stbuehler
/
execwrap
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
196 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
execwrap/execwrap.8

51 lines
2.2 KiB
Raw Permalink Blame History

.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH EXECWRAP 8 "July 8, 2008"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
execwrap \- a super-user exec wrapper
.SH ENVIRONMENT
.IP UID
The UID to switch to. Only numerical values are accepted currently.
.IP GID
The GID to switch to. Only numerical values are accepted currently.
.IP TARGET
The target program to start. For security, it must be absolute and
must not contain any ~ characters or ".." sub-strings. Of course the
compiled-in prefix must also be a prefix of it.
.IP CHECK_GID
If set (to anything, even the empty string), the security checks will
be slightly relaxed to allow targets owned by the target GID but not
necessarily by the target UID, as well as allowing the target to be
group-writable if owned by the target GID. Useful for projects where
several people collaborate so file ownership can vary.
.IP NON_RESIDENT
If set (to anything), the wrapper will drop privileges and become the
target process directly, instead of the default behaviour where it
forks off before becoming the target, allowing SIGTERM to propagate
from the caller of the wrapper, to the target. It is not recommended
to set this, as it will make it impossible for the caller (usually a
web-server) to terminate the target process, and thus prevents it
from effectively managing it.
.IP DEBUG
If set (to anything), execwrap will log some debug messages to
syslog (USE_SYSLOG needs to be enabled at compile time, which is
the default).
.SH AUTHOR
execwrap was written by Sune Foldager.
.PP
This manual page was written by Stefan B\"uhler <stbuehler@web.de>,
for the Debian project (but may be used by others).