2 <title>User service daemon and client specification</title>
3 <link rev=made href="mailto:ian@davenant.greenend.org.uk">
5 <h1>User service daemon and client specification</h1>
7 <h2><A name="abstract">
11 This is a specification for a Unix system facility to allow one
12 program to invoke another when only limited trust exists
20 <li><A href="ch-intro.html">1 Introduction</A>
21 <li><A href="ch-client.html">2 Client program usage
24 <li><A href="ch-client.html#s2.1">2.1</A> Options
25 <li><A href="ch-client.html#s-optoverride">2.2</A> Security-overriding options
27 <li><A href="ch-envir.html">3 Execution environment of the service program</A>
29 <li><A href="ch-envir.html#s3.1">3.1</A> File descriptors
30 <li><A href="ch-envir.html#s3.2">3.2</A> Environment
32 <li><A href="ch-config.html">4 Service-side configuration</A>
34 <li><A href="ch-config.html#s4.1">4.1</A> Configuration file syntax
35 <li><A href="ch-config.html#s-directives">4.2</A> Configuration file directives
36 <li><A href="ch-config.html#s-configerrors">4.3</A> Errors in the configuration file
37 <li><A href="ch-config.html#s-defaults">4.4</A> Defaults
39 <li><A href="ch-ipass.html">5 Information passed through the client/daemon combination</A>
40 <li><A href="ch-notes.html">6 Applications and notes on use</A>
42 <li><A href="ch-notes.html#s-standards">6.1</A> Standard services and directory management
43 <li><A href="ch-notes.html#s-reducepriv">6.2</A> Reducing the number of absolutely privileged subsystems
44 <li><A href="ch-notes.html#s-noexcess">6.3</A> Do not give away excessive privilege to <kbd>userv</kbd>-using facilities
45 <li><A href="ch-notes.html#s-notreally">6.4</A> <kbd>userv</kbd> is not a replacement for <kbd>really</kbd> and <kbd>sudo</kbd>
46 <li><A href="ch-notes.html#s-nogeneral">6.5</A> Don't give access to general-purpose utilities
49 <hr><h2><A name="copyright">0.3 Copyright</A></h2>
50 <kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.<P>
52 <kbd>userv</kbd> is free software; you can redistribute it and/or modify
53 it under the terms of the GNU General Public License as published by
54 the Free Software Foundation; either version 2 of the License, or (at
55 your option) any later version.<P>
57 This program is distributed in the hope that it will be useful, but
58 <em>without any warranty</em>; without even the implied warranty of
59 <em>merchantability</em> or <em>fitness for a particular purpose</em>. See
60 the GNU General Public License for more details.<P>
62 You should have received a copy of the GNU General Public License
63 along with <kbd>userv</kbd>; if not, write to the Free Software
64 Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
66 User service daemon and client specification
67 - <A href="#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
69 <A href="#toc">Contents</A>; <A href="#abstract">abstract</A>.
72 Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>