--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Information passed through the client/daemon combination</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 5<br>
+Information passed through the client/daemon combination
+</h1>
+
+The information described below is the only information which passes
+between the caller and the service.
+
+<ul>
+<li>The service name supplied by the caller is available in the
+configuration language for deciding whether and which service program
+to invoke, in the <kbd>service</kbd> parameter, and is used by the
+<kbd>execute-from-directory</kbd> and <kbd>execute-from-path</kbd>
+configuration directives. It is usually used to select which service
+program to invoke. It is also passed to the service program in the
+<kbd>USERV_SERVICE</kbd> environment variable.
+<p><li>File descriptors specified by the client and allowed according to the
+configuration language will be connected. Each file descriptor is
+opened for reading or writing. Communication is via pipes, one end of
+each pipe being open on the appropriate file descriptor in the service
+program (when it is invoked) and the other end being held by the
+client process, which will read and write files it opens on behalf of
+its caller or file descriptors it is passed by its caller.<P>
+
+Data may be passed into the service through reading pipes and out of
+it through writing pipes. These pipes can remain open only until the
+service and client have terminated, or can be made to stay open after
+the client has terminated and (if the service program forks) the main
+service process has exited; the behaviour is controlled by options
+passed to the client by its caller.<P>
+
+The caller can arrange that a writing pipe be connected to a pipe or
+similar object and cause attempts to write to that descriptor by the
+service to generate a <kbd>SIGPIPE</kbd> (or <kbd>EPIPE</kbd> if
+<kbd>SIGPIPE</kbd> is caught or ignored) in the service.<P>
+
+Likewise, the service can close filedescriptors specified for reading,
+which will cause the corresponding filedescriptors passed by the
+caller to be closed, so that if these are pipes processes which write
+to them will receive <kbd>SIGPIPE</kbd> or <kbd>EPIPE</kbd>.
+<p><li>If <kbd>no-suppress-args</kbd> is set then arguments passed to the client
+by its caller will be passed on, verbatim, to the service.
+<p><li>Fatal signals and system call failures experienced by the client will
+result in the disconnection of the service from the client and
+possibly some of the communication file descriptors described above;
+if <kbd>disconnect-hup</kbd> is set then the service will also be sent a
+<kbd>SIGHUP</kbd>.
+<p><li>The value of the <kbd>LOGNAME</kbd> (or <kbd>USER</kbd>) environment variable
+as passed to the client will be used as the login name of the calling
+user if the uid of the calling process matches the uid corresponding
+to that login name. Otherwise the calling uid's password entry will
+be used to determine the calling user's login name.<P>
+
+This login name and the calling uid are available in the configuration
+language in the <kbd>calling-user</kbd> parameter and are passed to the
+service program in environment variables <kbd>USERV_USER</kbd> and
+<kbd>USERV_UID</kbd>.<P>
+
+The shell corresponding to that login name (according to the password
+entry) is available as in the configuration language's
+<kbd>calling-user-shell</kbd> parameter.<P>
+
+If no relevant password entry can be found then no service will be
+invoked.
+<p><li>The numeric values and textual names for calling gid and supplementary
+group list are available in the configuration language in the
+<kbd>calling-group</kbd> parameter and are passed to the service in
+environment variables.<P>
+
+If no name can be found for a numeric group to which the calling
+process belongs then no service will be invoked.
+<p><li>The name of the current working directory in which the client was
+invoked is passed, if available and not hidden using <kbd>--hidecwd</kbd>,
+to the service program in the <kbd>USERV_CWD</kbd> variable. This grants no
+special access to that directory unless it is a subdirectory of a
+directory which is executable (searchable) but not readable by the
+service user.
+<p><li>Settings specified by the caller using the <code>--defvar
+</code><var>name</var><code>=</code><var>value</var><code></code> option to the client are available in the
+configuration language as the corresponding <code>u-</code><var>name</var><code></code>
+parameters and are passed to the service program in environment
+variables <code>USERV_U_</code><var>name</var><code></code>.
+<p><li>If the calling user is root or the same as the service user then
+options may be given to the client which bypass the usual security
+features; in this case other information may pass between the caller
+and the service.
+<p></ul>
+
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-notes.html">next</A>; <A href="ch-config.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
~ian / userv.git / blobdiff