stbuehler
/
execwrap
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
execwrap/execwrap.8

52 lines
2.2KB
Raw Permalink Blame History 

  1. .\"                                      Hey, EMACS: -*- nroff -*-

  2. .\" First parameter, NAME, should be all caps

  3. .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection

  4. .\" other parameters are allowed: see man(7), man(1)

  5. .TH EXECWRAP 8 "July  8, 2008"

  6. .\" Please adjust this date whenever revising the manpage.

  7. .\"

  8. .\" Some roff macros, for reference:

  9. .\" .nh        disable hyphenation

  10. .\" .hy        enable hyphenation

  11. .\" .ad l      left justify

  12. .\" .ad b      justify to both left and right margins

  13. .\" .nf        disable filling

  14. .\" .fi        enable filling

  15. .\" .br        insert line break

  16. .\" .sp <n>    insert n+1 empty lines

  17. .\" for manpage-specific macros, see man(7)

  18. .SH NAME

  19. execwrap \- a super-user exec wrapper

  20. .SH ENVIRONMENT

  21. .IP UID

  22. The UID to switch to. Only numerical values are accepted currently.

  23. .IP GID

  24. The GID to switch to. Only numerical values are accepted currently.

  25. .IP TARGET

  26. The target program to start. For security, it must be absolute and

  27. must not contain any ~ characters or ".." sub-strings. Of course the

  28. compiled-in prefix must also be a prefix of it.

  29. .IP CHECK_GID

  30. If set (to anything, even the empty string), the security checks will

  31. be slightly relaxed to allow targets owned by the target GID but not

  32. necessarily by the target UID, as well as allowing the target to be

  33. group-writable if owned by the target GID. Useful for projects where

  34. several people collaborate so file ownership can vary.

  35. .IP NON_RESIDENT

  36. If set (to anything), the wrapper will drop privileges and become the

  37. target process directly, instead of the default behaviour where it

  38. forks off before becoming the target, allowing SIGTERM to propagate

  39. from the caller of the wrapper, to the target. It is not recommended

  40. to set this, as it will make it impossible for the caller (usually a

  41. web-server) to terminate the target process, and thus prevents it

  42. from effectively managing it.

  43. .IP DEBUG

  44. If set (to anything), execwrap will log some debug messages to

  45. syslog (USE_SYSLOG needs to be enabled at compile time, which is

  46. the default).

  47. .SH AUTHOR

  48. execwrap was written by Sune Foldager.

  49. .PP

  50. This manual page was written by Stefan B\"uhler <stbuehler@web.de>,

  51. for the Debian project (but may be used by others).