X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=spec.html%2Fch-client.html;fp=spec.html%2Fch-client.html;h=32c080bd7fd0e5a6a32b2e75b6023d806be456fd;hp=fe1b980cfe8d00ac852bb0d0a242159d519a3fa9;hb=80bd586772a9f17d9235801b4727136d94a96862;hpb=59fb8163fff0941358976353d6f98a7156e593f2 diff --git a/spec.html/ch-client.html b/spec.html/ch-client.html index fe1b980..32c080b 100644 --- a/spec.html/ch-client.html +++ b/spec.html/ch-client.html @@ -1,324 +1,407 @@ - +
+ +
-userv options [--] service-user service-name [argument ...] -userv options -B|--builtin [--] builtin-service [info-argument ...] + userv options [--] service-user service-name [argument ...] + userv options -B|--builtin [--] builtin-service [info-argument ...]- + +
-service-user specifies which user is to provide the service. -The user may be a login name or a numeric uid, or - to indicate -that the service user is to be the same as the calling user. -
+service-user specifies which user is to provide the service. The +user may be a login name or a numeric uid, or - to indicate that +the service user is to be the same as the calling user.-The service name is interpreted by the userv[1] -daemon on behalf of the service user. It will often be the name of a -program. -
+The service name is interpreted by the userv[1] daemon on behalf of the service user. It will often be the +name of a program.-Single-letter options may be combined as is usual with Unix programs, -and the value for such an option may appear in the same argument or in -the next. - +Single-letter options may be combined as is usual with Unix programs, and the +value for such an option may appear in the same argument or in the next.
--override
option to specify a string consisting of
+--override
option to specify a string consisting of
execute-builtin
followed by the builtin-service
requested, and requesting a service user of - (indicating the
calling user).
-If the builtin service being requested requires a
-service-argument then this must be supplied to the client in the
-same argument as the builtin-service. See Directives for changing execution settings, subsection 4.2.4 for details of the builtin services available,
-and Security-overriding options, section 2.2 for details of the --override
-options.
+
+If the builtin service being requested requires a service-argument
+then this must be supplied to the client in the same argument as the
+builtin-service. See Directives for changing execution
+settings, Section 4.2.4 for details of the builtin services available, and
+Security-overriding options, Section
+2.2 for details of the --override
options.
+
The actual service name passed will be the builtin-service; note
-that this actual service name (as opposed to the override data) and
-the info-arguments supplied will be ignored by most builtin
-services; the override mechanism and execute-builtin
will be
-used to ensure that the right builtin service is called with the right
+that this actual service name (as opposed to the override data) and the
+info-arguments supplied will be ignored by most builtin services;
+the override mechanism and execute-builtin
will be used to ensure
+that the right builtin service is called with the right
service-arguments.
+
cat
invoked by the client; the other file descriptor passed to
+cat
will be one inherited by the client program from the caller or
+one opened by the client program on behalf of the caller.
-cat
invoked by the client; the
-other file descriptor passed to cat
will be one inherited by
-the client program from the caller or one opened by the client program
-on behalf of the caller.
-
+The descriptor in the service program that should be connected must be -specified as fd, either as a decimal number or as one of the -strings stdin, stdout or stderr. The next argument is -a filename which will be opened by the client with the privileges of -the calling user. +specified as fd, either as a decimal number or as one of the strings +stdin, stdout or stderr. The next +argument is a filename which will be opened by the client with the privileges +of the calling user. -modifiers is used to specify whether the file or descriptor is -to be read from or written to. It consists of a series of words -separated by commas. A comma may separate the modifiers from -the fd and is required if fd is not numeric. +
+modifiers is used to specify whether the file or descriptor is to be +read from or written to. It consists of a series of words separated by commas. +A comma may separate the modifiers from the fd and is +required if fd is not numeric.
The modifier words are: -
-If no modifiers which imply read or write are used it -is as if write had been specified, except that if the -filedescriptor 0 of the service is being opened (either specified -numerically or with stdin) it is as if overwrite had been +If no modifiers which imply read or write +are used it is as if write had been specified, except that if the +filedescriptor 0 of the service is being opened (either specified numerically +or with stdin) it is as if overwrite had been specified (or write if only fd was specified). -
The client will also use O_NOCTTY when opening files specified by the caller, to avoid changing its controlling terminal. -
-By default stdin, stdout and stderr of the service will be connected -to the corresponding descriptors on the client. Diagnostics from -the client and daemon will also appear on stderr. -
+By default stdin, stdout and stderr of the service will be connected to the +corresponding descriptors on the client. Diagnostics from the client and +daemon will also appear on stderr.If wait is specified, the client will wait for the pipe to be -closed, and only exit after this has happened. This means that either -the receiving end of the pipe connection was closed while data was -still available at the sending end, or that the end of file was -reached on the reading file descriptor. Errors encountered reading or -writing in the client at this stage will be considered a system error -and cause the client to exit with status 255, but will not cause -disconnection at the service side since the service has already -exited. -
+closed, and only exit after this has happened. This means that either the +receiving end of the pipe connection was closed while data was still available +at the sending end, or that the end of file was reached on the reading file +descriptor. Errors encountered reading or writing in the client at this stage +will be considered a system error and cause the client to exit with status 255, +but will not cause disconnection at the service side since the service has +already exited.
If close is specified the client will immediately close the pipe
connection by killing the relevant copy of cat
. If the service
-uses the descriptor it will get SIGPIPE
(or EPIPE
) for a
-writing descriptor or end of file for a reading one; the descriptor
+uses the descriptor it will get SIGPIPE
(or EPIPE
)
+for a writing descriptor or end of file for a reading one; the descriptor
opened by or passed to the client will also be closed.
-
If nowait is specified then the client will not wait and the -connection will remain open after the client terminates. Data may -continue to be passed between the inheritors of the relevant -descriptor on the service side and the corresponding file or -descriptor on the client side until either side closes their -descriptor. This should not usually be specified for stderr (or -stdout if --signals stdout is used) since diagnostics from -the service side may arrive after the client has exited and be -confused with expected output. -
+connection will remain open after the client terminates. Data may continue to +be passed between the inheritors of the relevant descriptor on the service side +and the corresponding file or descriptor on the client side until either side +closes their descriptor. This should not usually be specified for stderr (or +stdout if --signals stdout is used) since diagnostics from the +service side may arrive after the client has exited and be confused with +expected output.-The default is wait for writing file descriptors and close -for reading ones. -
- ---file
or --fdwait
option - even by a
+The default is wait for writing file descriptors and
+close for reading ones.
+--file
or --fdwait
option - even by a
--file
which does not specify an action on termination (in this
case the default will be used, as described above).
-
-_exit
, so that only numbers from 0 to 255 can be returned and
-not the full range of numbers and signal indications which can be
-returned by the wait
family of system calls.)
+_exit
, so that
+only numbers from 0 to 255 can be returned and not the full range of numbers
+and signal indications which can be returned by the wait
family of
+system calls.)
The method may be one of the following: -
-Problems such as client usage errors, the service not being found or -permission being denied or failure of a system call are system errors. -An error message describing the problem will be printed on the -client's stderr, and the client's exit status will be 255. If the -client dies due to a signal this should be treated as a serious system -error. -
- -SIGPIPE
the exit
-status of the client will be zero, even if it would have been
-something else according to the exit status method specified. This
-option has no effect on the code and description printed if the exit
-status method stdout is in use.
-
-SIGPIPE
the exit
+status of the client will be zero, even if it would have been something else
+according to the exit status method specified. This option has no effect on
+the code and description printed if the exit status method stdout
+is in use.
+-There are also some options which are available for debugging and to -allow the system administrator to override a user's policy. These -options are available only if the client is called by root or if the -calling user is the same as the service user. - +There are also some options which are available for debugging and to allow the +system administrator to override a user's policy. These options are available +only if the client is called by root or if the calling user is the same as the +service user.
+User service daemon and client specification
-1.0.1ian@davenant.greenend.org.uk
+