chiark
/
gitweb
/
~ian
/
userv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
debian/control: Add missing build-dependency on flex. Fixes FTBFS. Report from Aurel...
[userv.git]
/
userv.1
diff --git
a/userv.1
b/userv.1
index 67a8b2bc987d0051fe49aa30c7caa2ce6a5d02fa..74640a62d2acfa8ccd2d784f753d4e2dab8228ad 100644
(file)
--- a/
userv.1
+++ b/
userv.1
@@
-3,7
+3,7
@@
.\" copyright section, below.
.Dd November 3, 1999
.Dt USERV 1
.\" copyright section, below.
.Dd November 3, 1999
.Dt USERV 1
-.Os "userv
1.0.0
"
+.Os "userv"
.Sh NAME
.Nm userv
.Nd request user services
.Sh NAME
.Nm userv
.Nd request user services
@@
-26,18
+26,18
@@
.Nm userv
is used to have a task performed under different userid while
maintaining limited trust between caller and callee.
.Nm userv
is used to have a task performed under different userid while
maintaining limited trust between caller and callee.
-
+.Pp
.Ar service-user
specifies which user account is to perform the task. The user may be
a login name or a numeric uid, or
.Ql -
to indicate that the service user is to be the same as the calling
user.
.Ar service-user
specifies which user account is to perform the task. The user may be
a login name or a numeric uid, or
.Ql -
to indicate that the service user is to be the same as the calling
user.
-
+.Pp
The service name is interpreted by the userv daemon on behalf of the
service user. This is controlled by configuration files in the
service user's filespace; consult the userv specification for details.
The service name is interpreted by the userv daemon on behalf of the
service user. This is controlled by configuration files in the
service user's filespace; consult the userv specification for details.
-.S
s Options
+.S
h OPTIONS
Single-letter options may be combined as is usual with Unix programs,
and the value for such an option may appear in the same argument or in
the next.
Single-letter options may be combined as is usual with Unix programs,
and the value for such an option may appear in the same argument or in
the next.
@@
-53,7
+53,7
@@
followed by the
requested, and requesting a service user of
.Ql -
(indicating the calling user).
requested, and requesting a service user of
.Ql -
(indicating the calling user).
-
+.Pp
If the builtin service being requested requires a
.Ar service-argument
then this must be supplied to the client in the
If the builtin service being requested requires a
.Ar service-argument
then this must be supplied to the client in the
@@
-67,7
+67,7
@@
for details of the builtin services available,
and below for details of the
.Fl -override
options.
and below for details of the
.Fl -override
options.
-
+.Pp
The actual service name passed will be the
.Ar builtin-service ;
note
The actual service name passed will be the
.Ar builtin-service ;
note
@@
-95,7
+95,7
@@
invoked by the client; the other file descriptor passed to
.Nm cat
will be one inherited by the client program from the caller or one
opened by the client program on behalf of the caller.
.Nm cat
will be one inherited by the client program from the caller or one
opened by the client program on behalf of the caller.
-
+.Pp
The descriptor in the service program that should be connected must be
specified as
.Ar fd ,
The descriptor in the service program that should be connected must be
specified as
.Ar fd ,
@@
-107,7
+107,7
@@
or
.Ql stderr .
The next argument is a filename which will be opened by the client
with the privileges of the calling user.
.Ql stderr .
The next argument is a filename which will be opened by the client
with the privileges of the calling user.
-
+.Pp
.Ar modifiers
is used to specify whether the file or descriptor is to be read from
or written to. It consists of a series of words separated by commas.
.Ar modifiers
is used to specify whether the file or descriptor is to be read from
or written to. It consists of a series of words separated by commas.
@@
-145,6
+145,11
@@
Equivalent to
Creates the file if necessary. Implies
.Ql write .
.It Ic exclusive , excl
Creates the file if necessary. Implies
.Ql write .
.It Ic exclusive , excl
+.Dv O_EXCL:
+Fails if the file already exists. Implies write and create. May
+not be used with
+.Ql truncate .
+.It Ic truncate , trunc
.Dv O_TRUNC:
Truncate any existing file. Implies
.Ql write .
.Dv O_TRUNC:
Truncate any existing file. Implies
.Ql write .
@@
-182,7
+187,7
@@
or
.Ql stderr
for file descriptor 0, 1 or 2 respectively.
.El
.Ql stderr
for file descriptor 0, 1 or 2 respectively.
.El
-
+.Pp
If no
.Ar modifiers
which imply
If no
.Ar modifiers
which imply
@@
-201,12
+206,12
@@
had been specified (or
if only
.Ql fd
was specified).
if only
.Ql fd
was specified).
-
+.Pp
The client will also use
.Dv O_NOCTTY
when opening files specified by the caller, to avoid changing its
controlling terminal.
The client will also use
.Dv O_NOCTTY
when opening files specified by the caller, to avoid changing its
controlling terminal.
-
+.Pp
By default
.Va stdin ,
.Va stdout
By default
.Va stdin ,
.Va stdout
@@
-216,7
+221,7
@@
of the service will be connected to the corresponding descriptors on
the client. Diagnostics from the client and daemon will also appear
on
.Va stderr .
the client. Diagnostics from the client and daemon will also appear
on
.Va stderr .
-
+.Pp
If
.Ql wait
is specified, the client will wait for the pipe to be closed, and only
If
.Ql wait
is specified, the client will wait for the pipe to be closed, and only
@@
-227,7
+232,7
@@
file descriptor. Errors encountered reading or writing in the client
at this stage will be considered a system error and cause the client
to exit with status 255, but will not cause disconnection at the
service side since the service has already exited.
at this stage will be considered a system error and cause the client
to exit with status 255, but will not cause disconnection at the
service side since the service has already exited.
-
+.Pp
If
.Ql close
is specified the client will immediately close the pipe connection by
If
.Ql close
is specified the client will immediately close the pipe connection by
@@
-239,7
+244,7
@@
If the service uses the descriptor it will get
.Er EPIPE )
for a writing descriptor or end of file for a reading one; the
descriptor opened by or passed to the client will also be closed.
.Er EPIPE )
for a writing descriptor or end of file for a reading one; the
descriptor opened by or passed to the client will also be closed.
-
+.Pp
If
.Ql nowait
is specified then the client will not wait and the
If
.Ql nowait
is specified then the client will not wait and the
@@
-255,7
+260,7
@@
if
.Ql "--signals stdout"
is used) since diagnostics from the service side may arrive after the
client has exited and be confused with expected output.
.Ql "--signals stdout"
is used) since diagnostics from the service side may arrive after the
client has exited and be confused with expected output.
-
+.Pp
The default is
.Ql wait
for writing file descriptors and
The default is
.Ql wait
for writing file descriptors and
@@
-318,7
+323,7
@@
so that only numbers from 0 to 255 can be returned and not the full
range of numbers and signal indications which can be returned by the
.Fn wait
family of system calls.)
range of numbers and signal indications which can be returned by the
.Fn wait
family of system calls.)
-
+.Pp
The
.Ar method
may be one of the following:
The
.Ar method
may be one of the following:
@@
-357,7
+362,7
@@
which case no exit status and description will be printed to
and an error message will be printed to
.Va stderr
as usual.
and an error message will be printed to
.Va stderr
as usual.
-
+.Pp
Problems such as client usage errors, the service not being found or
permission being denied or failure of a system call are system errors.
An error message describing the problem will be printed on the
Problems such as client usage errors, the service not being found or
permission being denied or failure of a system call are system errors.
An error message describing the problem will be printed on the
@@
-383,7
+388,7
@@
Prints the client's usage message.
.It Fl -copyright
Prints the copyright and lack of warranty notice.
.El
.It Fl -copyright
Prints the copyright and lack of warranty notice.
.El
-.S
s Security-overriding options
+.S
h SECURITY-OVERRIDING OPTIONS
There are also some options which are available for debugging and to
allow the system administrator to override a user's policy. These
options are available only if the client is called by root or if the
There are also some options which are available for debugging and to
allow the system administrator to override a user's policy. These
options are available only if the client is called by root or if the
@@
-424,6
+429,7
@@
These are used to determine the name of the calling user, to be passed
to the service in
.Ev USERV_USER .
Their values will only be used if they correspond to the calling UID.
to the service in
.Ev USERV_USER .
Their values will only be used if they correspond to the calling UID.
+.El
.Sh FILES
.Bl -tag -width Pa
.It Pa /var/run/userv/socket
.Sh FILES
.Bl -tag -width Pa
.It Pa /var/run/userv/socket
@@
-443,18
+449,19
@@
service.
.%A Ian Jackson
.Re
.Sh COPYRIGHT
.%A Ian Jackson
.Re
.Sh COPYRIGHT
-GNU userv is Copyright (C)1996-2000 Ian Jackson, except that this
-manpage is Copyright (C)2000 Ben Harris.
-
+GNU userv is copyright Ian Jackson and other contributors.
+See README or
+.Dv userv --copright
+for full authorship information.
+.Pp
GNU userv is licensed under the terms of the GNU General Public
GNU userv is licensed under the terms of the GNU General Public
-Licence, version
2
or (at your option) any later version, and it comes
+Licence, version
3
or (at your option) any later version, and it comes
with NO WARRANTY, not even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for details.
with NO WARRANTY, not even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for details.
-
+.Pp
You should have received a copy of the GNU General Public License
You should have received a copy of the GNU General Public License
-along with userv, if not, write to the Free Software Foundation, 59
-Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+along with userv, if not, see http://www.gnu.org/licenses/
.Sh HISTORY
.Nm
was initially written in 1996 by Ian Jackson. It became
.Sh HISTORY
.Nm
was initially written in 1996 by Ian Jackson. It became