diff options
Diffstat (limited to 'doc/s6-rc-compile.html')
| -rw-r--r-- | doc/s6-rc-compile.html | 32 |
1 files changed, 5 insertions, 27 deletions
diff --git a/doc/s6-rc-compile.html b/doc/s6-rc-compile.html index 57a6b95..d931b91 100644 --- a/doc/s6-rc-compile.html +++ b/doc/s6-rc-compile.html @@ -36,7 +36,7 @@ the current service database via <h2> Interface </h2> <pre> - s6-rc-compile [ -v <em>verbosity</em> ] [ -u <em>uids</em> ] [ -g <em>gids</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em> + s6-rc-compile [ -v <em>verbosity</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em> </pre> <ul> @@ -64,14 +64,6 @@ services declared in every <em>source</em> argument. </li> verbose. Default is 1: warning and error messages will be printed to stderr. 0 silences warnings. 2 adds a bit more information about what s6-rc-compile is doing. 3 or more is heavy debug output. </li> - <li> <tt>-u <em>uids</em></tt> : list users allowed to -use this database with <a href="s6-rc.html">s6-rc</a> to start and -stop services. <em>uids</em> must be a comma-separated list of -numerical UIDs. </li> - <li> <tt>-g <em>gids</em></tt> : list groups allowed to -use this database with <a href="s6-rc.html">s6-rc</a> to start and -stop services. <em>gids</em> must be a comma-separated list of -numerical GIDs. </li> <li> <tt>-h <em>fdhuser</em></tt> : arrange for the <a href="//skarnet.org/software/s6/s6-fdholder-daemon.html">s6-fdholder-daemon</a> program, which maintains the pipes for the longrun pipelines, to run @@ -84,24 +76,6 @@ should not change anything in practice, and you can ignore that option. </li> </ul> -<p> - If the <tt>-u</tt> or <tt>-g</tt> option is used, then <tt>0</tt> -must be explicitly listed in <em>uids</em> in order to allow root -to operate the database. If neither option is used, then root -(and only root) is implicitly allowed. -</p> - -<p> - It is important to <em>only</em> use the <tt>-u</tt> or <tt>-g</tt> -options when the user owning the supervision tree is not root. The -internal s6-rc mechanisms allow uids and gids specified by those -options to run any oneshot in the compiled service database as the -user owning the supervision tree; -if that user is root, this becomes an avenue for unwanted -privilege gain. Only specify users that have the right to operate -the supervision tree! -</p> - <h2> Source format </h2> <p> @@ -408,6 +382,10 @@ following an invocation of <a href="s6-rc-init.html">s6-rc-init</a> or and it must not be deleted. The only way to "free" such a compiled database for displacement or deletion is to replace it as the live one via another call to <a href="s6-rc-update.html">s6-rc-update</a>. </li> + <li> No matter what user compiles the database, only root and the +user owning the supervision tree at run-time will be able +to operate the compiled database with the <a href="s6-rc.html">s6-rc</a> +command. </li> </ul> |