You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

52 lines
2.2KB

  1. .\" Hey, EMACS: -*- nroff -*-
  2. .\" First parameter, NAME, should be all caps
  3. .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
  4. .\" other parameters are allowed: see man(7), man(1)
  5. .TH EXECWRAP 8 "July 8, 2008"
  6. .\" Please adjust this date whenever revising the manpage.
  7. .\"
  8. .\" Some roff macros, for reference:
  9. .\" .nh disable hyphenation
  10. .\" .hy enable hyphenation
  11. .\" .ad l left justify
  12. .\" .ad b justify to both left and right margins
  13. .\" .nf disable filling
  14. .\" .fi enable filling
  15. .\" .br insert line break
  16. .\" .sp <n> insert n+1 empty lines
  17. .\" for manpage-specific macros, see man(7)
  18. .SH NAME
  19. execwrap \- a super-user exec wrapper
  20. .SH ENVIRONMENT
  21. .IP UID
  22. The UID to switch to. Only numerical values are accepted currently.
  23. .IP GID
  24. The GID to switch to. Only numerical values are accepted currently.
  25. .IP TARGET
  26. The target program to start. For security, it must be absolute and
  27. must not contain any ~ characters or ".." sub-strings. Of course the
  28. compiled-in prefix must also be a prefix of it.
  29. .IP CHECK_GID
  30. If set (to anything, even the empty string), the security checks will
  31. be slightly relaxed to allow targets owned by the target GID but not
  32. necessarily by the target UID, as well as allowing the target to be
  33. group-writable if owned by the target GID. Useful for projects where
  34. several people collaborate so file ownership can vary.
  35. .IP NON_RESIDENT
  36. If set (to anything), the wrapper will drop privileges and become the
  37. target process directly, instead of the default behaviour where it
  38. forks off before becoming the target, allowing SIGTERM to propagate
  39. from the caller of the wrapper, to the target. It is not recommended
  40. to set this, as it will make it impossible for the caller (usually a
  41. web-server) to terminate the target process, and thus prevents it
  42. from effectively managing it.
  43. .IP DEBUG
  44. If set (to anything), execwrap will log some debug messages to
  45. syslog (USE_SYSLOG needs to be enabled at compile time, which is
  46. the default).
  47. .SH AUTHOR
  48. execwrap was written by Sune Foldager.
  49. .PP
  50. This manual page was written by Stefan B\"uhler <stbuehler@web.de>,
  51. for the Debian project (but may be used by others).