.\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH EXECWRAP 8 "July 8, 2008" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME execwrap \- a super-user exec wrapper .SH ENVIRONMENT .IP UID The UID to switch to. Only numerical values are accepted currently. .IP GID The GID to switch to. Only numerical values are accepted currently. .IP TARGET The target program to start. For security, it must be absolute and must not contain any ~ characters or ".." sub-strings. Of course the compiled-in prefix must also be a prefix of it. .IP CHECK_GID If set (to anything, even the empty string), the security checks will be slightly relaxed to allow targets owned by the target GID but not necessarily by the target UID, as well as allowing the target to be group-writable if owned by the target GID. Useful for projects where several people collaborate so file ownership can vary. .IP NON_RESIDENT If set (to anything), the wrapper will drop privileges and become the target process directly, instead of the default behaviour where it forks off before becoming the target, allowing SIGTERM to propagate from the caller of the wrapper, to the target. It is not recommended to set this, as it will make it impossible for the caller (usually a web-server) to terminate the target process, and thus prevents it from effectively managing it. .IP DEBUG If set (to anything), execwrap will log some debug messages to syslog (USE_SYSLOG needs to be enabled at compile time, which is the default). .SH AUTHOR execwrap was written by Sune Foldager. .PP This manual page was written by Stefan B\"uhler , for the Debian project (but may be used by others).