summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/index.html2
-rw-r--r--doc/s6-rc-compile.html32
-rw-r--r--doc/s6-rc.html9
-rw-r--r--doc/upgrade.html5
4 files changed, 16 insertions, 32 deletions
diff --git a/doc/index.html b/doc/index.html
index 625121f..07f35f9 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -66,7 +66,7 @@ scripts are also run in a controlled environment.
<ul>
<li> The current released version of s6-rc is
-<a href="s6-rc-0.4.1.1.tar.gz">0.4.1.1</a>. </li>
+<a href="s6-rc-0.5.0.0.tar.gz">0.5.0.0</a>. </li>
<li> Alternatively, you can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-rc/">s6-rc
git repository</a>:
diff --git a/doc/s6-rc-compile.html b/doc/s6-rc-compile.html
index 57a6b95..d931b91 100644
--- a/doc/s6-rc-compile.html
+++ b/doc/s6-rc-compile.html
@@ -36,7 +36,7 @@ the current service database via
<h2> Interface </h2>
<pre>
- s6-rc-compile [ -v <em>verbosity</em> ] [ -u <em>uids</em> ] [ -g <em>gids</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em>
+ s6-rc-compile [ -v <em>verbosity</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em>
</pre>
<ul>
@@ -64,14 +64,6 @@ services declared in every <em>source</em> argument. </li>
verbose. Default is 1: warning and error messages will be printed to
stderr. 0 silences warnings. 2 adds a bit more information about
what s6-rc-compile is doing. 3 or more is heavy debug output. </li>
- <li> <tt>-u&nbsp;<em>uids</em></tt>&nbsp;: list users allowed to
-use this database with <a href="s6-rc.html">s6-rc</a> to start and
-stop services. <em>uids</em> must be a comma-separated list of
-numerical UIDs. </li>
- <li> <tt>-g&nbsp;<em>gids</em></tt>&nbsp;: list groups allowed to
-use this database with <a href="s6-rc.html">s6-rc</a> to start and
-stop services. <em>gids</em> must be a comma-separated list of
-numerical GIDs. </li>
<li> <tt>-h&nbsp;<em>fdhuser</em></tt>&nbsp;: arrange for the
<a href="//skarnet.org/software/s6/s6-fdholder-daemon.html">s6-fdholder-daemon</a>
program, which maintains the pipes for the longrun pipelines, to run
@@ -84,24 +76,6 @@ should not change anything in practice, and you can ignore
that option. </li>
</ul>
-<p>
- If the <tt>-u</tt> or <tt>-g</tt> option is used, then <tt>0</tt>
-must be explicitly listed in <em>uids</em> in order to allow root
-to operate the database. If neither option is used, then root
-(and only root) is implicitly allowed.
-</p>
-
-<p>
- It is important to <em>only</em> use the <tt>-u</tt> or <tt>-g</tt>
-options when the user owning the supervision tree is not root. The
-internal s6-rc mechanisms allow uids and gids specified by those
-options to run any oneshot in the compiled service database as the
-user owning the supervision tree;
-if that user is root, this becomes an avenue for unwanted
-privilege gain. Only specify users that have the right to operate
-the supervision tree!
-</p>
-
<h2> Source format </h2>
<p>
@@ -408,6 +382,10 @@ following an invocation of <a href="s6-rc-init.html">s6-rc-init</a> or
and it must not be deleted. The only way to "free" such a compiled database
for displacement or deletion is to replace it as the live one via another
call to <a href="s6-rc-update.html">s6-rc-update</a>. </li>
+ <li> No matter what user compiles the database, only root and the
+user owning the supervision tree at run-time will be able
+to operate the compiled database with the <a href="s6-rc.html">s6-rc</a>
+command. </li>
</ul>
diff --git a/doc/s6-rc.html b/doc/s6-rc.html
index 8aa530c..85a223e 100644
--- a/doc/s6-rc.html
+++ b/doc/s6-rc.html
@@ -35,9 +35,12 @@ should be achieved by a single <tt>s6-rc change</tt> invocation.
</p>
<p>
- Except in test installations with specifically made compiled
-databases and live directories, s6-rc should only be run as root -
-especially when asking for a state change.
+ s6-rc should only be run by the user owning the underlying
+<a href="//skarnet.org/software/s6/">s6</a> supervision tree. It can
+also be run by root even if the supervision tree is not owned
+by root, but in this case the services will always be started and
+stopped by the user owning the supervision tree - they will not have
+root privileges.
</p>
<h2> Interface </h2>
diff --git a/doc/upgrade.html b/doc/upgrade.html
index d186ffc..5fc4cee 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -30,7 +30,7 @@ minor and bugfix version changes.
<h1> What has changed in s6-rc </h1>
-<h2> in 0.4.1.1 </h2>
+<h2> in 0.5.0.0 </h2>
<ul>
<li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
@@ -39,6 +39,9 @@ dependency bumped to 2.8.0.0. </li>
dependency bumped to 2.5.0.2. </li>
<li> <a href="//skarnet.org/software/s6/">s6</a>
dependency bumped to 2.8.0.0. </li>
+ <li> <a href="s6-rc-compile.html">s6-rc-compile</a> does not support the <tt>-u</tt>
+or <tt>-g</tt> options anymore; instead, at any time, the user who can operate
+a s6-rc database is the user who owns the supervision tree. </li>
</ul>
<h2> in 0.4.1.0 </h2>