From 8c22e88befbd6ce76acdc9371683dca43425235e Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Mon, 4 Feb 2019 20:20:54 +0000
Subject:  Scrap s6-rc-compile -u/-g, implement uid/self instead. Prepare for
 0.5.0.0

---
 doc/s6-rc-compile.html | 32 +++++---------------------------
 1 file changed, 5 insertions(+), 27 deletions(-)

(limited to 'doc/s6-rc-compile.html')

diff --git a/doc/s6-rc-compile.html b/doc/s6-rc-compile.html
index 57a6b95..d931b91 100644
--- a/doc/s6-rc-compile.html
+++ b/doc/s6-rc-compile.html
@@ -36,7 +36,7 @@ the current service database via
 <h2> Interface </h2>
 
 <pre>
-     s6-rc-compile [ -v <em>verbosity</em> ] [ -u <em>uids</em> ] [ -g <em>gids</em> ] [ -h <em>fdhuser</em> ]  [ -b ] <em>compiled</em> <em>source...</em>
+     s6-rc-compile [ -v <em>verbosity</em> ] [ -h <em>fdhuser</em> ]  [ -b ] <em>compiled</em> <em>source...</em>
 </pre>
 
 <ul>
@@ -64,14 +64,6 @@ services declared in every <em>source</em> argument. </li>
 verbose. Default is 1: warning and error messages will be printed to
 stderr. 0 silences warnings. 2 adds a bit more information about
 what s6-rc-compile is doing. 3 or more is heavy debug output. </li>
- <li> <tt>-u&nbsp;<em>uids</em></tt>&nbsp;: list users allowed to
-use this database with <a href="s6-rc.html">s6-rc</a> to start and
-stop services. <em>uids</em> must be a comma-separated list of
-numerical UIDs. </li>
- <li> <tt>-g&nbsp;<em>gids</em></tt>&nbsp;: list groups allowed to
-use this database with <a href="s6-rc.html">s6-rc</a> to start and
-stop services. <em>gids</em> must be a comma-separated list of
-numerical GIDs. </li>
  <li> <tt>-h&nbsp;<em>fdhuser</em></tt>&nbsp;: arrange for the
 <a href="//skarnet.org/software/s6/s6-fdholder-daemon.html">s6-fdholder-daemon</a>
 program, which maintains the pipes for the longrun pipelines, to run
@@ -84,24 +76,6 @@ should not change anything in practice, and you can ignore
 that option. </li>
 </ul>
 
-<p>
- If the <tt>-u</tt> or <tt>-g</tt> option is used, then <tt>0</tt>
-must be explicitly listed in <em>uids</em> in order to allow root
-to operate the database. If neither option is used, then root
-(and only root) is implicitly allowed.
-</p>
-
-<p>
- It is important to <em>only</em> use the <tt>-u</tt> or <tt>-g</tt>
-options when the user owning the supervision tree is not root. The
-internal s6-rc mechanisms allow uids and gids specified by those
-options to run any oneshot in the compiled service database as the
-user owning the supervision tree;
-if that user is root, this becomes an avenue for unwanted
-privilege gain. Only specify users that have the right to operate
-the supervision tree!
-</p>
-
 <h2> Source format </h2>
 
 <p>
@@ -408,6 +382,10 @@ following an invocation of <a href="s6-rc-init.html">s6-rc-init</a> or
 and it must not be deleted. The only way to "free" such a compiled database
 for displacement or deletion is to replace it as the live one via another
 call to <a href="s6-rc-update.html">s6-rc-update</a>. </li>
+ <li> No matter what user compiles the database, only root and the
+user owning the supervision tree at run-time will be able
+to operate the compiled database with the <a href="s6-rc.html">s6-rc</a>
+command. </li>
 </ul>
 
 
-- 
cgit v1.2.3