the bare OS message — matching coreutils output.
+#[must_use]
+pub fn permission_denied() -> String {
+    uucore::error::strip_errno(&std::io::Error::from_raw_os_error(libc::EACCES))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn permission_denied_is_bare_os_message() {
+        let msg = permission_denied();
+        // Non-empty, and the bare OS text — not Rust's "... (os error 13)"
+        // rendering (the regression that suffix-stripping prevents). We assert
+        // the shape, not the exact wording, since libc may localize it.
+        assert!(!msg.is_empty());
+        assert!(!msg.contains("(os error"), "got: {msg:?}");
+    }
+}

src/uu/chage/src/chage.rs

@@ -274,15 +274,20 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
             let current_user = shadow_core::hardening::current_username()
                 .map_err(|e| ChageError::UnexpectedFailure(e.to_string()))?;
             if current_user != *login {
-                return Err(ChageError::PermissionDenied("Permission denied.".into()).into());
+                return Err(ChageError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
         }
         return cmd_list(&root, login);
     }
 
     // All modification flags require root.
     if !shadow_core::hardening::caller_is_root() {
-        return Err(ChageError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            ChageError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     if !has_modifications {

src/uu/chpasswd/src/chpasswd.rs

@@ -186,7 +186,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // chpasswd always requires root.
     if !shadow_core::hardening::caller_is_root() {
-        return Err(ChpasswdError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            ChpasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     let is_encrypted = matches.get_flag(options::ENCRYPTED);

src/uu/groupadd/src/groupadd.rs

@@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupaddError::AlreadyPrinted(1).into());
     }
 

src/uu/groupdel/src/groupdel.rs

@@ -97,7 +97,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupdelError::AlreadyPrinted(1).into());
     }
 

src/uu/groupmod/src/groupmod.rs

@@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupmodError::AlreadyPrinted(1).into());
     }
 

src/uu/passwd/src/passwd.rs

@@ -188,12 +188,18 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
         // Non-root users can only view their own status.
         if !shadow_core::hardening::caller_is_root() {
             if show_all {
-                return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+                return Err(PasswdError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
             let current_user = shadow_core::hardening::current_username()
                 .map_err(|e| PasswdError::UnexpectedFailure(e.to_string()))?;
             if current_user != target_user {
-                return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+                return Err(PasswdError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
         }
 
@@ -218,7 +224,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     // caller to be root. Non-root users can only change their own password
     // (the default PAM path below).
     if (has_mutation || has_aging) && !shadow_core::hardening::caller_is_root() {
-        return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            PasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     // When a mutation flag and aging flags are both present, apply both in a

src/uu/useradd/src/useradd.rs

@@ -290,7 +290,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // Only root can add users.
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(UseraddError::AlreadyPrinted(1).into());
     }
 

src/uu/userdel/src/userdel.rs

@@ -97,7 +97,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // Must be root.
     if !rustix::process::getuid().is_root() {
-        return Err(UserdelError::CantUpdatePasswd("Permission denied.".into()).into());
+        return Err(
+            UserdelError::CantUpdatePasswd(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     // Read the user's home directory and UID from /etc/passwd BEFORE removing

src/uu/usermod/src/usermod.rs

@@ -99,7 +99,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     let root = SysRoot::new(prefix);
 
     if !rustix::process::getuid().is_root() {
-        return Err(UsermodError::CantUpdate("Permission denied.".into()).into());
+        return Err(UsermodError::CantUpdate(shadow_core::os_error::permission_denied()).into());
     }
 
     // Block signals for the passwd lock→write critical section only.