You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
2.2 KiB
51 lines
2.2 KiB
.\" Hey, EMACS: -*- nroff -*- |
|
.\" First parameter, NAME, should be all caps |
|
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection |
|
.\" other parameters are allowed: see man(7), man(1) |
|
.TH EXECWRAP 8 "July 8, 2008" |
|
.\" Please adjust this date whenever revising the manpage. |
|
.\" |
|
.\" Some roff macros, for reference: |
|
.\" .nh disable hyphenation |
|
.\" .hy enable hyphenation |
|
.\" .ad l left justify |
|
.\" .ad b justify to both left and right margins |
|
.\" .nf disable filling |
|
.\" .fi enable filling |
|
.\" .br insert line break |
|
.\" .sp <n> insert n+1 empty lines |
|
.\" for manpage-specific macros, see man(7) |
|
.SH NAME |
|
execwrap \- a super-user exec wrapper |
|
.SH ENVIRONMENT |
|
.IP UID |
|
The UID to switch to. Only numerical values are accepted currently. |
|
.IP GID |
|
The GID to switch to. Only numerical values are accepted currently. |
|
.IP TARGET |
|
The target program to start. For security, it must be absolute and |
|
must not contain any ~ characters or ".." sub-strings. Of course the |
|
compiled-in prefix must also be a prefix of it. |
|
.IP CHECK_GID |
|
If set (to anything, even the empty string), the security checks will |
|
be slightly relaxed to allow targets owned by the target GID but not |
|
necessarily by the target UID, as well as allowing the target to be |
|
group-writable if owned by the target GID. Useful for projects where |
|
several people collaborate so file ownership can vary. |
|
.IP NON_RESIDENT |
|
If set (to anything), the wrapper will drop privileges and become the |
|
target process directly, instead of the default behaviour where it |
|
forks off before becoming the target, allowing SIGTERM to propagate |
|
from the caller of the wrapper, to the target. It is not recommended |
|
to set this, as it will make it impossible for the caller (usually a |
|
web-server) to terminate the target process, and thus prevents it |
|
from effectively managing it. |
|
.IP DEBUG |
|
If set (to anything), execwrap will log some debug messages to |
|
syslog (USE_SYSLOG needs to be enabled at compile time, which is |
|
the default). |
|
.SH AUTHOR |
|
execwrap was written by Sune Foldager. |
|
.PP |
|
This manual page was written by Stefan B\"uhler <stbuehler@web.de>, |
|
for the Debian project (but may be used by others).
|
|
|