X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=userv.1;h=7987402a69f5410560ae8b2adef461dfcfecf368;hp=a092063101d4f6bbf5dcbb71d83bf129b19ebe6a;hb=5c38f6a9b5774073832e2b483b0c01b4f3261cb5;hpb=9a32edf5db3a4d321f030ed22c95ab8e8387fadb;ds=sidebyside diff --git a/userv.1 b/userv.1 index a092063..7987402 100644 --- a/userv.1 +++ b/userv.1 @@ -3,7 +3,7 @@ .\" copyright section, below. .Dd November 3, 1999 .Dt USERV 1 -.Os "userv 1.0.0" +.Os "userv" .Sh NAME .Nm userv .Nd request user services @@ -26,18 +26,18 @@ .Nm userv is used to have a task performed under different userid while maintaining limited trust between caller and callee. - +.Pp .Ar service-user specifies which user account is to perform the task. The user may be a login name or a numeric uid, or .Ql - to indicate that the service user is to be the same as the calling user. - +.Pp The service name is interpreted by the userv daemon on behalf of the service user. This is controlled by configuration files in the service user's filespace; consult the userv specification for details. -.Ss Options +.Sh OPTIONS Single-letter options may be combined as is usual with Unix programs, and the value for such an option may appear in the same argument or in the next. @@ -53,7 +53,7 @@ followed by the requested, and requesting a service user of .Ql - (indicating the calling user). - +.Pp If the builtin service being requested requires a .Ar service-argument then this must be supplied to the client in the @@ -67,7 +67,7 @@ for details of the builtin services available, and below for details of the .Fl -override options. - +.Pp The actual service name passed will be the .Ar builtin-service ; note @@ -95,7 +95,7 @@ invoked by the client; the other file descriptor passed to .Nm cat will be one inherited by the client program from the caller or one opened by the client program on behalf of the caller. - +.Pp The descriptor in the service program that should be connected must be specified as .Ar fd , @@ -107,7 +107,7 @@ or .Ql stderr . The next argument is a filename which will be opened by the client with the privileges of the calling user. - +.Pp .Ar modifiers is used to specify whether the file or descriptor is to be read from or written to. It consists of a series of words separated by commas. @@ -187,7 +187,7 @@ or .Ql stderr for file descriptor 0, 1 or 2 respectively. .El - +.Pp If no .Ar modifiers which imply @@ -206,12 +206,12 @@ had been specified (or if only .Ql fd was specified). - +.Pp The client will also use .Dv O_NOCTTY when opening files specified by the caller, to avoid changing its controlling terminal. - +.Pp By default .Va stdin , .Va stdout @@ -221,7 +221,7 @@ of the service will be connected to the corresponding descriptors on the client. Diagnostics from the client and daemon will also appear on .Va stderr . - +.Pp If .Ql wait is specified, the client will wait for the pipe to be closed, and only @@ -232,7 +232,7 @@ file descriptor. Errors encountered reading or writing in the client at this stage will be considered a system error and cause the client to exit with status 255, but will not cause disconnection at the service side since the service has already exited. - +.Pp If .Ql close is specified the client will immediately close the pipe connection by @@ -244,7 +244,7 @@ If the service uses the descriptor it will get .Er EPIPE ) for a writing descriptor or end of file for a reading one; the descriptor opened by or passed to the client will also be closed. - +.Pp If .Ql nowait is specified then the client will not wait and the @@ -260,7 +260,7 @@ if .Ql "--signals stdout" is used) since diagnostics from the service side may arrive after the client has exited and be confused with expected output. - +.Pp The default is .Ql wait for writing file descriptors and @@ -323,7 +323,7 @@ so that only numbers from 0 to 255 can be returned and not the full range of numbers and signal indications which can be returned by the .Fn wait family of system calls.) - +.Pp The .Ar method may be one of the following: @@ -362,7 +362,7 @@ which case no exit status and description will be printed to and an error message will be printed to .Va stderr as usual. - +.Pp Problems such as client usage errors, the service not being found or permission being denied or failure of a system call are system errors. An error message describing the problem will be printed on the @@ -388,7 +388,7 @@ Prints the client's usage message. .It Fl -copyright Prints the copyright and lack of warranty notice. .El -.Ss Security-overriding options +.Sh SECURITY-OVERRIDING OPTIONS There are also some options which are available for debugging and to allow the system administrator to override a user's policy. These options are available only if the client is called by root or if the @@ -429,6 +429,7 @@ These are used to determine the name of the calling user, to be passed to the service in .Ev USERV_USER . Their values will only be used if they correspond to the calling UID. +.El .Sh FILES .Bl -tag -width Pa .It Pa /var/run/userv/socket @@ -448,15 +449,15 @@ service. .%A Ian Jackson .Re .Sh COPYRIGHT -GNU userv is Copyright (C)1996-2000 Ian Jackson, except that this -manpage is Copyright (C)2000 Ben Harris. - +GNU userv is Copyright 1996-2017 Ian Jackson; Copyright 2000 Ben +Harris; and Copyright 2016-2017 Peter Benie. +.Pp GNU userv is licensed under the terms of the GNU General Public Licence, version 2 or (at your option) any later version, and it comes with NO WARRANTY, not even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. - +.Pp You should have received a copy of the GNU General Public License along with userv, if not, write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.