summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/index.html2
-rw-r--r--doc/s6-sudod.html15
-rw-r--r--doc/upgrade.html6
3 files changed, 20 insertions, 3 deletions
diff --git a/doc/index.html b/doc/index.html
index dadb82d..540e646 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -103,7 +103,7 @@ certain binaries that spawn scripts interpreted with
<h3> Download </h3>
<ul>
- <li> The current released version of s6 is <a href="s6-2.9.1.0.tar.gz">2.9.1.0</a>. </li>
+ <li> The current released version of s6 is <a href="s6-2.9.2.0.tar.gz">2.9.2.0</a>. </li>
<li> Alternatively, you can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6/">s6
git repository</a>:
diff --git a/doc/s6-sudod.html b/doc/s6-sudod.html
index 171de48..53ec2f7 100644
--- a/doc/s6-sudod.html
+++ b/doc/s6-sudod.html
@@ -27,7 +27,7 @@ program over a Unix socket, then forks another program.
<h2> Interface </h2>
<pre>
- s6-sudod [ -0 ] [ -1 ] [ -2 ] [ -t <em>timeout</em> ] [ <em>sargv...</em> ]
+ s6-sudod [ -0 ] [ -1 ] [ -2 ] [ -d ] [ -t <em>timeout</em> ] [ <em>sargv...</em> ]
</pre>
<ul>
@@ -66,6 +66,11 @@ run with its stdout pointing to <tt>/dev/null</tt> instead. </li>
<li> <tt>-2</tt>&nbsp;: do not inherit stderr from s6-sudoc. The child will be
run with its stderr being a copy of s6-sudod's stderr instead. (This is useful
to still log the child's error messages without sending them to the client.) </li>
+ <li> <tt>-d</tt>&nbsp;: detach. The child will keep running until it naturally
+exits, even if the client disconnects. Setting this option also enforces
+<tt>-0</tt>, <tt>-1</tt> and <tt>-2</tt>. Bear in mind that this option
+relinquishes a lot of control over the child, and administrators should make sure
+it is appropriately short-lived. </li>
<li> <tt>-t&nbsp;<em>timeout</em></tt>&nbsp;: if s6-sudod has not
received all the needed data from the client after <em>timeout</em>
milliseconds, it will exit without spawning a child. By default, <em>timeout</em>
@@ -150,7 +155,8 @@ transmitted to <em>sargv</em>.
<h2> Notes </h2>
<ul>
- <li> If s6-sudoc is killed, or exits after <em>timeoutrun</em> milliseconds,
+ <li> If the <tt>-d</tt> option to s6-sudod has not been given, and
+s6-sudoc is killed (or exits after <em>timeoutrun</em> milliseconds)
while the server program is still running, s6-sudod will send a SIGTERM and a
SIGCONT to its child, then exit 1. However, sending a SIGTERM to the child
does not guarantee that it will die; and
@@ -164,6 +170,11 @@ handled transparently by the s6-sudoc + s6-sudod mechanism. The mechanism
was designed to allow programs to gain privileges in specific situations:
short-lived, simple, noninteractive processes. It was not designed to emulate
the full suid functionality and will not go out of its way to do so. </li>
+ <li> Administrators should also make sure that it's not a problem if
+s6-sudod's child keeps running after the s6-sudoc client exits, if they
+have given the <tt>-d</tt> option to s6-sudod. In particular, they should
+study what happens if another connection to the same service occurs while
+an instance is still running. </li>
<li> <em>sargv</em> may be empty. In that case, the client is in complete
control of the command line executed as <em>serveruser</em>. This setup is
permitted by s6-sudod, but it is very dangerous, and extreme attention should
diff --git a/doc/upgrade.html b/doc/upgrade.html
index bbf96f1..f7413f5 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,6 +18,12 @@
<h1> What has changed in s6 </h1>
+<h2> in 2.9.2.0 </h2>
+
+<ul>
+ <li> New <tt>-d</tt> option to <a href="s6-sudod.html">s6-sudod</a>. </li>
+</ul>
+
<h2> in 2.9.1.0 </h2>
<ul>