From ebfd0ba17e0d4b220725018d16e294e8e22a1745 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 15 Jan 2015 20:51:39 +0000 Subject: Move Unix domain socket and access control stuff to s6. Move seekablepipe to s6-portable-utils. Version: 2.0.1.0, release candidate --- doc/s6-sudod.html | 165 ------------------------------------------------------ 1 file changed, 165 deletions(-) delete mode 100644 doc/s6-sudod.html (limited to 'doc/s6-sudod.html') diff --git a/doc/s6-sudod.html b/doc/s6-sudod.html deleted file mode 100644 index c783736..0000000 --- a/doc/s6-sudod.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - s6-networking: the s6-sudod program - - - - - - -

-s6-networking
-Software
-skarnet.org -

- -

The s6-sudod program

- -

-s6-sudod receives command-line arguments, environment variables -and standard descriptors from a peer s6-sudoc -program over a Unix socket, then forks another program. -

- -

Interface

- -
-     s6-sudod [ -0 ] [ -1 ] [ -2 ] [ -s ] [ -t timeout ] [ sargv... ]
-
- - - -

Environment

- -

-s6-sudod transmits its own environment to its child, plus the environment sent -by s6-sudoc, filtered in the following manner: -for every variable sent by s6-sudoc, if the -variable is present but empty in s6-sudod's environment, then -its value is overriden by the value given by s6-sudoc. A variable that is -already nonempty, or that doesn't exist, in s6-sudod's environment, will not -be transmitted to the child. -

- -

Options

- - - -

Usage example

- -

- The typical use of s6-sudod is in a -local service with a -s6-ipcserver process listening on a Unix -socket, a s6-ipcserver-access process -performing client authentication and access control, and possibly a -s6-envdir -process setting up the environment variables that will be accepted by -s6-sudod. The following script, meant to be a run script in a -service directory, -will set up a privileged program: -

- -
-#!/command/execlineb -P
-fdmove -c 2 1
-s6-envuidgid serveruser
-s6-ipcserver -U -- serversocket
-s6-ipcserver-access -v2 -l0 -i rules --
-exec -c
-s6-envdir env
-s6-sudod
-sargv
-
- - - -

- This means that user clientuser running -s6-sudo serversocket cargv will be -able, if authorized by the configuration in rules, to run -sargv cargv as user serveruser, with stdin, -stdout, stderr and the environment variables properly listed in env -transmitted to sargv. -

- -

Notes

- - - - - -- cgit v1.2.3