diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2015-09-11 17:04:18 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2015-09-11 17:04:18 +0000 |
commit | 716dde0b12532bb814c3cc8fedd99b8d16b3cf07 (patch) | |
tree | 3f18f3a2e9e8c0527130645c66cbd5ad02a4260b /doc/s6-rc-compile.html | |
parent | 7df8376ba885bb87e4e84a8489bdf0f97accf4cf (diff) | |
download | s6-rc-716dde0b12532bb814c3cc8fedd99b8d16b3cf07.tar.xz |
s6-rc-update doc, bugfix
Diffstat (limited to 'doc/s6-rc-compile.html')
-rw-r--r-- | doc/s6-rc-compile.html | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/doc/s6-rc-compile.html b/doc/s6-rc-compile.html index 0c1afc1..8e4b279 100644 --- a/doc/s6-rc-compile.html +++ b/doc/s6-rc-compile.html @@ -86,6 +86,16 @@ to operate the database. If neither option is used, then root (and only root) is implicitly allowed. </p> +<p> + It is important to <em>only</em> use the <tt>-u</tt> or <tt>-g</tt> +options when the user owning the supervision tree is not root. The +internal s6-rc mechanisms allow uids and gids specified by those +options to run any program as the user owning the supervision tree; +if that user is root, this becomes an easy avenue for unwanted +privilege gain. Only specify users that have the right to operate +the supervision tree! +</p> + <h2> Source format </h2> <p> @@ -363,7 +373,7 @@ Linux system running <a href="http://skarnet.org/software/">skarnet.org</a> packages; of course, only the service definition set has been kept, and private information has been removed, so it won't work out-of-the-box without the proper specific files, -notably configuration in <tt>/etc/</tt> - but nevertheless, you can browse the +notably configuration in <tt>/etc</tt> - but nevertheless, you can browse the source and understand what it does, and adapt it to your own needs. It will compile as is with <tt>s6-rc-compile</tt>, and you can examine the |