daemon
client
-lexer.l
-lexer.c
-tokens.h
pcsum.h
version.h
-spec.sgml
*.sasp*
*.lout*
*.li
-*.ps
-spec.html
config.cache
config.log
*.new
vd
+dist_tmp
tilde
slash-etc
shipcheck
+
+userv-*.tar.gz
daemon.h debug.c parser.c lib.c lib.h \
language.i4 lexer.l.m4 tokens.h.m4
-ALSOSHIP= README INSTALL Changelog COPYING \
- system.default system.override \
- spec.sgml.in overview.fig overview.ps \
- buildship install-sh .cvsignore
-
-GENSHIP_CLEAN= pcsum.h lexer.l lexer.c tokens.h config.h.in spec.sgml $(TARGETS_DOC)
+GENSHIP_CLEAN= lexer.l lexer.c tokens.h config.h.in spec.sgml $(TARGETS_DOC)
GENSHIP= $(GENSHIP_CLEAN) configure
-SHIPTARGETS= $(SOURCES) $(ALSOSHIP) $(GENSHIP)
-
all: $(TARGETS)
docs: $(TARGETS_DOC)
tokens.h: language.i4
-pcsum.h
- rm -f overview.eps
- rm -f spec.lout* spec.text* spec.sgml spec.sgml.new spec.ps?*
- rm -rf spec.html?*
- rm -f lout.li *.lix *.ldx config.cache
rm -f *.o *~ core ./#*#
autoconf configure:
autoconf
clean:
+ find -name '*.orig' -o -name '*~' -o -name '.*~' \
+ -o -name '*#' -o -name '.#*' -o -name '*.bak' \
+ | xargs -r rm
rm -rf $(TARGETS) *.o
+ rm -f overview.eps
+ rm -f spec.lout* spec.text* spec.ps?* spec.sgml.new spec.html/*.html
+ rm -f lout.li *.ld *.lix *.ldx
+ rm -f userv-*.tar.gz vd/*
distclean mostlyclean: clean
- rm -f config.status config.log Makefile config.h
+ rm -f config.status config.log Makefile config.h config.cache pcsum.h
maintainer-clean: distclean
rm -rf $(GENSHIP_CLEAN)
-dist-prep: $(SHIPTARGETS)
-
-dist: $(SHIPTARGETS)
- rm -rf shipcheck
- mkdir -p shipcheck/userv-$(VERSION)
- cp -a $^ shipcheck/userv-$(VERSION)
- cd shipcheck && \
- GZIP=-9v tar zvvcf userv-$(VERSION).tar.gz userv-$(VERSION)
- rm -rf shipcheck/userv-$(VERSION)
+dist-prep: $(GENSHIP) distclean
+
+dist_tmp=dist_tmp/userv-$(VERSION)
+dist_prune=\( -name CVS -o -name 'dist_tmp*' -o -name slash-etc -o -name vd \)
+dist: dist-prep
+ rm -rf dist_tmp*
+ mkdir dist_tmp $(dist_tmp)
+ find $(dist_prune) -prune -o -type d -print | \
+ sed -e 's#.*#mkdir -p $(dist_tmp)/&#' | sh
+ find $(dist_prune) -prune -o -type f -print | \
+ sed -e 's#.*#ln & $(dist_tmp)/&#' | sh
+ cd dist_tmp && tar cf ../$(dist_tmp).tar `basename $(dist_tmp)`
+ gzip -9 $(dist_tmp).tar
+ mv $(dist_tmp).tar.gz .
linecount: $(SOURCES)
wc -l $^
-userv (0.61.1) unreleased; urgency=low
+userv (0.61.2) unreleased; urgency=low
* New builtin service `help' lists builtin services.
* Reran autoconf/autoheader, latest version.
* Updated email address to ian@davenant.greenend.org.uk throughout.
- --
+ * Build arrangements changed ----
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Sun, 18 Apr 1999 19:14:29 +0100
userv (0.60.3) frozen unstable; urgency=medium
--- /dev/null
+/* A lexical scanner generated by flex */
+
+/* Scanner skeleton version:
+ * $Header$
+ */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+
+#include <stdio.h>
+
+
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
+#endif
+#endif
+
+
+#ifdef __cplusplus
+
+#include <stdlib.h>
+#include <unistd.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_PROTOS
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef __TURBOC__
+ #pragma warn -rch
+ #pragma warn -use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index. If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition. This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN yy_start = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START ((yy_start - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart( yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#define YY_BUF_SIZE 16384
+
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+
+extern int yyleng;
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator). This
+ * avoids problems with code like:
+ *
+ * if ( condition_holds )
+ * yyless( 5 );
+ * else
+ * do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ *yy_cp = yy_hold_char; \
+ YY_RESTORE_YY_MORE_OFFSET \
+ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+#define unput(c) yyunput( c, yytext_ptr )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+typedef unsigned int yy_size_t;
+
+
+struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
+#define YY_BUFFER_EOF_PENDING 2
+ };
+
+static YY_BUFFER_STATE yy_current_buffer = 0;
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ */
+#define YY_CURRENT_BUFFER yy_current_buffer
+
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+
+
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 1; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin. A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart YY_PROTO(( FILE *input_file ));
+
+void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
+void yy_load_buffer_state YY_PROTO(( void ));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
+void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
+void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
+
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
+YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
+
+static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
+static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
+static void yy_flex_free YY_PROTO(( void * ));
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+ { \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_is_interactive = is_interactive; \
+ }
+
+#define yy_set_bol(at_bol) \
+ { \
+ if ( ! yy_current_buffer ) \
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ yy_current_buffer->yy_at_bol = at_bol; \
+ }
+
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
+
+
+#define yywrap() 1
+#define YY_SKIP_YYWRAP
+typedef unsigned char YY_CHAR;
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+typedef int yy_state_type;
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state YY_PROTO(( void ));
+static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
+static int yy_get_next_buffer YY_PROTO(( void ));
+static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+ yytext_ptr = yy_bp; \
+ yyleng = (int) (yy_cp - yy_bp); \
+ yy_hold_char = *yy_cp; \
+ *yy_cp = '\0'; \
+ yy_c_buf_p = yy_cp;
+
+#define YY_NUM_RULES 103
+#define YY_END_OF_BUFFER 104
+static yyconst short int yy_accept[572] =
+ { 0,
+ 0, 0, 104, 102, 96, 97, 89, 101, 99, 86,
+ 90, 87, 88, 93, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 91, 102, 96, 97,
+ 99, 101, 101, 100, 101, 99, 99, 98, 95, 93,
+ 102, 102, 102, 102, 19, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 37, 102, 102, 102, 102,
+ 32, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 100, 101, 101, 101,
+
+ 101, 0, 101, 101, 94, 93, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 31, 62, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 70, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 101, 101, 100, 0, 101, 101, 94, 93, 102,
+ 102, 102, 66, 102, 102, 63, 67, 102, 102, 102,
+ 35, 36, 102, 102, 102, 102, 40, 42, 102, 50,
+ 102, 102, 59, 69, 102, 71, 102, 72, 102, 102,
+
+ 102, 102, 102, 102, 102, 30, 102, 84, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 74, 75,
+ 102, 61, 102, 101, 101, 0, 0, 0, 101, 94,
+ 93, 102, 64, 102, 102, 102, 102, 102, 58, 102,
+ 65, 102, 92, 102, 38, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 41, 102, 102,
+ 48, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 85, 101, 0, 0, 94, 93, 102, 102, 102,
+ 102, 102, 68, 102, 102, 102, 102, 102, 102, 69,
+ 76, 77, 78, 79, 80, 81, 82, 83, 102, 102,
+
+ 102, 102, 60, 102, 102, 102, 1, 102, 102, 102,
+ 102, 39, 102, 73, 102, 102, 102, 102, 0, 94,
+ 93, 102, 102, 102, 102, 102, 102, 102, 102, 49,
+ 102, 21, 26, 102, 102, 102, 10, 102, 102, 102,
+ 102, 102, 51, 102, 102, 102, 102, 45, 61, 94,
+ 93, 102, 9, 66, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 47, 102, 102, 102,
+ 102, 102, 102, 46, 102, 94, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 12, 102, 102, 102,
+ 102, 102, 102, 44, 11, 102, 102, 102, 102, 102,
+
+ 102, 94, 102, 102, 102, 102, 102, 33, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 8, 102, 102, 102, 102, 102, 102, 102, 102, 102,
+ 102, 102, 43, 34, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 102, 20, 102,
+ 102, 102, 102, 52, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 55, 102, 102,
+ 102, 102, 102, 53, 102, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 102, 56, 102, 102,
+ 15, 102, 102, 102, 102, 17, 7, 102, 102, 102,
+
+ 102, 102, 102, 102, 23, 102, 102, 102, 102, 102,
+ 102, 102, 102, 102, 102, 102, 4, 102, 102, 102,
+ 22, 102, 102, 102, 102, 102, 13, 102, 102, 102,
+ 102, 5, 6, 102, 102, 102, 102, 102, 102, 16,
+ 102, 102, 102, 102, 102, 102, 3, 25, 102, 18,
+ 102, 102, 102, 27, 102, 54, 102, 24, 14, 57,
+ 102, 102, 102, 102, 28, 102, 102, 102, 29, 2,
+ 0
+ } ;
+
+static yyconst int yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 4, 5, 6, 7, 8, 9, 8, 10,
+ 11, 8, 8, 8, 12, 8, 8, 13, 14, 15,
+ 16, 17, 18, 19, 20, 21, 21, 8, 8, 8,
+ 8, 8, 8, 8, 22, 22, 22, 22, 22, 22,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 8, 23, 8, 8, 24, 8, 25, 26, 27, 28,
+
+ 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
+ 49, 50, 8, 51, 8, 8, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1
+ } ;
+
+static yyconst int yy_meta[52] =
+ { 0,
+ 1, 2, 3, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 4, 4, 4, 4, 4, 4, 4, 4,
+ 4, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1
+ } ;
+
+static yyconst short int yy_base[582] =
+ { 0,
+ 0, 0, 917, 0, 50, 918, 0, 52, 56, 0,
+ 0, 0, 0, 64, 883, 19, 44, 37, 51, 882,
+ 25, 36, 64, 885, 34, 67, 62, 867, 887, 866,
+ 75, 68, 871, 60, 880, 73, 0, 0, 106, 918,
+ 905, 109, 101, 905, 132, 116, 903, 918, 168, 177,
+ 867, 87, 860, 24, 0, 87, 874, 876, 858, 88,
+ 871, 853, 868, 855, 867, 0, 856, 865, 849, 856,
+ 0, 853, 95, 848, 862, 846, 854, 843, 838, 115,
+ 848, 854, 98, 849, 843, 130, 114, 841, 839, 835,
+ 837, 847, 848, 832, 831, 839, 0, 198, 869, 0,
+
+ 126, 134, 245, 265, 283, 292, 843, 827, 829, 835,
+ 830, 838, 820, 825, 825, 816, 833, 829, 829, 815,
+ 823, 0, 816, 827, 827, 812, 826, 810, 810, 812,
+ 808, 808, 820, 0, 808, 800, 799, 132, 808, 804,
+ 797, 805, 812, 792, 804, 806, 804, 787, 802, 785,
+ 783, 816, 785, 786, 789, 788, 781, 782, 778, 782,
+ 775, 301, 318, 918, 348, 384, 393, 411, 420, 782,
+ 773, 769, 775, 781, 781, 0, 0, 773, 780, 771,
+ 0, 0, 778, 766, 765, 761, 0, 0, 778, 0,
+ 762, 758, 0, 773, 765, 0, 775, 0, 766, 132,
+
+ 771, 785, 754, 768, 757, 0, 764, 0, 765, 758,
+ 746, 747, 755, 758, 744, 743, 745, 754, 770, 0,
+ 748, 747, 750, 429, 438, 135, 0, 464, 200, 482,
+ 491, 733, 0, 765, 734, 737, 762, 735, 0, 734,
+ 0, 732, 727, 725, 0, 739, 739, 730, 500, 734,
+ 721, 719, 722, 732, 730, 726, 729, 0, 713, 714,
+ 0, 722, 727, 715, 723, 722, 719, 703, 706, 708,
+ 708, 0, 139, 0, 508, 526, 535, 717, 714, 710,
+ 711, 700, 0, 702, 701, 726, 708, 724, 706, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 705, 706,
+
+ 720, 691, 0, 702, 701, 684, 715, 697, 681, 695,
+ 677, 0, 679, 0, 692, 693, 681, 687, 198, 544,
+ 553, 688, 688, 669, 702, 668, 683, 674, 123, 698,
+ 679, 696, 0, 668, 677, 663, 0, 675, 674, 672,
+ 689, 651, 687, 665, 654, 660, 665, 0, 0, 562,
+ 682, 681, 0, 0, 134, 659, 664, 661, 644, 649,
+ 140, 659, 194, 648, 647, 655, 0, 641, 654, 651,
+ 179, 638, 667, 0, 645, 571, 198, 635, 633, 631,
+ 630, 635, 629, 659, 625, 627, 0, 635, 637, 627,
+ 627, 618, 620, 0, 0, 634, 619, 617, 620, 633,
+
+ 621, 0, 620, 606, 611, 614, 623, 0, 639, 606,
+ 617, 100, 615, 608, 604, 616, 605, 614, 609, 598,
+ 0, 601, 610, 600, 595, 607, 602, 591, 604, 587,
+ 589, 598, 0, 0, 596, 125, 592, 590, 597, 577,
+ 588, 592, 573, 599, 554, 553, 557, 501, 0, 502,
+ 461, 434, 435, 462, 428, 436, 443, 427, 418, 449,
+ 390, 383, 350, 350, 354, 367, 351, 378, 360, 345,
+ 349, 347, 373, 0, 341, 343, 353, 352, 344, 346,
+ 198, 334, 334, 336, 363, 336, 331, 0, 329, 333,
+ 0, 316, 321, 316, 325, 0, 0, 314, 316, 316,
+
+ 320, 327, 303, 286, 317, 296, 290, 295, 293, 280,
+ 277, 247, 249, 246, 232, 242, 0, 230, 227, 227,
+ 0, 243, 212, 227, 212, 225, 0, 226, 219, 221,
+ 214, 0, 0, 220, 216, 196, 208, 202, 202, 0,
+ 203, 198, 205, 202, 198, 206, 0, 0, 196, 0,
+ 187, 193, 190, 0, 173, 0, 164, 0, 0, 0,
+ 177, 177, 165, 145, 0, 134, 141, 119, 0, 0,
+ 918, 592, 596, 600, 604, 608, 612, 616, 620, 138,
+ 67
+ } ;
+
+static yyconst short int yy_def[582] =
+ { 0,
+ 571, 1, 571, 572, 571, 571, 572, 573, 574, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 571, 571,
+ 575, 573, 576, 577, 573, 574, 575, 571, 572, 14,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 578, 576, 577, 578,
+
+ 578, 579, 577, 573, 572, 14, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 578, 576, 571, 579, 103, 104, 572, 14, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 578, 163, 571, 580, 579, 573, 572,
+ 14, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 576, 581, 228, 572, 14, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 579, 572,
+ 14, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 572, 572, 572, 572, 572, 572, 572, 572, 572, 572,
+ 0, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571
+ } ;
+
+static yyconst short int yy_nxt[970] =
+ { 0,
+ 4, 5, 6, 7, 8, 9, 10, 4, 11, 12,
+ 13, 4, 14, 14, 14, 14, 14, 14, 14, 14,
+ 14, 4, 4, 15, 16, 4, 17, 18, 19, 20,
+ 21, 22, 23, 4, 24, 25, 26, 27, 28, 29,
+ 30, 31, 32, 33, 34, 35, 36, 4, 4, 4,
+ 37, 39, 40, 43, 52, 41, 44, 47, 48, 111,
+ 67, 57, 69, 53, 70, 58, 68, 112, 54, 59,
+ 102, 55, 75, 76, 45, 49, 50, 50, 50, 50,
+ 50, 50, 50, 50, 50, 56, 60, 61, 62, 63,
+ 79, 77, 64, 71, 72, 78, 87, 95, 65, 85,
+
+ 80, 73, 92, 86, 93, 97, 81, 39, 40, 88,
+ 43, 41, 89, 44, 96, 108, 90, 47, 48, 113,
+ 118, 130, 109, 98, 131, 114, 138, 101, 102, 435,
+ 119, 45, 99, 101, 102, 142, 226, 102, 164, 143,
+ 150, 274, 436, 97, 103, 103, 103, 103, 103, 103,
+ 103, 103, 103, 99, 146, 151, 165, 152, 139, 199,
+ 252, 98, 359, 147, 378, 385, 360, 570, 457, 386,
+ 148, 569, 149, 458, 200, 568, 253, 567, 379, 104,
+ 105, 105, 105, 105, 105, 105, 105, 105, 105, 106,
+ 106, 106, 106, 106, 106, 106, 106, 106, 100, 101,
+
+ 102, 43, 164, 566, 44, 565, 564, 563, 562, 397,
+ 162, 162, 162, 162, 162, 162, 162, 162, 162, 100,
+ 165, 388, 45, 398, 403, 501, 389, 561, 560, 390,
+ 559, 558, 557, 556, 555, 554, 553, 502, 552, 551,
+ 404, 550, 405, 549, 548, 163, 100, 547, 546, 545,
+ 544, 543, 542, 541, 540, 539, 538, 166, 166, 166,
+ 166, 166, 166, 166, 166, 166, 43, 537, 536, 44,
+ 535, 534, 533, 532, 531, 530, 529, 167, 167, 167,
+ 167, 167, 167, 167, 167, 167, 167, 45, 528, 167,
+ 167, 167, 167, 167, 167, 168, 168, 168, 168, 168,
+
+ 168, 168, 168, 168, 169, 169, 169, 169, 169, 169,
+ 169, 169, 169, 224, 224, 224, 224, 224, 224, 224,
+ 224, 224, 97, 527, 526, 525, 524, 523, 522, 521,
+ 225, 225, 225, 225, 225, 225, 225, 225, 225, 225,
+ 98, 520, 225, 225, 225, 225, 225, 225, 571, 226,
+ 102, 519, 518, 517, 516, 515, 514, 513, 512, 511,
+ 227, 227, 227, 227, 227, 227, 227, 227, 227, 571,
+ 510, 509, 508, 507, 506, 505, 504, 503, 500, 499,
+ 498, 497, 496, 495, 494, 493, 492, 491, 490, 489,
+ 488, 487, 486, 485, 484, 228, 42, 42, 42, 42,
+
+ 42, 42, 42, 42, 42, 229, 229, 229, 229, 229,
+ 229, 229, 229, 229, 229, 483, 482, 229, 229, 229,
+ 229, 229, 229, 230, 230, 230, 230, 230, 230, 230,
+ 230, 230, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 273, 273, 273, 273, 273, 273, 273, 273, 273, 273,
+ 481, 480, 273, 273, 273, 273, 273, 273, 164, 479,
+ 478, 477, 476, 475, 474, 473, 275, 275, 275, 275,
+ 275, 275, 275, 275, 275, 275, 165, 472, 275, 275,
+ 275, 275, 275, 275, 276, 276, 276, 276, 276, 276,
+
+ 276, 276, 276, 277, 277, 277, 277, 277, 277, 277,
+ 277, 277, 291, 292, 293, 294, 295, 296, 297, 298,
+ 319, 319, 319, 319, 319, 319, 319, 319, 319, 319,
+ 471, 470, 319, 319, 319, 319, 319, 319, 320, 320,
+ 320, 320, 320, 320, 320, 320, 320, 321, 321, 321,
+ 321, 321, 321, 321, 321, 321, 350, 350, 350, 350,
+ 350, 350, 350, 350, 350, 351, 351, 351, 351, 351,
+ 351, 351, 351, 351, 376, 376, 376, 376, 376, 376,
+ 376, 376, 376, 402, 402, 402, 402, 402, 402, 402,
+ 402, 402, 38, 469, 468, 38, 42, 42, 467, 42,
+
+ 46, 46, 46, 46, 47, 47, 47, 47, 43, 43,
+ 466, 43, 99, 99, 465, 99, 100, 100, 464, 100,
+ 102, 102, 463, 102, 462, 461, 460, 459, 456, 455,
+ 454, 453, 452, 451, 450, 449, 448, 447, 446, 445,
+ 444, 443, 442, 441, 440, 439, 438, 437, 434, 433,
+ 432, 431, 430, 429, 428, 427, 426, 425, 424, 423,
+ 422, 421, 420, 419, 418, 417, 416, 415, 414, 413,
+ 412, 411, 410, 409, 408, 407, 406, 401, 400, 399,
+ 396, 395, 394, 393, 392, 391, 387, 384, 383, 382,
+ 381, 380, 377, 49, 375, 374, 373, 372, 371, 354,
+
+ 370, 369, 368, 367, 366, 365, 364, 363, 362, 361,
+ 358, 357, 356, 355, 354, 353, 352, 349, 348, 347,
+ 346, 345, 344, 343, 342, 341, 340, 339, 338, 337,
+ 336, 335, 334, 333, 332, 331, 330, 329, 328, 327,
+ 326, 325, 324, 323, 322, 318, 317, 316, 315, 314,
+ 313, 312, 311, 310, 309, 308, 307, 306, 305, 304,
+ 303, 302, 301, 300, 299, 290, 289, 288, 287, 286,
+ 285, 284, 283, 282, 281, 280, 279, 278, 272, 271,
+ 270, 269, 268, 267, 266, 265, 264, 263, 262, 261,
+ 260, 259, 258, 257, 241, 256, 255, 254, 251, 250,
+
+ 249, 248, 247, 246, 245, 244, 243, 242, 241, 240,
+ 239, 238, 237, 236, 235, 234, 233, 232, 223, 222,
+ 221, 220, 219, 218, 217, 216, 215, 214, 213, 212,
+ 211, 210, 209, 208, 207, 206, 205, 204, 203, 202,
+ 201, 198, 197, 196, 195, 194, 193, 192, 191, 190,
+ 189, 188, 187, 186, 185, 184, 183, 182, 181, 180,
+ 179, 178, 177, 176, 175, 174, 173, 172, 171, 170,
+ 100, 161, 160, 159, 158, 157, 156, 155, 154, 153,
+ 145, 144, 141, 140, 137, 136, 135, 134, 133, 132,
+ 129, 128, 127, 126, 125, 124, 123, 122, 121, 120,
+
+ 117, 116, 115, 110, 107, 48, 100, 48, 94, 91,
+ 84, 83, 82, 74, 66, 51, 571, 3, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571
+ } ;
+
+static yyconst short int yy_chk[970] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 5, 5, 8, 16, 5, 8, 9, 9, 54,
+ 21, 18, 22, 16, 22, 18, 21, 54, 17, 18,
+ 581, 17, 25, 25, 8, 14, 14, 14, 14, 14,
+ 14, 14, 14, 14, 14, 17, 19, 19, 19, 19,
+ 27, 26, 19, 23, 23, 26, 32, 36, 19, 31,
+
+ 27, 23, 34, 31, 34, 43, 27, 39, 39, 32,
+ 42, 39, 32, 42, 36, 52, 32, 46, 46, 56,
+ 60, 73, 52, 43, 73, 56, 80, 101, 101, 412,
+ 60, 42, 45, 45, 45, 83, 226, 226, 102, 83,
+ 87, 580, 412, 273, 45, 45, 45, 45, 45, 45,
+ 45, 45, 45, 45, 86, 87, 102, 87, 80, 138,
+ 200, 273, 329, 86, 355, 361, 329, 568, 436, 361,
+ 86, 567, 86, 436, 138, 566, 200, 564, 355, 45,
+ 49, 49, 49, 49, 49, 49, 49, 49, 49, 50,
+ 50, 50, 50, 50, 50, 50, 50, 50, 98, 98,
+
+ 98, 229, 319, 563, 229, 562, 561, 557, 555, 371,
+ 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
+ 319, 363, 229, 371, 377, 481, 363, 553, 552, 363,
+ 551, 549, 546, 545, 544, 543, 542, 481, 541, 539,
+ 377, 538, 377, 537, 536, 98, 103, 535, 534, 531,
+ 530, 529, 528, 526, 525, 524, 523, 103, 103, 103,
+ 103, 103, 103, 103, 103, 103, 104, 522, 520, 104,
+ 519, 518, 516, 515, 514, 513, 512, 104, 104, 104,
+ 104, 104, 104, 104, 104, 104, 104, 104, 511, 104,
+ 104, 104, 104, 104, 104, 105, 105, 105, 105, 105,
+
+ 105, 105, 105, 105, 106, 106, 106, 106, 106, 106,
+ 106, 106, 106, 162, 162, 162, 162, 162, 162, 162,
+ 162, 162, 163, 510, 509, 508, 507, 506, 505, 504,
+ 163, 163, 163, 163, 163, 163, 163, 163, 163, 163,
+ 163, 503, 163, 163, 163, 163, 163, 163, 165, 165,
+ 165, 502, 501, 500, 499, 498, 495, 494, 493, 492,
+ 165, 165, 165, 165, 165, 165, 165, 165, 165, 165,
+ 490, 489, 487, 486, 485, 484, 483, 482, 480, 479,
+ 478, 477, 476, 475, 473, 472, 471, 470, 469, 468,
+ 467, 466, 465, 464, 463, 165, 166, 166, 166, 166,
+
+ 166, 166, 166, 166, 166, 167, 167, 167, 167, 167,
+ 167, 167, 167, 167, 167, 462, 461, 167, 167, 167,
+ 167, 167, 167, 168, 168, 168, 168, 168, 168, 168,
+ 168, 168, 169, 169, 169, 169, 169, 169, 169, 169,
+ 169, 224, 224, 224, 224, 224, 224, 224, 224, 224,
+ 225, 225, 225, 225, 225, 225, 225, 225, 225, 225,
+ 460, 459, 225, 225, 225, 225, 225, 225, 228, 458,
+ 457, 456, 455, 454, 453, 452, 228, 228, 228, 228,
+ 228, 228, 228, 228, 228, 228, 228, 451, 228, 228,
+ 228, 228, 228, 228, 230, 230, 230, 230, 230, 230,
+
+ 230, 230, 230, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 249, 249, 249, 249, 249, 249, 249, 249,
+ 275, 275, 275, 275, 275, 275, 275, 275, 275, 275,
+ 450, 448, 275, 275, 275, 275, 275, 275, 276, 276,
+ 276, 276, 276, 276, 276, 276, 276, 277, 277, 277,
+ 277, 277, 277, 277, 277, 277, 320, 320, 320, 320,
+ 320, 320, 320, 320, 320, 321, 321, 321, 321, 321,
+ 321, 321, 321, 321, 350, 350, 350, 350, 350, 350,
+ 350, 350, 350, 376, 376, 376, 376, 376, 376, 376,
+ 376, 376, 572, 447, 446, 572, 573, 573, 445, 573,
+
+ 574, 574, 574, 574, 575, 575, 575, 575, 576, 576,
+ 444, 576, 577, 577, 443, 577, 578, 578, 442, 578,
+ 579, 579, 441, 579, 440, 439, 438, 437, 435, 432,
+ 431, 430, 429, 428, 427, 426, 425, 424, 423, 422,
+ 420, 419, 418, 417, 416, 415, 414, 413, 411, 410,
+ 409, 407, 406, 405, 404, 403, 401, 400, 399, 398,
+ 397, 396, 393, 392, 391, 390, 389, 388, 386, 385,
+ 384, 383, 382, 381, 380, 379, 378, 375, 373, 372,
+ 370, 369, 368, 366, 365, 364, 362, 360, 359, 358,
+ 357, 356, 352, 351, 347, 346, 345, 344, 343, 342,
+
+ 341, 340, 339, 338, 336, 335, 334, 332, 331, 330,
+ 328, 327, 326, 325, 324, 323, 322, 318, 317, 316,
+ 315, 313, 311, 310, 309, 308, 307, 306, 305, 304,
+ 302, 301, 300, 299, 289, 288, 287, 286, 285, 284,
+ 282, 281, 280, 279, 278, 271, 270, 269, 268, 267,
+ 266, 265, 264, 263, 262, 260, 259, 257, 256, 255,
+ 254, 253, 252, 251, 250, 248, 247, 246, 244, 243,
+ 242, 240, 238, 237, 236, 235, 234, 232, 223, 222,
+ 221, 219, 218, 217, 216, 215, 214, 213, 212, 211,
+ 210, 209, 207, 205, 204, 203, 202, 201, 199, 197,
+
+ 195, 194, 192, 191, 189, 186, 185, 184, 183, 180,
+ 179, 178, 175, 174, 173, 172, 171, 170, 161, 160,
+ 159, 158, 157, 156, 155, 154, 153, 152, 151, 150,
+ 149, 148, 147, 146, 145, 144, 143, 142, 141, 140,
+ 139, 137, 136, 135, 133, 132, 131, 130, 129, 128,
+ 127, 126, 125, 124, 123, 121, 120, 119, 118, 117,
+ 116, 115, 114, 113, 112, 111, 110, 109, 108, 107,
+ 99, 96, 95, 94, 93, 92, 91, 90, 89, 88,
+ 85, 84, 82, 81, 79, 78, 77, 76, 75, 74,
+ 72, 70, 69, 68, 67, 65, 64, 63, 62, 61,
+
+ 59, 58, 57, 53, 51, 47, 44, 41, 35, 33,
+ 30, 29, 28, 24, 20, 15, 3, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571, 571,
+ 571, 571, 571, 571, 571, 571, 571, 571, 571
+ } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "lexer.l"
+#define INITIAL 0
+/*
+ * Copyright (C)1996-1997,1999 Ian Jackson
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+#line 20 "lexer.l"
+
+
+
+
+
+#include <syslog.h>
+#include <assert.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <fnmatch.h>
+#include <limits.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <errno.h>
+
+#include "config.h"
+#include "common.h"
+#include "daemon.h"
+#include "lib.h"
+#include "tokens.h"
+
+#define HYPHEN '-'
+
+typedef int directive_fnt(int dtoken);
+static directive_fnt df_reject, df_execute, df_executefrompath;
+static directive_fnt df_executefromdirectory, df_executebuiltin;
+static directive_fnt df_errorstostderr, df_errorstosyslog, df_errorstofile;
+static directive_fnt dfg_fdwant, dfg_setflag;
+static directive_fnt df_reset, df_cd, df_userrcfile, df_include;
+static directive_fnt df_includelookup, df_includedirectory;
+static directive_fnt df_message, df_error, df_quit, df_eof;
+static directive_fnt df_if, df_catchquit, df_errorspush;
+static directive_fnt dfi_includeuserrcfile, dfi_includeclientconfig;
+/* directive functions return:
+ * 0 for success having scanned up to and including end of line but not beyond,
+ * or tokv_error or tokv_quit.
+ * They expect to parse the whitespace before their parameters (if any).
+ */
+
+typedef int parmcondition_fnt(int ctoken, char *const *parmvalues, int *rtrue);
+static parmcondition_fnt pcf_glob, pcf_range, pcf_grep;
+/* all conditional functions return tokv_error for failure or 0 for success
+ * at parsing and testing, in which case *rtrue is set to 0 or 1.
+ * On success they have scanned up to and including the condition's
+ * terminating newline; the pcf_... functions expect to parse the whitespace
+ * between the parameter name and the condition's arguments.
+ * Otherwise they return tokv_error.
+ * The parameter-based conditionals take a list of parameter values
+ * as obtained from the parameter functions and pa_parameter,
+ * and do _not_ free it.
+ */
+
+typedef int parameter_fnt(int ptoken, char ***rvalues);
+static parameter_fnt pf_service;
+static parameter_fnt pf_callinguser, pf_serviceuser;
+static parameter_fnt pf_callinggroup, pf_servicegroup;
+static parameter_fnt pf_callingusershell, pf_serviceusershell;
+/* Parameter functions return tokv_error or 0 for success at parsing
+ * and determining the value, in which case *rvalues is made to be
+ * a mallocd null-terminated array of pointers to mallocd strings.
+ * freeparm can be used to free such an array.
+ */
+
+typedef int builtinserviceparse_fnt(char ***rnewargs);
+static builtinserviceparse_fnt bispa_none, bispa_parameter;
+/* These parse the arguments to a builtin service, including the
+ * newline at the end of the line. *rnewargs will initially be
+ * null, indicating that no arguments are to be set; the function
+ * may store a mallocd array of mallocd strings in it,
+ * containing the arguments it wishes to have set (null-pointer
+ * terminated).
+ */
+
+static int yylex(void);
+/* Returns a token (which may be an eof or error exception) */
+
+static directive_fnt *lr_dir;
+static parmcondition_fnt *lr_parmcond;
+static builtinserviceparse_fnt *lr_bispa;
+static builtinserviceexec_fnt *lr_bisexec;
+static parameter_fnt *lr_parameter;
+static int lr_loglevel, lr_logfacility, lr_min, lr_max, *lr_flag;
+static int lr_flagval, lr_controlend;
+static int lr_fdwant_readwrite; /* -1=never, 0=opt, 1=always */
+
+/* Forward declarations of things used in lexer and parser */
+
+struct parser_state {
+ int lineno, reportlineno, notedreferer, isinternal;
+ const char *filename;
+ struct stat filestab;
+ YY_BUFFER_STATE ybuf;
+ struct parser_state *upstate;
+};
+
+static struct parser_state *cstate;
+
+struct error_handling {
+ int handling; /* One of the error handling modes tokt_ehandlemode */
+ int logfacility, loglevel;
+ int filekeep; /* File is in use by higher-level errors-push, leave it open */
+ FILE *file;
+ char *filename;
+};
+
+static struct error_handling eh = { tokv_word_errorstostderr, 0,0,0,0,0 };
+
+static int dequote(char *inplace);
+
+#define YY_NO_UNPUT
+
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap YY_PROTO(( void ));
+#else
+extern int yywrap YY_PROTO(( void ));
+#endif
+#endif
+
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+#endif
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen YY_PROTO(( yyconst char * ));
+#endif
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int yyinput YY_PROTO(( void ));
+#else
+static int input YY_PROTO(( void ));
+#endif
+#endif
+
+#if YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO(( int new_state ));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO(( void ));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO(( void ));
+#endif
+
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#if __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines. This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+ if ( yy_current_buffer->yy_is_interactive ) \
+ { \
+ int c = '*', n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+ if ( c == '\n' ) \
+ buf[n++] = (char) c; \
+ if ( c == EOF && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+ else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
+ && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" );
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL int yylex YY_PROTO(( void ))
+#endif
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+ YY_USER_ACTION
+
+YY_DECL
+ {
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+#line 142 "lexer.l"
+
+
+
+ if ( yy_init )
+ {
+ yy_init = 0;
+
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
+
+ if ( ! yy_start )
+ yy_start = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+
+ if ( ! yyout )
+ yyout = stdout;
+
+ if ( ! yy_current_buffer )
+ yy_current_buffer =
+ yy_create_buffer( yyin, YY_BUF_SIZE );
+
+ yy_load_buffer_state();
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+ yy_cp = yy_c_buf_p;
+
+ /* Support of yytext. */
+ *yy_cp = yy_hold_char;
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = yy_start;
+yy_match:
+ do
+ {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 572 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+ while ( yy_base[yy_current_state] != 918 );
+
+yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+
+do_action: /* This label is used only to access EOF actions. */
+
+
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = yy_hold_char;
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 144 "lexer.l"
+{ lr_dir= df_reject; return tokv_word_reject; }
+ YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 145 "lexer.l"
+{ lr_dir= df_executefromdirectory; return tokv_word_executefromdirectory; }
+ YY_BREAK
+case 3:
+YY_RULE_SETUP
+#line 146 "lexer.l"
+{ lr_dir= df_executefrompath; return tokv_word_executefrompath; }
+ YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 147 "lexer.l"
+{ lr_dir= df_executebuiltin; return tokv_word_executebuiltin; }
+ YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 148 "lexer.l"
+{ lr_dir= df_errorstostderr; return tokv_word_errorstostderr; }
+ YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 149 "lexer.l"
+{ lr_dir= df_errorstosyslog; return tokv_word_errorstosyslog; }
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 150 "lexer.l"
+{ lr_dir= df_errorstofile; return tokv_word_errorstofile; }
+ YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 151 "lexer.l"
+{ lr_dir= dfg_fdwant; lr_fdwant_readwrite=1; return tokv_word_requirefd; }
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 152 "lexer.l"
+{ lr_dir= dfg_fdwant; lr_fdwant_readwrite=0; return tokv_word_allowfd; }
+ YY_BREAK
+case 10:
+YY_RULE_SETUP
+#line 153 "lexer.l"
+{ lr_dir= dfg_fdwant; lr_fdwant_readwrite=0; return tokv_word_nullfd; }
+ YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 154 "lexer.l"
+{ lr_dir= dfg_fdwant; lr_fdwant_readwrite=-1; return tokv_word_rejectfd; }
+ YY_BREAK
+case 12:
+YY_RULE_SETUP
+#line 155 "lexer.l"
+{ lr_dir= dfg_fdwant; lr_fdwant_readwrite=-1; return tokv_word_ignorefd; }
+ YY_BREAK
+case 13:
+YY_RULE_SETUP
+#line 156 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &setenvironment; lr_flagval= 1; return tokv_word_setenvironment; }
+ YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 157 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &setenvironment; lr_flagval= 0; return tokv_word_nosetenvironment; }
+ YY_BREAK
+case 15:
+YY_RULE_SETUP
+#line 158 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &suppressargs; lr_flagval= 1; return tokv_word_suppressargs; }
+ YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 159 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &suppressargs; lr_flagval= 0; return tokv_word_nosuppressargs; }
+ YY_BREAK
+case 17:
+YY_RULE_SETUP
+#line 160 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &disconnecthup; lr_flagval= 1; return tokv_word_disconnecthup; }
+ YY_BREAK
+case 18:
+YY_RULE_SETUP
+#line 161 "lexer.l"
+{ lr_dir= dfg_setflag; lr_flag= &disconnecthup; lr_flagval= 0; return tokv_word_nodisconnecthup; }
+ YY_BREAK
+case 19:
+YY_RULE_SETUP
+#line 162 "lexer.l"
+{ lr_dir= df_cd; return tokv_word_cd; }
+ YY_BREAK
+case 20:
+YY_RULE_SETUP
+#line 163 "lexer.l"
+{ lr_dir= df_userrcfile; return tokv_word_userrcfile; }
+ YY_BREAK
+case 21:
+YY_RULE_SETUP
+#line 164 "lexer.l"
+{ lr_dir= df_include; return tokv_word_include; }
+ YY_BREAK
+case 22:
+YY_RULE_SETUP
+#line 165 "lexer.l"
+{ lr_dir= df_include; return tokv_word_includeifexist; }
+ YY_BREAK
+case 23:
+YY_RULE_SETUP
+#line 166 "lexer.l"
+{ lr_dir= df_includelookup; return tokv_word_includelookup; }
+ YY_BREAK
+case 24:
+YY_RULE_SETUP
+#line 167 "lexer.l"
+{ lr_dir= df_includelookup; return tokv_word_includelookupall; }
+ YY_BREAK
+case 25:
+YY_RULE_SETUP
+#line 168 "lexer.l"
+{ lr_dir= df_includedirectory; return tokv_word_includedirectory; }
+ YY_BREAK
+case 26:
+YY_RULE_SETUP
+#line 169 "lexer.l"
+{ lr_dir= df_message; return tokv_word_message; }
+ YY_BREAK
+case 27:
+YY_RULE_SETUP
+#line 170 "lexer.l"
+{ lr_dir= df_include; return tokv_word_includesysconfig; }
+ YY_BREAK
+case 28:
+YY_RULE_SETUP
+#line 171 "lexer.l"
+{ lr_dir= dfi_includeuserrcfile; return tokv_word_includeuserrcfile; }
+ YY_BREAK
+case 29:
+YY_RULE_SETUP
+#line 172 "lexer.l"
+{ lr_dir= dfi_includeclientconfig; return tokv_word_includeclientconfig; }
+ YY_BREAK
+case 30:
+YY_RULE_SETUP
+#line 173 "lexer.l"
+{ lr_dir= df_quit; return tokv_word_quit; }
+ YY_BREAK
+case 31:
+YY_RULE_SETUP
+#line 174 "lexer.l"
+{ lr_dir= df_eof; return tokv_word_eof; }
+ YY_BREAK
+case 32:
+YY_RULE_SETUP
+#line 175 "lexer.l"
+{ lr_dir= df_if; return tokv_word_if; }
+ YY_BREAK
+case 33:
+YY_RULE_SETUP
+#line 176 "lexer.l"
+{ lr_dir= df_catchquit; return tokv_word_catchquit; }
+ YY_BREAK
+case 34:
+YY_RULE_SETUP
+#line 177 "lexer.l"
+{ lr_dir= df_errorspush; return tokv_word_errorspush; }
+ YY_BREAK
+case 35:
+YY_RULE_SETUP
+#line 178 "lexer.l"
+{ lr_controlend= tokv_word_if; return tokv_word_elif; }
+ YY_BREAK
+case 36:
+YY_RULE_SETUP
+#line 179 "lexer.l"
+{ lr_controlend= tokv_word_if; return tokv_word_else; }
+ YY_BREAK
+case 37:
+YY_RULE_SETUP
+#line 180 "lexer.l"
+{ lr_controlend= tokv_word_if; return tokv_word_fi; }
+ YY_BREAK
+case 38:
+YY_RULE_SETUP
+#line 181 "lexer.l"
+{ lr_controlend= tokv_word_catchquit; return tokv_word_hctac; }
+ YY_BREAK
+case 39:
+YY_RULE_SETUP
+#line 182 "lexer.l"
+{ lr_controlend= tokv_word_errorspush; return tokv_word_srorre; }
+ YY_BREAK
+case 40:
+YY_RULE_SETUP
+#line 183 "lexer.l"
+{ lr_parmcond= pcf_glob; return tokv_word_glob; }
+ YY_BREAK
+case 41:
+YY_RULE_SETUP
+#line 184 "lexer.l"
+{ lr_parmcond= pcf_range; return tokv_word_range; }
+ YY_BREAK
+case 42:
+YY_RULE_SETUP
+#line 185 "lexer.l"
+{ lr_parmcond= pcf_grep; return tokv_word_grep; }
+ YY_BREAK
+case 43:
+YY_RULE_SETUP
+#line 186 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_environment; return tokv_word_environment; }
+ YY_BREAK
+case 44:
+YY_RULE_SETUP
+#line 187 "lexer.l"
+{ lr_bispa= bispa_parameter; lr_bisexec= bisexec_parameter; return tokv_word_parameter; }
+ YY_BREAK
+case 45:
+YY_RULE_SETUP
+#line 188 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_version; return tokv_word_version; }
+ YY_BREAK
+case 46:
+YY_RULE_SETUP
+#line 189 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_toplevel; return tokv_word_toplevel; }
+ YY_BREAK
+case 47:
+YY_RULE_SETUP
+#line 190 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_override; return tokv_word_override; }
+ YY_BREAK
+case 48:
+YY_RULE_SETUP
+#line 191 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_reset; lr_dir= df_reset; return tokv_word_reset; }
+ YY_BREAK
+case 49:
+YY_RULE_SETUP
+#line 192 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_execute; lr_dir= df_execute; return tokv_word_execute; }
+ YY_BREAK
+case 50:
+YY_RULE_SETUP
+#line 193 "lexer.l"
+{ lr_bispa= bispa_none; lr_bisexec= bisexec_help; return tokv_word_help; }
+ YY_BREAK
+case 51:
+YY_RULE_SETUP
+#line 194 "lexer.l"
+{ lr_parameter= pf_service; return tokv_word_service; }
+ YY_BREAK
+case 52:
+YY_RULE_SETUP
+#line 195 "lexer.l"
+{ lr_parameter= pf_callinguser; return tokv_word_callinguser; }
+ YY_BREAK
+case 53:
+YY_RULE_SETUP
+#line 196 "lexer.l"
+{ lr_parameter= pf_callinggroup; return tokv_word_callinggroup; }
+ YY_BREAK
+case 54:
+YY_RULE_SETUP
+#line 197 "lexer.l"
+{ lr_parameter= pf_callingusershell; return tokv_word_callingusershell; }
+ YY_BREAK
+case 55:
+YY_RULE_SETUP
+#line 198 "lexer.l"
+{ lr_parameter= pf_serviceuser; return tokv_word_serviceuser; }
+ YY_BREAK
+case 56:
+YY_RULE_SETUP
+#line 199 "lexer.l"
+{ lr_parameter= pf_servicegroup; return tokv_word_servicegroup; }
+ YY_BREAK
+case 57:
+YY_RULE_SETUP
+#line 200 "lexer.l"
+{ lr_parameter= pf_serviceusershell; return tokv_word_serviceusershell; }
+ YY_BREAK
+case 58:
+YY_RULE_SETUP
+#line 201 "lexer.l"
+{ lr_loglevel= LOG_DEBUG; return tokv_syslog_debug; }
+ YY_BREAK
+case 59:
+YY_RULE_SETUP
+#line 202 "lexer.l"
+{ lr_loglevel= LOG_INFO; return tokv_syslog_info; }
+ YY_BREAK
+case 60:
+YY_RULE_SETUP
+#line 203 "lexer.l"
+{ lr_loglevel= LOG_NOTICE; return tokv_syslog_notice; }
+ YY_BREAK
+case 61:
+YY_RULE_SETUP
+#line 204 "lexer.l"
+{ lr_loglevel= LOG_WARNING; return tokv_syslog_warning; }
+ YY_BREAK
+case 62:
+YY_RULE_SETUP
+#line 205 "lexer.l"
+{ lr_loglevel= LOG_ERR; return tokv_syslog_err; }
+ YY_BREAK
+case 63:
+YY_RULE_SETUP
+#line 206 "lexer.l"
+{ lr_loglevel= LOG_CRIT; return tokv_syslog_crit; }
+ YY_BREAK
+case 64:
+YY_RULE_SETUP
+#line 207 "lexer.l"
+{ lr_loglevel= LOG_ALERT; return tokv_syslog_alert; }
+ YY_BREAK
+case 65:
+YY_RULE_SETUP
+#line 208 "lexer.l"
+{ lr_loglevel= LOG_EMERG; return tokv_syslog_emerg; }
+ YY_BREAK
+case 66:
+YY_RULE_SETUP
+#line 209 "lexer.l"
+{ lr_logfacility= LOG_AUTHPRIV; return tokv_syslog_authpriv; }
+ YY_BREAK
+case 67:
+YY_RULE_SETUP
+#line 210 "lexer.l"
+{ lr_logfacility= LOG_CRON; return tokv_syslog_cron; }
+ YY_BREAK
+case 68:
+YY_RULE_SETUP
+#line 211 "lexer.l"
+{ lr_logfacility= LOG_DAEMON; return tokv_syslog_daemon; }
+ YY_BREAK
+case 69:
+YY_RULE_SETUP
+#line 212 "lexer.l"
+{ lr_logfacility= LOG_KERN; return tokv_syslog_kern; }
+ YY_BREAK
+case 70:
+YY_RULE_SETUP
+#line 213 "lexer.l"
+{ lr_logfacility= LOG_LPR; return tokv_syslog_lpr; }
+ YY_BREAK
+case 71:
+YY_RULE_SETUP
+#line 214 "lexer.l"
+{ lr_logfacility= LOG_MAIL; return tokv_syslog_mail; }
+ YY_BREAK
+case 72:
+YY_RULE_SETUP
+#line 215 "lexer.l"
+{ lr_logfacility= LOG_NEWS; return tokv_syslog_news; }
+ YY_BREAK
+case 73:
+YY_RULE_SETUP
+#line 216 "lexer.l"
+{ lr_logfacility= LOG_SYSLOG; return tokv_syslog_syslog; }
+ YY_BREAK
+case 74:
+YY_RULE_SETUP
+#line 217 "lexer.l"
+{ lr_logfacility= LOG_USER; return tokv_syslog_user; }
+ YY_BREAK
+case 75:
+YY_RULE_SETUP
+#line 218 "lexer.l"
+{ lr_logfacility= LOG_UUCP; return tokv_syslog_uucp; }
+ YY_BREAK
+case 76:
+YY_RULE_SETUP
+#line 219 "lexer.l"
+{ lr_logfacility= LOG_LOCAL0; return tokv_syslog_local0; }
+ YY_BREAK
+case 77:
+YY_RULE_SETUP
+#line 220 "lexer.l"
+{ lr_logfacility= LOG_LOCAL1; return tokv_syslog_local1; }
+ YY_BREAK
+case 78:
+YY_RULE_SETUP
+#line 221 "lexer.l"
+{ lr_logfacility= LOG_LOCAL2; return tokv_syslog_local2; }
+ YY_BREAK
+case 79:
+YY_RULE_SETUP
+#line 222 "lexer.l"
+{ lr_logfacility= LOG_LOCAL3; return tokv_syslog_local3; }
+ YY_BREAK
+case 80:
+YY_RULE_SETUP
+#line 223 "lexer.l"
+{ lr_logfacility= LOG_LOCAL4; return tokv_syslog_local4; }
+ YY_BREAK
+case 81:
+YY_RULE_SETUP
+#line 224 "lexer.l"
+{ lr_logfacility= LOG_LOCAL5; return tokv_syslog_local5; }
+ YY_BREAK
+case 82:
+YY_RULE_SETUP
+#line 225 "lexer.l"
+{ lr_logfacility= LOG_LOCAL6; return tokv_syslog_local6; }
+ YY_BREAK
+case 83:
+YY_RULE_SETUP
+#line 226 "lexer.l"
+{ lr_logfacility= LOG_LOCAL7; return tokv_syslog_local7; }
+ YY_BREAK
+case 84:
+YY_RULE_SETUP
+#line 227 "lexer.l"
+{ return tokv_word_read; }
+ YY_BREAK
+case 85:
+YY_RULE_SETUP
+#line 228 "lexer.l"
+{ return tokv_word_write; }
+ YY_BREAK
+case 86:
+YY_RULE_SETUP
+#line 229 "lexer.l"
+{ return tokv_dollar; }
+ YY_BREAK
+case 87:
+YY_RULE_SETUP
+#line 230 "lexer.l"
+{ return tokv_openparen; }
+ YY_BREAK
+case 88:
+YY_RULE_SETUP
+#line 231 "lexer.l"
+{ return tokv_closeparen; }
+ YY_BREAK
+case 89:
+YY_RULE_SETUP
+#line 232 "lexer.l"
+{ return tokv_not; }
+ YY_BREAK
+case 90:
+YY_RULE_SETUP
+#line 233 "lexer.l"
+{ return tokv_and; }
+ YY_BREAK
+case 91:
+YY_RULE_SETUP
+#line 234 "lexer.l"
+{ return tokv_or; }
+ YY_BREAK
+case 92:
+YY_RULE_SETUP
+#line 235 "lexer.l"
+{ lr_dir= df_error; lr_loglevel= LOG_ERR; return tokv_word_error; }
+ YY_BREAK
+case 93:
+YY_RULE_SETUP
+#line 239 "lexer.l"
+{
+ char *ep;
+ lr_min=lr_max= (int)strtoul(yytext,&ep,10);
+ assert(!*ep);
+ return tokv_ordinal;
+ }
+ YY_BREAK
+case 94:
+YY_RULE_SETUP
+#line 245 "lexer.l"
+{
+ char *ep;
+ lr_min= (int)strtoul(yytext,&ep,10);
+ assert(*ep == HYPHEN);
+ assert(*++ep);
+ lr_max= (int)strtoul(ep,&ep,10);
+ assert(!*ep);
+ if (lr_max < lr_min) {
+ parseerrprint("fd range has min > max");
+ return tokv_error;
+ }
+ return tokv_fdrange;
+ }
+ YY_BREAK
+case 95:
+YY_RULE_SETUP
+#line 258 "lexer.l"
+{
+ char *ep;
+ lr_min= (int)strtoul(yytext,&ep,10);
+ assert(*ep == HYPHEN);
+ assert(!*++ep);
+ lr_max=-1;
+ return tokv_fdstoend;
+ }
+ YY_BREAK
+case 96:
+YY_RULE_SETUP
+#line 266 "lexer.l"
+return tokv_lwsp;
+ YY_BREAK
+case 97:
+YY_RULE_SETUP
+#line 267 "lexer.l"
+cstate->lineno++; return tokv_newline;
+ YY_BREAK
+case 98:
+YY_RULE_SETUP
+#line 268 "lexer.l"
+cstate->lineno++; return tokv_newline;
+ YY_BREAK
+case 99:
+YY_RULE_SETUP
+#line 269 "lexer.l"
+{
+ parseerrprint("missing newline at eof after comment");
+ return tokv_error;
+ }
+ YY_BREAK
+case 100:
+YY_RULE_SETUP
+#line 273 "lexer.l"
+{
+ return dequote(yytext);
+ }
+ YY_BREAK
+case 101:
+YY_RULE_SETUP
+#line 276 "lexer.l"
+{
+ parseerrprint("misquoted or unterminated string");
+ return tokv_error;
+ }
+ YY_BREAK
+case 102:
+YY_RULE_SETUP
+#line 280 "lexer.l"
+return tokv_barestring;
+ YY_BREAK
+case YY_STATE_EOF(INITIAL):
+#line 281 "lexer.l"
+return tokv_eof;
+ YY_BREAK
+case 103:
+YY_RULE_SETUP
+#line 284 "lexer.l"
+ECHO;
+ YY_BREAK
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = yy_hold_char;
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between yy_current_buffer and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yy_current_buffer->yy_input_file = yyin;
+ yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+ yy_cp = ++yy_c_buf_p;
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+ yy_cp = yy_c_buf_p;
+ goto yy_find_action;
+ }
+ }
+
+ else switch ( yy_get_next_buffer() )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+ yy_did_buffer_switch_on_eof = 0;
+
+ if ( yywrap() )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else
+ {
+ if ( ! yy_did_buffer_switch_on_eof )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p =
+ yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ yy_c_buf_p =
+ &yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+ } /* end of yylex */
+
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+
+static int yy_get_next_buffer()
+ {
+ register char *dest = yy_current_buffer->yy_ch_buf;
+ register char *source = yytext_ptr;
+ register int number_to_move, i;
+ int ret_val;
+
+ if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+ if ( yy_current_buffer->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+ if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else
+ {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+ if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+ else
+ {
+ int num_to_read =
+ yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+ YY_FATAL_ERROR(
+"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+#else
+
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = yy_current_buffer;
+
+ int yy_c_buf_p_offset =
+ (int) (yy_c_buf_p - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+ int new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yy_flex_realloc( (void *) b->yy_ch_buf,
+ b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
+
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+ yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+ num_to_read = yy_current_buffer->yy_buf_size -
+ number_to_move - 1;
+#endif
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+ YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
+ yy_n_chars, num_to_read );
+
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
+
+ if ( yy_n_chars == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart( yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+ yy_current_buffer->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+ yy_n_chars += number_to_move;
+ yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+ yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+
+ yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+
+ return ret_val;
+ }
+
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+static yy_state_type yy_get_previous_state()
+ {
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = yy_start;
+
+ for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 572 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+ }
+
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+
+#ifdef YY_USE_PROTOS
+static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+#else
+static yy_state_type yy_try_NUL_trans( yy_current_state )
+yy_state_type yy_current_state;
+#endif
+ {
+ register int yy_is_jam;
+ register char *yy_cp = yy_c_buf_p;
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 572 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ yy_is_jam = (yy_current_state == 571);
+
+ return yy_is_jam ? 0 : yy_current_state;
+ }
+
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void yyunput( int c, register char *yy_bp )
+#else
+static void yyunput( c, yy_bp )
+int c;
+register char *yy_bp;
+#endif
+ {
+ register char *yy_cp = yy_c_buf_p;
+
+ /* undo effects of setting up yytext */
+ *yy_cp = yy_hold_char;
+
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+ { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = yy_n_chars + 2;
+ register char *dest = &yy_current_buffer->yy_ch_buf[
+ yy_current_buffer->yy_buf_size + 2];
+ register char *source =
+ &yy_current_buffer->yy_ch_buf[number_to_move];
+
+ while ( source > yy_current_buffer->yy_ch_buf )
+ *--dest = *--source;
+
+ yy_cp += (int) (dest - source);
+ yy_bp += (int) (dest - source);
+ yy_current_buffer->yy_n_chars =
+ yy_n_chars = yy_current_buffer->yy_buf_size;
+
+ if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+ YY_FATAL_ERROR( "flex scanner push-back overflow" );
+ }
+
+ *--yy_cp = (char) c;
+
+
+ yytext_ptr = yy_bp;
+ yy_hold_char = *yy_cp;
+ yy_c_buf_p = yy_cp;
+ }
+#endif /* ifndef YY_NO_UNPUT */
+
+
+#ifdef __cplusplus
+static int yyinput()
+#else
+static int input()
+#endif
+ {
+ int c;
+
+ *yy_c_buf_p = yy_hold_char;
+
+ if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
+ /* This was really a NUL. */
+ *yy_c_buf_p = '\0';
+
+ else
+ { /* need more input */
+ int offset = yy_c_buf_p - yytext_ptr;
+ ++yy_c_buf_p;
+
+ switch ( yy_get_next_buffer() )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart( yyin );
+
+ /* fall through */
+
+ case EOB_ACT_END_OF_FILE:
+ {
+ if ( yywrap() )
+ return EOF;
+
+ if ( ! yy_did_buffer_switch_on_eof )
+ YY_NEW_FILE;
+#ifdef __cplusplus
+ return yyinput();
+#else
+ return input();
+#endif
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p = yytext_ptr + offset;
+ break;
+ }
+ }
+ }
+
+ c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
+ *yy_c_buf_p = '\0'; /* preserve yytext */
+ yy_hold_char = *++yy_c_buf_p;
+
+
+ return c;
+ }
+
+
+#ifdef YY_USE_PROTOS
+void yyrestart( FILE *input_file )
+#else
+void yyrestart( input_file )
+FILE *input_file;
+#endif
+ {
+ if ( ! yy_current_buffer )
+ yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
+
+ yy_init_buffer( yy_current_buffer, input_file );
+ yy_load_buffer_state();
+ }
+
+
+#ifdef YY_USE_PROTOS
+void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+#else
+void yy_switch_to_buffer( new_buffer )
+YY_BUFFER_STATE new_buffer;
+#endif
+ {
+ if ( yy_current_buffer == new_buffer )
+ return;
+
+ if ( yy_current_buffer )
+ {
+ /* Flush out information for old buffer. */
+ *yy_c_buf_p = yy_hold_char;
+ yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
+
+ yy_current_buffer = new_buffer;
+ yy_load_buffer_state();
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ yy_did_buffer_switch_on_eof = 1;
+ }
+
+
+#ifdef YY_USE_PROTOS
+void yy_load_buffer_state( void )
+#else
+void yy_load_buffer_state()
+#endif
+ {
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+ yyin = yy_current_buffer->yy_input_file;
+ yy_hold_char = *yy_c_buf_p;
+ }
+
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+#else
+YY_BUFFER_STATE yy_create_buffer( file, size )
+FILE *file;
+int size;
+#endif
+ {
+ YY_BUFFER_STATE b;
+
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_buf_size = size;
+
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+ yy_init_buffer( b, file );
+
+ return b;
+ }
+
+
+#ifdef YY_USE_PROTOS
+void yy_delete_buffer( YY_BUFFER_STATE b )
+#else
+void yy_delete_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+ {
+ if ( ! b )
+ return;
+
+ if ( b == yy_current_buffer )
+ yy_current_buffer = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+ yy_flex_free( (void *) b->yy_ch_buf );
+
+ yy_flex_free( (void *) b );
+ }
+
+
+#ifndef YY_ALWAYS_INTERACTIVE
+#ifndef YY_NEVER_INTERACTIVE
+extern int isatty YY_PROTO(( int ));
+#endif
+#endif
+
+#ifdef YY_USE_PROTOS
+void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+#else
+void yy_init_buffer( b, file )
+YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+
+ {
+ yy_flush_buffer( b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+#if YY_ALWAYS_INTERACTIVE
+ b->yy_is_interactive = 1;
+#else
+#if YY_NEVER_INTERACTIVE
+ b->yy_is_interactive = 0;
+#else
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+#endif
+#endif
+ }
+
+
+#ifdef YY_USE_PROTOS
+void yy_flush_buffer( YY_BUFFER_STATE b )
+#else
+void yy_flush_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+
+ {
+ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+ b->yy_buf_pos = &b->yy_ch_buf[0];
+
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ if ( b == yy_current_buffer )
+ yy_load_buffer_state();
+ }
+
+
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+#else
+YY_BUFFER_STATE yy_scan_buffer( base, size )
+char *base;
+yy_size_t size;
+#endif
+ {
+ YY_BUFFER_STATE b;
+
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer( b );
+
+ return b;
+ }
+#endif
+
+
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+#else
+YY_BUFFER_STATE yy_scan_string( yy_str )
+yyconst char *yy_str;
+#endif
+ {
+ int len;
+ for ( len = 0; yy_str[len]; ++len )
+ ;
+
+ return yy_scan_bytes( yy_str, len );
+ }
+#endif
+
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+#else
+YY_BUFFER_STATE yy_scan_bytes( bytes, len )
+yyconst char *bytes;
+int len;
+#endif
+ {
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
+
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = len + 2;
+ buf = (char *) yy_flex_alloc( n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+ for ( i = 0; i < len; ++i )
+ buf[i] = bytes[i];
+
+ buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+
+ b = yy_scan_buffer( buf, n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
+
+ return b;
+ }
+#endif
+
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void yy_push_state( int new_state )
+#else
+static void yy_push_state( new_state )
+int new_state;
+#endif
+ {
+ if ( yy_start_stack_ptr >= yy_start_stack_depth )
+ {
+ yy_size_t new_size;
+
+ yy_start_stack_depth += YY_START_STACK_INCR;
+ new_size = yy_start_stack_depth * sizeof( int );
+
+ if ( ! yy_start_stack )
+ yy_start_stack = (int *) yy_flex_alloc( new_size );
+
+ else
+ yy_start_stack = (int *) yy_flex_realloc(
+ (void *) yy_start_stack, new_size );
+
+ if ( ! yy_start_stack )
+ YY_FATAL_ERROR(
+ "out of memory expanding start-condition stack" );
+ }
+
+ yy_start_stack[yy_start_stack_ptr++] = YY_START;
+
+ BEGIN(new_state);
+ }
+#endif
+
+
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state()
+ {
+ if ( --yy_start_stack_ptr < 0 )
+ YY_FATAL_ERROR( "start-condition stack underflow" );
+
+ BEGIN(yy_start_stack[yy_start_stack_ptr]);
+ }
+#endif
+
+
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state()
+ {
+ return yy_start_stack[yy_start_stack_ptr - 1];
+ }
+#endif
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+#ifdef YY_USE_PROTOS
+static void yy_fatal_error( yyconst char msg[] )
+#else
+static void yy_fatal_error( msg )
+char msg[];
+#endif
+ {
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+ }
+
+
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ yytext[yyleng] = yy_hold_char; \
+ yy_c_buf_p = yytext + n; \
+ yy_hold_char = *yy_c_buf_p; \
+ *yy_c_buf_p = '\0'; \
+ yyleng = n; \
+ } \
+ while ( 0 )
+
+
+/* Internal utility routines. */
+
+#ifndef yytext_ptr
+#ifdef YY_USE_PROTOS
+static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+#else
+static void yy_flex_strncpy( s1, s2, n )
+char *s1;
+yyconst char *s2;
+int n;
+#endif
+ {
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+ }
+#endif
+
+#ifdef YY_NEED_STRLEN
+#ifdef YY_USE_PROTOS
+static int yy_flex_strlen( yyconst char *s )
+#else
+static int yy_flex_strlen( s )
+yyconst char *s;
+#endif
+ {
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+ }
+#endif
+
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_alloc( yy_size_t size )
+#else
+static void *yy_flex_alloc( size )
+yy_size_t size;
+#endif
+ {
+ return (void *) malloc( size );
+ }
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_realloc( void *ptr, yy_size_t size )
+#else
+static void *yy_flex_realloc( ptr, size )
+void *ptr;
+yy_size_t size;
+#endif
+ {
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+ }
+
+#ifdef YY_USE_PROTOS
+static void yy_flex_free( void *ptr )
+#else
+static void yy_flex_free( ptr )
+void *ptr;
+#endif
+ {
+ free( ptr );
+ }
+
+#if YY_MAIN
+int main()
+ {
+ yylex();
+ return 0;
+ }
+#endif
+#line 284 "lexer.l"
+
+
+const char *const builtinservicehelpstrings[]= {
+ "environment",
+ "parameter <parameter>",
+ "version",
+ "toplevel",
+ "override",
+ "reset",
+ "execute",
+ "help",
+ 0
+};
+
+#include "parser.c"
+
--- /dev/null
+/*
+ * Copyright (C)1996-1997,1999 Ian Jackson
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+%{
+
+
+
+
+
+#include <syslog.h>
+#include <assert.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <fnmatch.h>
+#include <limits.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <errno.h>
+
+#include "config.h"
+#include "common.h"
+#include "daemon.h"
+#include "lib.h"
+#include "tokens.h"
+
+#define HYPHEN '-'
+
+typedef int directive_fnt(int dtoken);
+static directive_fnt df_reject, df_execute, df_executefrompath;
+static directive_fnt df_executefromdirectory, df_executebuiltin;
+static directive_fnt df_errorstostderr, df_errorstosyslog, df_errorstofile;
+static directive_fnt dfg_fdwant, dfg_setflag;
+static directive_fnt df_reset, df_cd, df_userrcfile, df_include;
+static directive_fnt df_includelookup, df_includedirectory;
+static directive_fnt df_message, df_error, df_quit, df_eof;
+static directive_fnt df_if, df_catchquit, df_errorspush;
+static directive_fnt dfi_includeuserrcfile, dfi_includeclientconfig;
+/* directive functions return:
+ * 0 for success having scanned up to and including end of line but not beyond,
+ * or tokv_error or tokv_quit.
+ * They expect to parse the whitespace before their parameters (if any).
+ */
+
+typedef int parmcondition_fnt(int ctoken, char *const *parmvalues, int *rtrue);
+static parmcondition_fnt pcf_glob, pcf_range, pcf_grep;
+/* all conditional functions return tokv_error for failure or 0 for success
+ * at parsing and testing, in which case *rtrue is set to 0 or 1.
+ * On success they have scanned up to and including the condition's
+ * terminating newline; the pcf_... functions expect to parse the whitespace
+ * between the parameter name and the condition's arguments.
+ * Otherwise they return tokv_error.
+ * The parameter-based conditionals take a list of parameter values
+ * as obtained from the parameter functions and pa_parameter,
+ * and do _not_ free it.
+ */
+
+typedef int parameter_fnt(int ptoken, char ***rvalues);
+static parameter_fnt pf_service;
+static parameter_fnt pf_callinguser, pf_serviceuser;
+static parameter_fnt pf_callinggroup, pf_servicegroup;
+static parameter_fnt pf_callingusershell, pf_serviceusershell;
+/* Parameter functions return tokv_error or 0 for success at parsing
+ * and determining the value, in which case *rvalues is made to be
+ * a mallocd null-terminated array of pointers to mallocd strings.
+ * freeparm can be used to free such an array.
+ */
+
+typedef int builtinserviceparse_fnt(char ***rnewargs);
+static builtinserviceparse_fnt bispa_none, bispa_parameter;
+/* These parse the arguments to a builtin service, including the
+ * newline at the end of the line. *rnewargs will initially be
+ * null, indicating that no arguments are to be set; the function
+ * may store a mallocd array of mallocd strings in it,
+ * containing the arguments it wishes to have set (null-pointer
+ * terminated).
+ */
+
+static int yylex(void);
+/* Returns a token (which may be an eof or error exception) */
+
+static directive_fnt *lr_dir;
+static parmcondition_fnt *lr_parmcond;
+static builtinserviceparse_fnt *lr_bispa;
+static builtinserviceexec_fnt *lr_bisexec;
+static parameter_fnt *lr_parameter;
+static int lr_loglevel, lr_logfacility, lr_min, lr_max, *lr_flag;
+static int lr_flagval, lr_controlend;
+static int lr_fdwant_readwrite; /* -1=never, 0=opt, 1=always */
+
+/* Forward declarations of things used in lexer and parser */
+
+struct parser_state {
+ int lineno, reportlineno, notedreferer, isinternal;
+ const char *filename;
+ struct stat filestab;
+ YY_BUFFER_STATE ybuf;
+ struct parser_state *upstate;
+};
+
+static struct parser_state *cstate;
+
+struct error_handling {
+ int handling; /* One of the error handling modes tokt_ehandlemode */
+ int logfacility, loglevel;
+ int filekeep; /* File is in use by higher-level errors-push, leave it open */
+ FILE *file;
+ char *filename;
+};
+
+static struct error_handling eh = { tokv_word_errorstostderr, 0,0,0,0,0 };
+
+static int dequote(char *inplace);
+
+#define YY_NO_UNPUT
+
+%}
+
+%option noyywrap
+
+%%
+
+reject { lr_dir= df_reject; return tokv_word_reject; }
+execute-from-directory { lr_dir= df_executefromdirectory; return tokv_word_executefromdirectory; }
+execute-from-path { lr_dir= df_executefrompath; return tokv_word_executefrompath; }
+execute-builtin { lr_dir= df_executebuiltin; return tokv_word_executebuiltin; }
+errors-to-stderr { lr_dir= df_errorstostderr; return tokv_word_errorstostderr; }
+errors-to-syslog { lr_dir= df_errorstosyslog; return tokv_word_errorstosyslog; }
+errors-to-file { lr_dir= df_errorstofile; return tokv_word_errorstofile; }
+require-fd { lr_dir= dfg_fdwant; lr_fdwant_readwrite=1; return tokv_word_requirefd; }
+allow-fd { lr_dir= dfg_fdwant; lr_fdwant_readwrite=0; return tokv_word_allowfd; }
+null-fd { lr_dir= dfg_fdwant; lr_fdwant_readwrite=0; return tokv_word_nullfd; }
+reject-fd { lr_dir= dfg_fdwant; lr_fdwant_readwrite=-1; return tokv_word_rejectfd; }
+ignore-fd { lr_dir= dfg_fdwant; lr_fdwant_readwrite=-1; return tokv_word_ignorefd; }
+set-environment { lr_dir= dfg_setflag; lr_flag= &setenvironment; lr_flagval= 1; return tokv_word_setenvironment; }
+no-set-environment { lr_dir= dfg_setflag; lr_flag= &setenvironment; lr_flagval= 0; return tokv_word_nosetenvironment; }
+suppress-args { lr_dir= dfg_setflag; lr_flag= &suppressargs; lr_flagval= 1; return tokv_word_suppressargs; }
+no-suppress-args { lr_dir= dfg_setflag; lr_flag= &suppressargs; lr_flagval= 0; return tokv_word_nosuppressargs; }
+disconnect-hup { lr_dir= dfg_setflag; lr_flag= &disconnecthup; lr_flagval= 1; return tokv_word_disconnecthup; }
+no-disconnect-hup { lr_dir= dfg_setflag; lr_flag= &disconnecthup; lr_flagval= 0; return tokv_word_nodisconnecthup; }
+cd { lr_dir= df_cd; return tokv_word_cd; }
+user-rcfile { lr_dir= df_userrcfile; return tokv_word_userrcfile; }
+include { lr_dir= df_include; return tokv_word_include; }
+include-ifexist { lr_dir= df_include; return tokv_word_includeifexist; }
+include-lookup { lr_dir= df_includelookup; return tokv_word_includelookup; }
+include-lookup-all { lr_dir= df_includelookup; return tokv_word_includelookupall; }
+include-directory { lr_dir= df_includedirectory; return tokv_word_includedirectory; }
+message { lr_dir= df_message; return tokv_word_message; }
+_include-sysconfig { lr_dir= df_include; return tokv_word_includesysconfig; }
+_include-user-rcfile { lr_dir= dfi_includeuserrcfile; return tokv_word_includeuserrcfile; }
+_include-client-config { lr_dir= dfi_includeclientconfig; return tokv_word_includeclientconfig; }
+quit { lr_dir= df_quit; return tokv_word_quit; }
+eof { lr_dir= df_eof; return tokv_word_eof; }
+if { lr_dir= df_if; return tokv_word_if; }
+catch-quit { lr_dir= df_catchquit; return tokv_word_catchquit; }
+errors-push { lr_dir= df_errorspush; return tokv_word_errorspush; }
+elif { lr_controlend= tokv_word_if; return tokv_word_elif; }
+else { lr_controlend= tokv_word_if; return tokv_word_else; }
+fi { lr_controlend= tokv_word_if; return tokv_word_fi; }
+hctac { lr_controlend= tokv_word_catchquit; return tokv_word_hctac; }
+srorre { lr_controlend= tokv_word_errorspush; return tokv_word_srorre; }
+glob { lr_parmcond= pcf_glob; return tokv_word_glob; }
+range { lr_parmcond= pcf_range; return tokv_word_range; }
+grep { lr_parmcond= pcf_grep; return tokv_word_grep; }
+environment { lr_bispa= bispa_none; lr_bisexec= bisexec_environment; return tokv_word_environment; }
+parameter { lr_bispa= bispa_parameter; lr_bisexec= bisexec_parameter; return tokv_word_parameter; }
+version { lr_bispa= bispa_none; lr_bisexec= bisexec_version; return tokv_word_version; }
+toplevel { lr_bispa= bispa_none; lr_bisexec= bisexec_toplevel; return tokv_word_toplevel; }
+override { lr_bispa= bispa_none; lr_bisexec= bisexec_override; return tokv_word_override; }
+reset { lr_bispa= bispa_none; lr_bisexec= bisexec_reset; lr_dir= df_reset; return tokv_word_reset; }
+execute { lr_bispa= bispa_none; lr_bisexec= bisexec_execute; lr_dir= df_execute; return tokv_word_execute; }
+help { lr_bispa= bispa_none; lr_bisexec= bisexec_help; return tokv_word_help; }
+service { lr_parameter= pf_service; return tokv_word_service; }
+calling-user { lr_parameter= pf_callinguser; return tokv_word_callinguser; }
+calling-group { lr_parameter= pf_callinggroup; return tokv_word_callinggroup; }
+calling-user-shell { lr_parameter= pf_callingusershell; return tokv_word_callingusershell; }
+service-user { lr_parameter= pf_serviceuser; return tokv_word_serviceuser; }
+service-group { lr_parameter= pf_servicegroup; return tokv_word_servicegroup; }
+service-user-shell { lr_parameter= pf_serviceusershell; return tokv_word_serviceusershell; }
+debug { lr_loglevel= LOG_DEBUG; return tokv_syslog_debug; }
+info { lr_loglevel= LOG_INFO; return tokv_syslog_info; }
+notice { lr_loglevel= LOG_NOTICE; return tokv_syslog_notice; }
+warn(ing)? { lr_loglevel= LOG_WARNING; return tokv_syslog_warning; }
+err { lr_loglevel= LOG_ERR; return tokv_syslog_err; }
+crit { lr_loglevel= LOG_CRIT; return tokv_syslog_crit; }
+alert { lr_loglevel= LOG_ALERT; return tokv_syslog_alert; }
+emerg|panic { lr_loglevel= LOG_EMERG; return tokv_syslog_emerg; }
+auth(priv)?|security { lr_logfacility= LOG_AUTHPRIV; return tokv_syslog_authpriv; }
+cron { lr_logfacility= LOG_CRON; return tokv_syslog_cron; }
+daemon { lr_logfacility= LOG_DAEMON; return tokv_syslog_daemon; }
+kern(el)? { lr_logfacility= LOG_KERN; return tokv_syslog_kern; }
+lpr { lr_logfacility= LOG_LPR; return tokv_syslog_lpr; }
+mail { lr_logfacility= LOG_MAIL; return tokv_syslog_mail; }
+news { lr_logfacility= LOG_NEWS; return tokv_syslog_news; }
+syslog { lr_logfacility= LOG_SYSLOG; return tokv_syslog_syslog; }
+user { lr_logfacility= LOG_USER; return tokv_syslog_user; }
+uucp { lr_logfacility= LOG_UUCP; return tokv_syslog_uucp; }
+local0 { lr_logfacility= LOG_LOCAL0; return tokv_syslog_local0; }
+local1 { lr_logfacility= LOG_LOCAL1; return tokv_syslog_local1; }
+local2 { lr_logfacility= LOG_LOCAL2; return tokv_syslog_local2; }
+local3 { lr_logfacility= LOG_LOCAL3; return tokv_syslog_local3; }
+local4 { lr_logfacility= LOG_LOCAL4; return tokv_syslog_local4; }
+local5 { lr_logfacility= LOG_LOCAL5; return tokv_syslog_local5; }
+local6 { lr_logfacility= LOG_LOCAL6; return tokv_syslog_local6; }
+local7 { lr_logfacility= LOG_LOCAL7; return tokv_syslog_local7; }
+read { return tokv_word_read; }
+write { return tokv_word_write; }
+\$ { return tokv_dollar; }
+\( { return tokv_openparen; }
+\) { return tokv_closeparen; }
+\! { return tokv_not; }
+\& { return tokv_and; }
+\| { return tokv_or; }
+error { lr_dir= df_error; lr_loglevel= LOG_ERR; return tokv_word_error; }
+
+
+
+[0-9]{1,8} {
+ char *ep;
+ lr_min=lr_max= (int)strtoul(yytext,&ep,10);
+ assert(!*ep);
+ return tokv_ordinal;
+ }
+[0-9]{1,8}-[0-9]{1,8} {
+ char *ep;
+ lr_min= (int)strtoul(yytext,&ep,10);
+ assert(*ep == HYPHEN);
+ assert(*++ep);
+ lr_max= (int)strtoul(ep,&ep,10);
+ assert(!*ep);
+ if (lr_max < lr_min) {
+ parseerrprint("fd range has min > max");
+ return tokv_error;
+ }
+ return tokv_fdrange;
+ }
+[0-9]{1,8}- {
+ char *ep;
+ lr_min= (int)strtoul(yytext,&ep,10);
+ assert(*ep == HYPHEN);
+ assert(!*++ep);
+ lr_max=-1;
+ return tokv_fdstoend;
+ }
+[\ \t]+ return tokv_lwsp;
+[\ \t]*\n cstate->lineno++; return tokv_newline;
+[\ \t]*\#[^\n]*\n cstate->lineno++; return tokv_newline;
+[\ \t]*\#[^\n]* {
+ parseerrprint("missing newline at eof after comment");
+ return tokv_error;
+ }
+\"([^\\\"\n]|\\[a-z]|\\[0-9]{3}|\\x[0-9A-Fa-f]{2}|\\[[:punct:]]|\\[ \t]*\n)*\" {
+ return dequote(yytext);
+ }
+\".* {
+ parseerrprint("misquoted or unterminated string");
+ return tokv_error;
+ }
+[^\ \t\n]+ return tokv_barestring;
+<<EOF>> return tokv_eof;
+
+
+%%
+
+const char *const builtinservicehelpstrings[]= {
+ "environment",
+ "parameter <parameter>",
+ "version",
+ "toplevel",
+ "override",
+ "reset",
+ "execute",
+ "help",
+ 0
+};
+
+#include "parser.c"
+
--- /dev/null
+%!PS-Adobe-2.0
+%%Title: overview.fig
+%%Creator: fig2dev Version 3.2 Patchlevel 0-beta3
+%%CreationDate: Sun Apr 18 18:52:55 1999
+%%For: ian@anarres (Ian Jackson)
+%%Orientation: Landscape
+%%BoundingBox: 121 174 474 667
+%%Pages: 1
+%%BeginSetup
+%%IncludeFeature: *PageSize A4
+%%EndSetup
+%%Magnification: 1.0000
+%%EndComments
+/$F2psDict 200 dict def
+$F2psDict begin
+$F2psDict /mtrx matrix put
+/col-1 {0 setgray} bind def
+/col0 {0.000 0.000 0.000 srgb} bind def
+/col1 {0.000 0.000 1.000 srgb} bind def
+/col2 {0.000 1.000 0.000 srgb} bind def
+/col3 {0.000 1.000 1.000 srgb} bind def
+/col4 {1.000 0.000 0.000 srgb} bind def
+/col5 {1.000 0.000 1.000 srgb} bind def
+/col6 {1.000 1.000 0.000 srgb} bind def
+/col7 {1.000 1.000 1.000 srgb} bind def
+/col8 {0.000 0.000 0.560 srgb} bind def
+/col9 {0.000 0.000 0.690 srgb} bind def
+/col10 {0.000 0.000 0.820 srgb} bind def
+/col11 {0.530 0.810 1.000 srgb} bind def
+/col12 {0.000 0.560 0.000 srgb} bind def
+/col13 {0.000 0.690 0.000 srgb} bind def
+/col14 {0.000 0.820 0.000 srgb} bind def
+/col15 {0.000 0.560 0.560 srgb} bind def
+/col16 {0.000 0.690 0.690 srgb} bind def
+/col17 {0.000 0.820 0.820 srgb} bind def
+/col18 {0.560 0.000 0.000 srgb} bind def
+/col19 {0.690 0.000 0.000 srgb} bind def
+/col20 {0.820 0.000 0.000 srgb} bind def
+/col21 {0.560 0.000 0.560 srgb} bind def
+/col22 {0.690 0.000 0.690 srgb} bind def
+/col23 {0.820 0.000 0.820 srgb} bind def
+/col24 {0.500 0.190 0.000 srgb} bind def
+/col25 {0.630 0.250 0.000 srgb} bind def
+/col26 {0.750 0.380 0.000 srgb} bind def
+/col27 {1.000 0.500 0.500 srgb} bind def
+/col28 {1.000 0.630 0.630 srgb} bind def
+/col29 {1.000 0.750 0.750 srgb} bind def
+/col30 {1.000 0.880 0.880 srgb} bind def
+/col31 {1.000 0.840 0.000 srgb} bind def
+
+end
+save
+68.0 130.5 translate
+ 90 rotate
+1 -1 scale
+
+/cp {closepath} bind def
+/ef {eofill} bind def
+/gr {grestore} bind def
+/gs {gsave} bind def
+/sa {save} bind def
+/rs {restore} bind def
+/l {lineto} bind def
+/m {moveto} bind def
+/rm {rmoveto} bind def
+/n {newpath} bind def
+/s {stroke} bind def
+/sh {show} bind def
+/slc {setlinecap} bind def
+/slj {setlinejoin} bind def
+/slw {setlinewidth} bind def
+/srgb {setrgbcolor} bind def
+/rot {rotate} bind def
+/sc {scale} bind def
+/sd {setdash} bind def
+/ff {findfont} bind def
+/sf {setfont} bind def
+/scf {scalefont} bind def
+/sw {stringwidth} bind def
+/tr {translate} bind def
+/tnt {dup dup currentrgbcolor
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
+ bind def
+/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
+ 4 -2 roll mul srgb} bind def
+/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
+/$F2psEnd {$F2psEnteredState restore end} def
+%%EndProlog
+
+$F2psBegin
+10 setmiterlimit
+n -1000 7762 m -1000 -1000 l 9946 -1000 l 9946 7762 l cp clip
+ 0.06000 0.06000 sc
+%%Page: 1 1
+% Polyline
+7.500 slw
+ [15 45] 45 sd
+gs clippath
+3405 2328 m 3375 2448 l 3345 2328 l 3345 2490 l 3405 2490 l cp
+clip
+n 3375 1875 m 3375 2475 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 3405 2328 m 3375 2448 l 3345 2328 l col-1 s
+% Polyline
+ [15 45] 45 sd
+gs clippath
+5928 2970 m 6048 2999 l 5928 3030 l 6090 3030 l 6090 2970 l cp
+4306 3029 m 4185 2999 l 4306 2969 l 4144 2969 l 4144 3029 l cp
+clip
+n 4159 2999 m 6075 3000 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 4306 3029 m 4185 2999 l 4306 2969 l col-1 s
+% arrowhead
+n 5928 2970 m 6048 2999 l 5928 3030 l col-1 s
+% Polyline
+ [15 45] 45 sd
+gs clippath
+3405 4203 m 3375 4323 l 3345 4203 l 3345 4365 l 3405 4365 l cp
+clip
+n 3375 3525 m 3375 4350 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 3405 4203 m 3375 4323 l 3345 4203 l col-1 s
+% Polyline
+n 2700 4425 m 4125 4425 l 4125 5025 l 2700 5025 l cp gs col0 s gr
+% Polyline
+n 2700 4575 m 4125 4575 l 4125 5175 l 2700 5175 l cp gs col0 s gr
+% Polyline
+ [15 45] 45 sd
+gs clippath
+6930 5628 m 6900 5748 l 6870 5628 l 6870 5790 l 6930 5790 l cp
+clip
+n 6900 3525 m 6900 5775 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 6930 5628 m 6900 5748 l 6870 5628 l col-1 s
+% Polyline
+n 2700 2533 m 4125 2533 l 4125 3465 l 2700 3465 l cp gs col-1 s gr
+% Polyline
+n 2700 900 m 4125 900 l 4125 1834 l 2700 1834 l cp gs col-1 s gr
+% Polyline
+n 6176 2533 m 7650 2533 l 7650 3465 l 6176 3465 l cp gs col-1 s gr
+% Polyline
+n 6176 5815 m 7650 5815 l 7650 6749 l 6176 6749 l cp gs col-1 s gr
+% Polyline
+ [60] 0 sd
+n 825 5250 m 826 5250 l 830 5250 l 836 5250 l 846 5249 l 859 5249 l
+ 877 5248 l 900 5248 l 927 5247 l 959 5246 l 995 5245 l
+ 1035 5244 l 1078 5242 l 1124 5241 l 1172 5240 l 1221 5239 l
+ 1271 5238 l 1322 5237 l 1371 5236 l 1420 5235 l 1468 5235 l
+ 1514 5235 l 1559 5235 l 1601 5235 l 1641 5236 l 1680 5236 l
+ 1716 5238 l 1751 5239 l 1784 5241 l 1815 5244 l 1845 5247 l
+ 1875 5250 l 1908 5254 l 1940 5259 l 1972 5265 l 2001 5271 l
+ 2030 5278 l 2057 5285 l 2083 5293 l 2108 5301 l 2131 5310 l
+ 2153 5319 l 2175 5329 l 2196 5339 l 2217 5349 l 2238 5359 l
+ 2260 5369 l 2282 5379 l 2304 5389 l 2329 5399 l 2354 5408 l
+ 2382 5418 l 2412 5426 l 2444 5435 l 2479 5443 l 2517 5450 l
+ 2558 5457 l 2602 5463 l 2649 5469 l 2700 5475 l 2734 5478 l
+ 2769 5482 l 2805 5485 l 2843 5488 l 2881 5490 l 2921 5493 l
+ 2961 5496 l 3002 5498 l 3045 5501 l 3087 5504 l 3131 5506 l
+ 3175 5508 l 3220 5511 l 3265 5513 l 3311 5515 l 3358 5517 l
+ 3405 5520 l 3452 5522 l 3500 5524 l 3548 5526 l 3596 5528 l
+ 3645 5530 l 3693 5532 l 3743 5534 l 3792 5536 l 3842 5538 l
+ 3892 5539 l 3942 5541 l 3993 5542 l 4043 5544 l 4095 5545 l
+ 4146 5546 l 4198 5548 l 4250 5549 l 4302 5550 l 4355 5550 l
+ 4408 5551 l 4462 5551 l 4517 5552 l 4572 5552 l 4628 5552 l
+ 4684 5551 l 4742 5551 l 4800 5550 l 4848 5549 l 4897 5548 l
+ 4947 5547 l 4998 5546 l 5049 5545 l 5102 5543 l 5155 5541 l
+ 5210 5540 l 5265 5538 l 5321 5536 l 5379 5533 l 5437 5531 l
+ 5496 5529 l 5556 5526 l 5617 5523 l 5679 5521 l 5741 5518 l
+ 5804 5515 l 5868 5512 l 5932 5509 l 5997 5506 l 6062 5502 l
+ 6127 5499 l 6193 5496 l 6258 5492 l 6324 5489 l 6390 5486 l
+ 6456 5482 l 6522 5479 l 6587 5475 l 6652 5472 l 6716 5468 l
+ 6780 5465 l 6844 5461 l 6906 5458 l 6968 5455 l 7029 5451 l
+ 7089 5448 l 7148 5445 l 7206 5441 l 7263 5438 l 7318 5435 l
+ 7373 5432 l 7426 5429 l 7477 5426 l 7527 5423 l 7576 5420 l
+ 7623 5417 l 7669 5414 l 7713 5411 l 7756 5408 l 7797 5406 l
+ 7837 5403 l 7875 5400 l 7940 5395 l 8001 5390 l 8059 5385 l
+ 8113 5379 l 8164 5374 l 8214 5368 l 8261 5362 l 8307 5355 l
+ 8352 5349 l 8396 5342 l 8438 5335 l 8480 5327 l 8520 5320 l
+ 8560 5312 l 8598 5305 l 8634 5298 l 8668 5291 l 8699 5284 l
+ 8728 5278 l 8755 5272 l 8777 5267 l 8797 5262 l 8813 5259 l
+ 8826 5256 l 8836 5253 l 8842 5252 l 8847 5251 l 8849 5250 l
+ 8850 5250 l gs col-1 s gr [] 0 sd
+% Polyline
+ [60] 0 sd
+n 4650 6750 m 4650 6749 l 4650 6746 l 4650 6740 l 4650 6731 l 4649 6718 l
+ 4649 6701 l 4649 6680 l 4648 6653 l 4647 6621 l 4646 6584 l
+ 4646 6542 l 4644 6496 l 4643 6445 l 4642 6390 l 4641 6331 l
+ 4639 6270 l 4637 6206 l 4636 6140 l 4634 6072 l 4632 6005 l
+ 4630 5937 l 4628 5869 l 4626 5802 l 4623 5737 l 4621 5673 l
+ 4619 5611 l 4616 5552 l 4613 5494 l 4611 5440 l 4608 5387 l
+ 4605 5338 l 4602 5291 l 4599 5246 l 4595 5204 l 4592 5165 l
+ 4588 5127 l 4584 5091 l 4580 5057 l 4575 5025 l 4568 4981 l
+ 4561 4938 l 4553 4898 l 4546 4860 l 4539 4823 l 4532 4788 l
+ 4525 4754 l 4518 4722 l 4512 4690 l 4506 4660 l 4500 4630 l
+ 4494 4601 l 4488 4573 l 4481 4546 l 4475 4519 l 4467 4492 l
+ 4459 4465 l 4450 4439 l 4440 4413 l 4429 4388 l 4417 4362 l
+ 4402 4337 l 4386 4313 l 4369 4289 l 4349 4265 l 4326 4243 l
+ 4302 4221 l 4275 4200 l 4252 4185 l 4228 4170 l 4202 4157 l
+ 4175 4144 l 4146 4132 l 4115 4121 l 4083 4110 l 4049 4100 l
+ 4014 4091 l 3977 4083 l 3939 4075 l 3900 4067 l 3860 4060 l
+ 3820 4053 l 3778 4047 l 3736 4041 l 3694 4035 l 3652 4029 l
+ 3609 4023 l 3567 4018 l 3524 4012 l 3482 4006 l 3441 4000 l
+ 3401 3994 l 3361 3988 l 3322 3981 l 3284 3975 l 3248 3967 l
+ 3212 3960 l 3178 3952 l 3145 3944 l 3114 3936 l 3083 3927 l
+ 3054 3918 l 3027 3909 l 3000 3900 l 2965 3887 l 2932 3874 l
+ 2900 3861 l 2870 3848 l 2841 3836 l 2813 3824 l 2786 3812 l
+ 2760 3801 l 2735 3790 l 2710 3780 l 2686 3769 l 2663 3758 l
+ 2640 3748 l 2618 3737 l 2596 3725 l 2574 3713 l 2553 3700 l
+ 2533 3687 l 2513 3672 l 2494 3656 l 2476 3638 l 2458 3619 l
+ 2442 3598 l 2426 3576 l 2412 3551 l 2400 3525 l 2391 3502 l
+ 2384 3478 l 2377 3452 l 2371 3424 l 2366 3396 l 2362 3365 l
+ 2359 3333 l 2357 3300 l 2355 3266 l 2353 3230 l 2353 3193 l
+ 2352 3156 l 2352 3117 l 2353 3079 l 2353 3039 l 2354 3000 l
+ 2356 2961 l 2357 2921 l 2359 2883 l 2360 2844 l 2362 2807 l
+ 2364 2770 l 2367 2734 l 2369 2700 l 2372 2667 l 2375 2635 l
+ 2378 2604 l 2381 2576 l 2385 2548 l 2390 2522 l 2394 2498 l
+ 2400 2475 l 2408 2449 l 2416 2424 l 2424 2401 l 2433 2380 l
+ 2441 2361 l 2449 2342 l 2456 2325 l 2462 2309 l 2468 2295 l
+ 2474 2280 l 2480 2267 l 2486 2254 l 2493 2242 l 2500 2230 l
+ 2508 2218 l 2518 2207 l 2529 2195 l 2543 2184 l 2559 2173 l
+ 2579 2162 l 2601 2150 l 2628 2140 l 2658 2129 l 2692 2119 l
+ 2731 2109 l 2775 2100 l 2803 2095 l 2833 2090 l 2864 2086 l
+ 2897 2082 l 2932 2078 l 2967 2074 l 3005 2071 l 3043 2068 l
+ 3083 2065 l 3124 2062 l 3166 2060 l 3209 2058 l 3252 2055 l
+ 3297 2053 l 3343 2052 l 3389 2050 l 3436 2048 l 3484 2047 l
+ 3532 2045 l 3580 2044 l 3629 2043 l 3679 2041 l 3728 2040 l
+ 3778 2039 l 3828 2038 l 3878 2037 l 3929 2036 l 3979 2035 l
+ 4030 2034 l 4080 2033 l 4131 2032 l 4182 2032 l 4232 2031 l
+ 4283 2030 l 4334 2029 l 4385 2028 l 4436 2028 l 4487 2027 l
+ 4538 2027 l 4590 2026 l 4642 2026 l 4694 2025 l 4747 2025 l
+ 4800 2025 l 4848 2025 l 4896 2025 l 4945 2026 l 4994 2026 l
+ 5045 2026 l 5096 2027 l 5148 2028 l 5201 2028 l 5255 2029 l
+ 5310 2030 l 5366 2031 l 5423 2032 l 5480 2033 l 5538 2034 l
+ 5597 2035 l 5657 2036 l 5717 2037 l 5778 2039 l 5840 2040 l
+ 5901 2041 l 5963 2043 l 6026 2044 l 6088 2045 l 6151 2047 l
+ 6213 2048 l 6276 2050 l 6338 2051 l 6400 2053 l 6461 2055 l
+ 6522 2056 l 6582 2058 l 6641 2060 l 6700 2061 l 6758 2063 l
+ 6815 2065 l 6870 2067 l 6925 2069 l 6978 2071 l 7030 2073 l
+ 7081 2075 l 7130 2077 l 7177 2079 l 7223 2082 l 7268 2084 l
+ 7311 2086 l 7352 2089 l 7391 2092 l 7429 2094 l 7465 2097 l
+ 7500 2100 l 7562 2106 l 7618 2112 l 7668 2119 l 7713 2127 l
+ 7752 2135 l 7787 2143 l 7817 2152 l 7843 2160 l 7866 2170 l
+ 7885 2179 l 7903 2189 l 7918 2199 l 7932 2209 l 7946 2219 l
+ 7959 2229 l 7973 2239 l 7987 2249 l 8002 2258 l 8018 2268 l
+ 8036 2277 l 8056 2285 l 8077 2294 l 8100 2302 l 8124 2310 l
+ 8149 2318 l 8175 2325 l 8201 2332 l 8228 2339 l 8255 2346 l
+ 8283 2353 l 8313 2360 l 8345 2368 l 8378 2375 l 8412 2383 l
+ 8449 2391 l 8486 2399 l 8525 2407 l 8564 2416 l 8603 2424 l
+ 8641 2432 l 8677 2439 l 8711 2446 l 8742 2453 l 8770 2459 l
+ 8793 2463 l 8812 2467 l 8827 2470 l 8838 2472 l 8845 2474 l
+ 8848 2475 l 8850 2475 l gs col-1 s gr [] 0 sd
+% Polyline
+ [15 45] 45 sd
+gs clippath
+2479 4691 m 2598 4724 l 2477 4751 l 2639 4755 l 2641 4695 l cp
+clip
+n 2625 4725 m 2590 4724 l 2569 4724 l 2542 4724 l 2511 4723 l 2477 4722 l
+ 2441 4721 l 2404 4720 l 2368 4719 l 2332 4717 l 2298 4715 l
+ 2266 4714 l 2236 4712 l 2208 4710 l 2182 4707 l 2157 4705 l
+ 2134 4702 l 2112 4699 l 2091 4695 l 2070 4692 l 2050 4688 l
+ 2028 4683 l 2006 4677 l 1985 4672 l 1962 4665 l 1940 4659 l
+ 1917 4652 l 1893 4644 l 1869 4637 l 1845 4629 l 1820 4621 l
+ 1795 4612 l 1769 4604 l 1744 4596 l 1718 4588 l 1692 4581 l
+ 1667 4573 l 1641 4566 l 1616 4560 l 1590 4553 l 1565 4548 l
+ 1539 4542 l 1513 4538 l 1490 4534 l 1466 4530 l 1442 4527 l
+ 1416 4524 l 1390 4521 l 1361 4519 l 1330 4517 l 1298 4515 l
+ 1263 4513 l 1225 4511 l 1185 4509 l 1143 4508 l 1099 4506 l
+ 1053 4505 l 1007 4504 l 962 4503 l 919 4502 l 879 4502 l
+ 843 4501 l 812 4501 l 788 4500 l 771 4500 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 2479 4691 m 2598 4724 l 2477 4751 l col-1 s
+% Polyline
+ [15 45] 45 sd
+gs clippath
+4345 4687 m 4226 4651 l 4348 4627 l 4186 4619 l 4184 4679 l cp
+clip
+n 4200 4650 m 4242 4652 l 4266 4653 l 4295 4654 l 4326 4656 l 4359 4658 l
+ 4392 4661 l 4423 4664 l 4453 4667 l 4481 4671 l 4506 4675 l
+ 4529 4679 l 4551 4685 l 4571 4690 l 4590 4697 l 4608 4704 l
+ 4625 4713 l 4641 4721 l 4656 4730 l 4671 4740 l 4686 4751 l
+ 4702 4763 l 4717 4776 l 4733 4791 l 4748 4807 l 4763 4825 l
+ 4778 4843 l 4793 4863 l 4808 4885 l 4822 4907 l 4835 4931 l
+ 4848 4955 l 4861 4981 l 4873 5007 l 4884 5034 l 4895 5061 l
+ 4906 5090 l 4915 5119 l 4925 5150 l 4932 5175 l 4939 5201 l
+ 4947 5228 l 4954 5256 l 4961 5285 l 4968 5315 l 4975 5346 l
+ 4982 5378 l 4990 5411 l 4997 5444 l 5005 5478 l 5013 5513 l
+ 5021 5548 l 5028 5582 l 5037 5617 l 5045 5651 l 5053 5685 l
+ 5061 5718 l 5070 5750 l 5078 5781 l 5087 5811 l 5095 5840 l
+ 5104 5868 l 5113 5894 l 5122 5920 l 5131 5943 l 5140 5966 l
+ 5150 5988 l 5162 6011 l 5174 6033 l 5187 6055 l 5200 6075 l
+ 5215 6094 l 5230 6112 l 5245 6129 l 5262 6145 l 5279 6160 l
+ 5297 6174 l 5315 6187 l 5334 6199 l 5353 6210 l 5372 6220 l
+ 5391 6229 l 5411 6237 l 5430 6244 l 5450 6250 l 5469 6256 l
+ 5488 6261 l 5507 6265 l 5525 6269 l 5544 6272 l 5563 6275 l
+ 5583 6278 l 5604 6281 l 5625 6283 l 5647 6285 l 5671 6287 l
+ 5696 6289 l 5722 6291 l 5751 6292 l 5782 6293 l 5814 6295 l
+ 5848 6296 l 5884 6297 l 5919 6297 l 5953 6298 l 5985 6299 l
+ 6013 6299 l 6036 6300 l 6054 6300 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 4345 4687 m 4226 4651 l 4348 4627 l col-1 s
+% Polyline
+ [15 45] 45 sd
+gs clippath
+5928 6420 m 6048 6450 l 5928 6480 l 6090 6480 l 6090 6420 l cp
+clip
+n 4200 4800 m 4203 4800 l 4211 4800 l 4223 4801 l 4242 4802 l 4266 4803 l
+ 4295 4804 l 4326 4806 l 4359 4808 l 4392 4811 l 4423 4814 l
+ 4453 4817 l 4481 4821 l 4506 4825 l 4529 4829 l 4551 4835 l
+ 4571 4840 l 4590 4847 l 4608 4854 l 4625 4863 l 4641 4871 l
+ 4656 4880 l 4671 4890 l 4686 4901 l 4702 4913 l 4717 4926 l
+ 4733 4941 l 4748 4957 l 4763 4975 l 4778 4993 l 4793 5013 l
+ 4808 5035 l 4822 5057 l 4835 5081 l 4848 5105 l 4861 5131 l
+ 4873 5157 l 4884 5184 l 4895 5211 l 4906 5240 l 4915 5269 l
+ 4925 5300 l 4932 5325 l 4939 5351 l 4947 5378 l 4954 5406 l
+ 4961 5435 l 4968 5465 l 4975 5496 l 4982 5528 l 4990 5561 l
+ 4997 5594 l 5005 5628 l 5013 5663 l 5021 5698 l 5028 5732 l
+ 5037 5767 l 5045 5801 l 5053 5835 l 5061 5868 l 5070 5900 l
+ 5078 5931 l 5087 5961 l 5095 5990 l 5104 6018 l 5113 6044 l
+ 5122 6070 l 5131 6093 l 5140 6116 l 5150 6138 l 5162 6161 l
+ 5174 6183 l 5187 6205 l 5200 6225 l 5215 6244 l 5230 6262 l
+ 5245 6279 l 5262 6295 l 5279 6310 l 5297 6324 l 5315 6337 l
+ 5334 6349 l 5353 6360 l 5372 6370 l 5391 6379 l 5411 6387 l
+ 5430 6394 l 5450 6400 l 5469 6406 l 5488 6411 l 5507 6415 l
+ 5525 6419 l 5544 6422 l 5563 6425 l 5583 6428 l 5604 6431 l
+ 5625 6433 l 5647 6435 l 5671 6437 l 5696 6439 l 5722 6441 l
+ 5751 6442 l 5782 6443 l 5814 6445 l 5848 6446 l 5884 6447 l
+ 5919 6447 l 5953 6448 l 5985 6449 l 6013 6449 l 6036 6450 l
+ 6075 6450 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 5928 6420 m 6048 6450 l 5928 6480 l col-1 s
+% Polyline
+ [15 45] 45 sd
+gs clippath
+897 4380 m 777 4350 l 897 4320 l 735 4320 l 735 4380 l cp
+clip
+n 2625 4575 m 2622 4575 l 2617 4575 l 2606 4575 l 2590 4574 l 2569 4574 l
+ 2542 4574 l 2511 4573 l 2477 4572 l 2441 4571 l 2404 4570 l
+ 2368 4569 l 2332 4567 l 2298 4565 l 2266 4564 l 2236 4562 l
+ 2208 4560 l 2182 4557 l 2157 4555 l 2134 4552 l 2112 4549 l
+ 2091 4545 l 2070 4542 l 2050 4538 l 2028 4533 l 2006 4527 l
+ 1985 4522 l 1962 4515 l 1940 4509 l 1917 4502 l 1893 4494 l
+ 1869 4487 l 1845 4479 l 1820 4471 l 1795 4462 l 1769 4454 l
+ 1744 4446 l 1718 4438 l 1692 4431 l 1667 4423 l 1641 4416 l
+ 1616 4410 l 1590 4403 l 1565 4398 l 1539 4392 l 1513 4388 l
+ 1490 4384 l 1466 4380 l 1442 4377 l 1416 4374 l 1390 4371 l
+ 1361 4369 l 1330 4367 l 1298 4365 l 1263 4363 l 1225 4361 l
+ 1185 4359 l 1143 4358 l 1099 4356 l 1053 4355 l 1007 4354 l
+ 962 4353 l 919 4352 l 879 4352 l 843 4351 l 812 4351 l
+ 788 4350 l 750 4350 l gs col-1 s gr gr
+ [] 0 sd
+% arrowhead
+n 897 4380 m 777 4350 l 897 4320 l col-1 s
+/Times-Italic ff 240.00 scf sf
+3460 2300 m
+gs 1 -1 sc (fork/exec) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+3460 3825 m
+gs 1 -1 sc (fork/exec) col-1 sh gr
+/Courier ff 285.00 scf sf
+3075 4800 m
+gs 1 -1 sc (cat) col-1 sh gr
+/Courier ff 285.00 scf sf
+3075 4950 m
+gs 1 -1 sc (cat) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+1425 5175 m
+gs 1 -1 sc (trusted) col-1 sh gr
+/Helvetica ff 285.00 scf sf
+1275 6525 m
+gs 1 -1 sc (unrelated processes) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+1050 5475 m
+gs 1 -1 sc (untrusted) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+975 5775 m
+gs 1 -1 sc (invoking user's security boundary) col-1 sh gr
+/Helvetica ff 285.00 scf sf
+7800 4725 m
+gs 1 -1 sc (TCB) col-1 sh gr
+/Helvetica ff 285.00 scf sf
+7800 6000 m
+gs 1 -1 sc (service) col-1 sh gr
+/Helvetica ff 285.00 scf sf
+7875 6225 m
+gs 1 -1 sc (user) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+7950 2175 m
+gs 1 -1 sc (untrusted) col-1 sh gr
+/Helvetica ff 285.00 scf sf
+5475 1500 m
+gs 1 -1 sc (invoking user) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+4875 4875 m
+gs 1 -1 sc (pipes \(set up by) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+5025 5100 m
+gs 1 -1 sc (client+daemon\)) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+5925 3758 m
+gs 1 -1 sc (fork/exec) col-1 sh gr
+/Times-Roman ff 300.00 scf sf
+6422 3058 m
+gs 1 -1 sc (Daemon) col-1 sh gr
+/Times-Roman ff 300.00 scf sf
+6422 6516 m
+gs 1 -1 sc (program) col-1 sh gr
+/Times-Roman ff 300.00 scf sf
+6422 6282 m
+gs 1 -1 sc (Service) col-1 sh gr
+/Times-Roman ff 300.00 scf sf
+2993 3058 m
+gs 1 -1 sc (Client) col-1 sh gr
+/Times-Roman ff 300.00 scf sf
+3000 1425 m
+gs 1 -1 sc (Caller) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+7050 2325 m
+gs 1 -1 sc (trusted) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+4800 2942 m
+gs 1 -1 sc (socket) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+750 4275 m
+gs 1 -1 sc (or passed from caller) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+825 3825 m
+gs 1 -1 sc (fds) col-1 sh gr
+/Times-Italic ff 240.00 scf sf
+825 4050 m
+gs 1 -1 sc (opened by client) col-1 sh gr
+/Helvetica ff 225.00 scf sf
+5700 1950 m
+gs 1 -1 sc (service user's security boundary) col-1 sh gr
+$F2psEnd
+rs
+showpage
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Client program usage
+</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 2<br>
+Client program usage
+
+</h1>
+<pre>userv <var>options</var> [--] <var>service-user</var> <var>service-name</var> [<var>argument</var> ...]
+userv <var>options</var> -B|--builtin [--] <var>builtin-service</var> [<var>info-argument</var> ...]</pre><P>
+
+<var>service-user</var> specifies which user is to provide the service.
+The user may be a login name or a numeric uid, or <code>-</code> to indicate
+that the service user is to be the same as the calling user.<P>
+
+The service name is interpreted by the userv<A href="footnotes.html#1" name="fr1">[1]</A>
+daemon on behalf of the service user. It will often be the name of a
+program.
+<hr>
+<h2><A name="s2.1">
+2.1 Options
+</A></h2>
+
+Single-letter options may be combined as is usual with Unix programs,
+and the value for such an option may appear in the same argument or in
+the next.
+
+<dl>
+<dt><code>-B</code><dt><code>--builtin</code><dd>Requests that a builtin service be provided. This is equivalent to
+using the <kbd>--override</kbd> option to specify a string consisting of
+<kbd>execute-builtin</kbd> followed by the <var>builtin-service</var>
+requested, and requesting a service user of <code>-</code> (indicating the
+calling user).<P>
+
+If the builtin service being requested requires a
+<var>service-argument</var> then this must be supplied to the client in the
+same argument as the <var>builtin-service</var>. See <A href="ch-config.html#s-dirs-execution">Directives for changing execution settings, subsection 4.2.4</A> for details of the builtin services available,
+and <A href="#s-optoverride">Security-overriding options, section 2.2</A> for details of the <kbd>--override</kbd>
+options.<P>
+
+The actual service name passed will be the <var>builtin-service</var>; note
+that this actual service name (as opposed to the override data) and
+the <var>info-argument</var>s supplied will be ignored by most builtin
+services; the override mechanism and <kbd>execute-builtin</kbd> will be
+used to ensure that the right builtin service is called with the right
+<var>service-argument</var>s.
+<p><dt><code>-f</code><var>fd</var><code>[</code><var>modifiers</var><code>]=</code><var>filename</var><code></code><dt><code>--file </code><var>fd</var><code>[</code><var>modifiers</var><code>]=</code><var>filename</var><code></code><dd>Requests that data be copied in and out of the service using pipes.
+For each file or descriptor this will be done by creating a pipe, one
+end of which is passed to the service program and the other end of
+which is passed to a copy of <kbd>cat</kbd> invoked by the client; the
+other file descriptor passed to <kbd>cat</kbd> will be one inherited by
+the client program from the caller or one opened by the client program
+on behalf of the caller.<P>
+
+The descriptor in the service program that should be connected must be
+specified as <var>fd</var>, either as a decimal number or as one of the
+strings <code>stdin</code>, <code>stdout</code> or <code>stderr</code>. The next argument is
+a filename which will be opened by the client with the privileges of
+the calling user.
+<P>
+<var>modifiers</var> is used to specify whether the file or descriptor is
+to be read from or written to. It consists of a series of words
+separated by commas. A comma may separate the <var>modifiers</var> from
+the <var>fd</var> and is required if <var>fd</var> is not numeric.
+<P>
+The modifier words are:
+<dl compact>
+<dt><code>read</code><dd><code>O_RDONLY</code>: Allow reading and not writing. May not be used with
+<code>write</code> or things that imply it.
+<dt><code>write</code><dd><code>O_WRONLY</code>: Allow writing and not reading. <em>Doesn't truncate or
+create</em> without <code>truncate</code> or <code>create</code>. <code>write</code> or things
+that imply it may not be used with <code>read</code>.
+<dt><code>overwrite</code><dd>Equivalent to <code>write,create,truncate</code>.
+<dt><code>create</code><dt><code>creat</code><dd><code>O_CREAT</code>: Creates the file if necessary. Implies <code>write</code>.
+<dt><code>exclusive</code><dt><code>excl</code><dd><code>O_EXCL</code>: Fails if the file already exists. Implies <code>write</code> and
+<code>create</code>. May not be used with <code>truncate</code>.
+<dt><code>truncate</code><dt><code>trunc</code><dd><code>O_TRUNC</code>: Truncate any existing file. Implies <code>write</code>.
+May not be used with <code>exclusive</code>.
+<dt><code>append</code><dd><code>O_APPEND</code>: All writes will append to the file. Implies <code>write</code>
+(but not <code>create</code>).
+<dt><code>sync</code><dd><code>O_SYNC</code>: Do writes synchronously. Implies <code>write</code>.
+<dt><code>wait</code><dt><code>nowait</code><dt><code>close</code><dd>These modifiers control the behaviour of the client, with respect to
+the pipes carrying data to and from the service, when the service
+terminates. See below.
+<dt><code>fd</code><dd>The <var>filename</var> is not a filename but a numeric file descriptor.
+One or both of <code>read</code> and <code>write</code> must be specified, and no
+other words are allowed. The <var>filename</var> may also be <code>stdin</code>,
+<code>stdout</code> or <code>stderr</code> for file descriptor 0, 1 or 2 respectively.
+</dl>
+<P>
+
+If no <var>modifiers</var> which imply <code>read</code> or <code>write</code> are used it
+is as if <code>write</code> had been specified, except that if the
+filedescriptor 0 of the service is being opened (either specified
+numerically or with <code>stdin</code>) it is as if <code>overwrite</code> had been
+specified (or <code>write</code> if only <code>fd</code> was specified).<P>
+
+The client will also use <code>O_NOCTTY</code> when opening files specified by
+the caller, to avoid changing its controlling terminal.<P>
+
+By default stdin, stdout and stderr of the service will be connected
+to the corresponding descriptors on the client. Diagnostics from
+the client and daemon will also appear on stderr.<P>
+
+If <code>wait</code> is specified, the client will wait for the pipe to be
+closed, and only exit after this has happened. This means that either
+the receiving end of the pipe connection was closed while data was
+still available at the sending end, or that the end of file was
+reached on the reading file descriptor. Errors encountered reading or
+writing in the client at this stage will be considered a system error
+and cause the client to exit with status 255, but will not cause
+disconnection at the service side since the service has already
+exited.<P>
+
+If <code>close</code> is specified the client will immediately close the pipe
+connection by killing the relevant copy of <kbd>cat</kbd>. If the service
+uses the descriptor it will get <kbd>SIGPIPE</kbd> (or <kbd>EPIPE</kbd>) for a
+writing descriptor or end of file for a reading one; the descriptor
+opened by or passed to the client will also be closed.<P>
+
+If <code>nowait</code> is specified then the client will not wait and the
+connection will remain open after the client terminates. Data may
+continue to be passed between the inheritors of the relevant
+descriptor on the service side and the corresponding file or
+descriptor on the client side until either side closes their
+descriptor. This should not usually be specified for stderr (or
+stdout if <code>--signals stdout</code> is used) since diagnostics from
+the service side may arrive after the client has exited and be
+confused with expected output.<P>
+
+The default is <code>wait</code> for writing file descriptors and <code>close</code>
+for reading ones.
+<dt><code>-w</code><var>fd</var><code>=</code><var>action</var><code></code><dt><code>--fdwait</code><var>fd</var><code>=</code><var>action</var><code></code><dd>Sets the action on termination of the service for the specified file
+descriptor; <var>action</var> must be <code>wait</code>, <code>nowait</code> or <code>close</code>
+as described above. The file descriptor must be specified as open
+when this option is encountered; this option is overridden by any
+later <kbd>--file</kbd> or <kbd>--fdwait</kbd> option - even by a
+<kbd>--file</kbd> which does not specify an action on termination (in this
+case the default will be used, as described above).
+<dt><code>-D</code><var>name</var><code>=</code><var>value</var><code></code><dt><code>--defvar </code><var>name</var><code>=</code><var>value</var><code></code><dd>Set a user-defined variable <var>name</var> to <var>value</var>. These
+user-defined variables are made available in the configuration
+language as the parameters <code>u-</code><var>name</var><code></code> and are passed to the
+service in environment variables <code>USERV_U_</code><var>name</var><code></code>. <var>name</var>
+may contain only alphanumerics and underscores, and must start with a
+letter. If several definitions are given for the same <var>name</var> then
+only the last is effective.
+<dt><code>-t </code><var>seconds</var><code></code><dt><code>--timeout </code><var>seconds</var><code></code><dd>Time out the service if it takes longer than <var>seconds</var> seconds (a
+positive integer, in decimal). Timeout will produce a diagnostic on
+stderr and an exit status of 255. If <var>seconds</var> is zero then no
+timeout will be implemented (this is the default).
+<dt><code>-S</code> <var>method</var><dt><code>--signals</code> <var>method</var><dd>Affects the handling of the exit status when the service terminates
+due to a signal. (The client will always finish by calling
+<kbd>_exit</kbd>, so that only numbers from 0 to 255 can be returned and
+not the full range of numbers and signal indications which can be
+returned by the <kbd>wait</kbd> family of system calls.)<P>
+
+The <var>method</var> may be one of the following:
+<dl compact>
+<dt><var>status</var><dd>The client's exit status will be <var>status</var>. This will not be
+distinguishable from the service really having exited with code
+<var>status</var>. This method is the default, with a <var>status</var> of 254.
+<dt><code>number</code><dt><code>number-nocore</code><dd>The client's exit status will be the number of the signal which caused
+the termination of the service. If <code>number</code> is used rather than
+<code>number-nocore</code> then 128 will be added if the service dumped core.
+<code>number</code> is very like the exit code mangling done by the Bourne
+shell.
+<dt><code>highbit</code><dd>The client's exit status will be the number of the signal with
+128 added. If the service exits normally with an exit code of greater
+than 127 then 127 will be returned.
+<dt><code>stdout</code><dd>The service's numeric wait status as two decimal numbers (high byte
+first) and a textual description of its meaning will be printed to the
+client's standard output. It will be preceded by a newline and
+followed by an extra newline, and the numbers are separated from each
+other and from the textual description by single spaces. The exit
+status of the client will be zero, unless a system error occurs in
+which case no exit status and description will be printed to stdout,
+and an error message will be printed to stderr as usual.</dl>
+
+<P>
+Problems such as client usage errors, the service not being found or
+permission being denied or failure of a system call are system errors.
+An error message describing the problem will be printed on the
+client's stderr, and the client's exit status will be 255. If the
+client dies due to a signal this should be treated as a serious system
+error.
+<dt><code>-H</code><dt><code>--hidecwd</code><dd>Prevents the calling process's current directory name from being
+passed to the service; the null string will be passed instead.
+<dt><code>-P</code><dt><code>--sigpipe</code><dd>If the service program is terminated due to a <kbd>SIGPIPE</kbd> the exit
+status of the client will be zero, even if it would have been
+something else according to the exit status method specified. This
+option has no effect on the code and description printed if the exit
+status method <code>stdout</code> is in use.
+<dt><code>-h</code><dt><code>--help</code><dt><code>--copyright</code><dd><code>-h</code> or <code>--help</code> prints the client's usage message;
+<code>--copyright</code> prints the copyright and lack of warranty notice.
+</dl>
+
+<hr>
+<h2><A name="s-optoverride">
+2.2 Security-overriding options
+</A></h2>
+
+There are also some options which are available for debugging and to
+allow the system administrator to override a user's policy. These
+options are available only if the client is called by root or if the
+calling user is the same as the service user.
+
+<dl>
+<dt><code>--override </code><var>configuration-data</var><code></code><dt><code>--override-file </code><var>filename</var><code></code><dd>Do not read the usual configuration files. Instead, the client sends
+<var>configuration-data</var> (followed by a newline) or the contents of
+<var>filename</var> (which is opened in the context of the client) to the
+daemon and the daemon uses that data instead. The
+<var>configuration-data</var> must all be in one argument. It will have a
+single newline appended so that a single directive can easily be
+given, but if more than one directive is required it will have to
+contain one or more real newlines.
+<p><dt><code>--spoof-user </code><var>user</var><code></code><dd>Pretend to the service that it is being called by <var>user</var> (which
+may be a username or a uid). This will also affect the group and
+supplementary groups supplied to the service; they will be the
+standard group and supplementary groups for <var>user</var>. The
+<code>--spoof-user</code> option will <em>not</em> affect which user is chosen if
+the service user is specified as just <code>-</code>; in this case the service
+user will be the real calling user.
+<p></dl>
+
+
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-envir.html">next</A>; <A href="ch-intro.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Service-side configuration</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 4<br>
+Service-side configuration
+</h1>
+
+Which services may be run by whom and under what conditions is
+controlled by configuration files.<P>
+
+The daemon will read these files in order. Certain directives in the
+files modify the daemon's execution settings for invoking the service,
+for example allowing certain file descriptors to be specified by the
+client or specifying which program to execute to provide the service.<P>
+
+The <em>last</em> instance of each such setting will take effect. The
+directives which specify which program to execute will not stop the
+configuration file from being read; they will be remembered and will
+only take effect if they are not overridden by a later directive.<P>
+
+The daemon will first read <code>/etc/userv/system.default</code>. Then, by
+default (this behaviour may be modified), it will read a per-user file
+<code>~/.userv/rc</code>, if it exists and the service user's shell is in
+<code>/etc/shells</code>. Finally it will read
+<code>/etc/userv/system.override</code>.<P>
+
+When it has read all of these files it will act according to the
+currently values of of the execution settings.
+<hr>
+<h2><A name="s4.1">
+4.1 Configuration file syntax
+</A></h2>
+
+The configuration file is a series of directives, usually one per
+line. The portion of a line following a hash character <code>#</code> is
+taken as a comment and ignored. Each directive consists of a series
+of tokens separated by linear whitespace (spaces and tabs); tokens may
+be words consisting of non-space characters, or, where a string is
+required, a string in double quotes. Double-quoted strings may
+contain the following backslash escapes:
+
+<dl compact>
+<dt><code>\n</code><dd>newline<dt><code>\t</code><dd>tab<dt><code>\r</code><dd>carriage return<dt><code>\</code><var>OOO</var><code></code><dd>character whose octal code is <var>OOO</var><dt><code>\x</code><var>XX</var><code></code><dd>character whose hex code is <var>XX</var><dt><code>\</code><var>punctuation</var><code></code><dd>literal punctuation character (eg <code>\\</code>, <code>\"</code>)<dt><code>\</code><var>newline</var><code></code> (ie, backslash at end of line)<dd>string continues on next line</dl>
+<P>
+
+Relative pathnames in directives are relative to the service program's
+current directory (usually the service user's home directory).
+Pathnames starting with the two characters <code>~/</code> are taken to be
+relative to the service user's home directory.
+<hr>
+<h2><A name="s-directives">
+4.2 Configuration file directives
+</A></h2>
+<hr>
+<h3><A name="s-dirs-immediate">
+4.2.1 Immediate directives
+</A></h3>
+
+The following directives take effect immediately:
+
+<dl>
+<dt><code>cd </code><var>pathname</var><code></code><dd>Change directory in the service program. <kbd>cd</kbd> is cumulative. It
+is an error if the directory cannot be changed to.<P>
+
+<kbd>cd</kbd> should not be used between <kbd>execute-from-directory</kbd> and
+the invocation of the service program, as the test for the
+availability of the service program would be done with the old current
+directory and the actual execution with the new (probably causing an
+error).
+<p><dt><code>eof</code><dd>Stop reading the configuration file in question, as if end of file had
+been reached. Any control constructs (<kbd>if</kbd>, <kbd>catch-quit</kbd> or
+<kbd>errors-push</kbd>) which were started in that file will be considered
+finished. Parsing will continue in the file which caused the file
+containing the <kbd>eof</kbd> to be read.
+<p><dt><code>quit</code><dd>Stop reading configuration files and act immediately on the current
+settings. The behaviour of <kbd>quit</kbd> is subject to the
+<kbd>catch-quit</kbd> control construct.
+<p><dt><code>include </code><var>filename</var><code></code><dt><code>include-ifexist </code><var>filename</var><code></code><dd>Read the configuration file <var>filename</var>, and then return to this
+file and continue parsing it with the next directive. It is an error
+if the file cannot be opened and read, unless <kbd>include-ifexist</kbd>
+is used and the file does not exist, in which case the directive is
+silently ignored.
+<p><dt><code>include-lookup </code><var>parameter</var><code> </code><var>directory</var><code></code><dt><code>include-lookup-all </code><var>parameter</var><code> </code><var>directory</var><code></code><dd>Read the configuration file in <var>directory</var> whose name is the value
+of <var>parameter</var> (see the description of <kbd>if</kbd>, <A href="#s-dirs-control">Control structure directives, subsection 4.2.3</A>). If <var>parameter</var> has several values they will
+be tried in order; with <kbd>include-lookup</kbd> this search will stop
+when one is found, but with <kbd>include-lookup-all</kbd> the search will
+continue and any files appropriate to other values will be read too.<P>
+
+If none of the parameter's values had a corresponding file then the
+file <code>:default</code> will be read, if it exists. If <var>parameter</var>'s
+list of values was empty then the file <code>:none</code> will be tried first
+and read if it exists, otherwise <code>:default</code> will be tried.<P>
+
+It is not an error for any of the files (including <code>:default</code>) not
+to exist, but it is an error if a file exists and cannot be read or if
+the directory cannot be accessed.
+<P>
+A translation will be applied to values before they are used to
+construct a filename, so that the lookup cannot access dotfiles or
+files in other directories: values starting with full stops will have
+a colon prepended (making <code>:.</code>), colons will be doubled, and each
+slash will be replaced with a colon followed by a hyphen <code>:-</code>. A
+parameter value which is the empty string will be replaced with
+<code>:empty</code> (note that this is different from a parameter not having
+any values).
+<p><dt><code>include-directory </code><var>directory</var><code></code><dd>Read configuration from all files in directory <var>directory</var> which
+are plain files whose names consist only of alphanumerics and hyphens
+and start with an alphanumeric. They will be read in lexical order.
+It is an error for the directory not to exist or for it or any of the
+files found not to be read successfully, or for anything with an
+appropriate name not to be a plain file or a symbolic link to a plain
+file.
+<p><dt><code>error </code><var>text ...</var><code></code><dd>Causes an error whose message includes the descriptive string
+<var>text</var>. <var>text</var> may consist of several tokens with intervening
+whitespace. The whitespace will be included in the message as found
+in the configuration file: all the characters until the end of the
+line will be included verbatim, unless they are part of a
+double-quoted string, in which case the usual meaning of the string
+(i.e., after backslash escape processing) will be used. Comments and
+linear whitespace at the end of the line (or just before the comment)
+will still be ignored.
+<p><dt><code>message </code><var>text ...</var><code></code><dd>Causes a message including the descriptive string <var>text</var> to be
+delivered as if it were an error message, but does not actually cause
+an error.<p></dl>
+
+<hr>
+<h3><A name="s-dirs-delayed">
+4.2.2 Directives with delayed effect
+</A></h3>
+
+The following directives have no immediate effect, but are remembered
+and have an effect on later processing of the configuration files.
+
+<dl>
+<dt><code>user-rcfile </code><var>filename</var><code></code><dd>Specifies that the file <var>filename</var> should be read instead of the
+user's <code>~/.userv/rc</code>. This does <em>not</em> happen immediately;
+instead, the setting is remembered and used after the
+<kbd>system.default</kbd> configuration file has been read. This
+directive has no effect in a user's configuration file or in the
+<kbd>system.override</kbd> file, as the user's configuration file has
+already been found and read by then and will not be re-read.
+<p><dt><code>errors-to-stderr</code><dd>Causes error messages to be delivered to the client's stderr.
+<p><dt><code>errors-to-file</code> <var>filename</var><dd>Error messages will be written to <var>filename</var>, which will be opened
+in the context of and with the privileges of the service user.
+<p><dt><code>errors-to-syslog</code> [<var>facility</var> [<var>level</var>]]<dd>Error messages will be delivered using <kbd>syslog</kbd>. The default
+<var>facility</var> is <code>user</code>; the default <var>level</var> is <code>error</code>.<p></dl>
+
+<hr>
+<h3><A name="s-dirs-control">
+4.2.3 Control structure directives
+</A></h3>
+
+The following directives are used to create control structures. If
+the end of the file is encountered before the end of any control
+structure which was started inside it then that control structure is
+considered finished. This is not an error.
+
+<dl>
+<dt><code>if </code><var>condition</var><code></code><dt><code>elif </code><var>condition</var><code></code><dt><code>else</code><dt><code>fi</code><dd>Lines following <kbd>if</kbd> are interpreted only if the condition is
+true. Many conditions are properties of parameter values. Most
+parameters have a single string as a value; however, some may yield
+zero or several strings, in which case the condition is true if it is
+true of any of the strings individually. Parameters are described
+below.<P>
+
+The conditions are:
+
+<dl compact>
+<dt><code>glob </code><var>parameter</var><code> </code><var>glob-pattern</var><code> ...</code><dd>The value of the parameter whose name is given matches one of the glob
+patterns (anchored at both ends; backslashes can be used to escape
+metacharacters).
+<dt><code>range </code><var>parameter</var><code> </code><var>min</var><code> </code><var>max</var><code></code><dd>The value of the parameter is a nonnegative integer and lies within
+the range specified. <var>min</var> or <var>max</var> may be <code>$</code> to indicate
+no lower or upper limit, respectively.
+<dt><code>grep </code><var>parameter</var><code> </code><var>filename</var><code></code><dd>The <var>filename</var> refers to a file one of whose lines is the value of
+the parameter (leading or trailing whitespace on each line and empty
+lines in the file are ignored). It is an error for the file not to be
+opened and read.
+<dt><code>! </code><var>condition</var><code></code><dd>The <var>condition</var> is <em>not</em> true.
+<dt>Conjunctions: <code>&</code> and <code>|</code><dd><pre>( <var>condition</var>
+& <var>condition</var>
+& <var>condition</var>
+...
+)</pre>
+is true if all the listed conditions are true; where <code>|</code> is used it
+is true if any of them is true. Newlines must be used to separate one
+condition from the next, as shown, and the parentheses are mandatory.
+These conjunctions do not do lazy evaluation.</dl>
+<P>
+
+The parameters are:
+
+<dl compact>
+<dt><code>service</code><dd>The service name specified when the client was called.
+<dt><code>calling-user</code><dd>Two strings: the login name of the calling user (determined as for
+<kbd>USERV_USER</kbd>, above) and the calling uid (represented in
+decimal).
+<dt><code>calling-group</code><dd>Several strings: the primary and supplementary group names and gids
+(in decimal) of the calling process. All the group names come first,
+and then the gids. If the first supplementary group is the same as
+the primary group then it is elided.
+<dt><code>calling-user-shell</code><dd>The calling user's shell, as listed in the password entry for the
+calling login name (as determined for <kbd>USERV_USER</kbd>, above).
+<dt><code>service-user</code><dd>Two strings: the name of the service user (as specified to the client)
+and their uid (represented in decimal).
+<dt><code>service-group</code><dd>Several strings: the primary and supplementary group names and gids
+(in decimal) of the service user.
+<dt><code>service-user-shell</code><dd>The service user's shell, as listed in their password entry.
+<dt><code>u-</code><var>name</var><code></code><dd>The value of the user-defined variable <var>name</var> passed by the caller
+using the <kbd>--defvar</kbd> command-line option to the client. If the
+variable was not defined then this parameter is an empty list of
+strings; in this case any condition which tests it will be false, and
+<code>include-lookup</code> on it will read the <code>:none</code> file, or
+<code>:default</code> if <code>:none</code> is not found.
+</dl>
+
+<dt><code>errors-push</code> <var>filename</var><dt><code>srorre</code><dd>Stacks the error handling behaviour currently in effect. Any changes
+to error handling will take effect only between <kbd>errors-push</kbd> and
+<kbd>srorre</kbd>.
+<dt><code>catch-quit</code><dt><code>hctac</code><dd>Any use of <kbd>quit</kbd> inside <kbd>catch-quit</kbd> will merely cause the
+parsing to continue at <kbd>hctac</kbd> instead. Any control constructs
+started since the <kbd>catch-quit</kbd> will be considered finished if a
+<kbd>quit</kbd> is found.<P>
+
+If an error occurs inside <kbd>catch-quit</kbd> the execution settings
+will be reset (as if by the <kbd>reset</kbd> directive) and parsing will
+likewise continue at <kbd>hctac</kbd>.<P>
+
+If a lexical or syntax error is detected in the same configuration
+file as the <kbd>catch-quit</kbd>, while looking for the <kbd>hctac</kbd>
+after an error or <kbd>quit</kbd>, that new error will not be caught.
+</dl>
+
+<hr>
+<h3><A name="s-dirs-execution">
+4.2.4 Directives for changing execution settings
+</A></h3>
+
+The following directives modify the execution settings; the server
+will remember the fact that the directive was encountered and act on
+it only after all the configuration has been parsed. The <em>last</em>
+directive which modifies any particuar setting will take effect.
+
+<dl>
+<dt><code>reject</code><dd>Reject the request. <kbd>execute</kbd>, <kbd>execute-from-directory</kbd> and
+<kbd>execute-from-path</kbd> will change this setting.
+<p><dt><code>execute </code><var>program</var><code> [</code><var>argument</var><code> ...]</code><dd>Execute the program <var>program</var>, with the arguments as specified,
+followed by any arguments given to the client if
+<kbd>no-suppress-args</kbd> is in effect. It is an error for the
+execution to fail when it is attempted (after all the configuration
+has been parsed). If <var>program</var> does not contain a slash it will
+be searched for on the service user's path.
+<p><dt><code>execute-from-directory </code><var>pathname</var><code> [</code><var>argument</var><code> ...]</code><dd>Take all the characters after the last slash of the service name
+specified when the client was called, and execute that program in the
+directory named by <var>pathname</var> as if it had been specified for
+<var>execute</var>. The part of the service name used may contain only
+alphanumerics and hyphens and must start with an alphanumeric (and it
+must be non-empty), otherwise it is an error.<P>
+
+This directive is ignored if the relevant program does not exist in
+the directory specified; in this case the program to execute is left
+at its previous setting (or unset, if it was not set before).<P>
+
+It is an error for the test for the existence of the program to fail
+other than with a `no such file or directory' indication. It is also
+an error for the execution to fail if and when it is attempted (after
+all the configuration has been parsed).
+<p><dt><code>execute-from-path</code><dd><var>service</var> is interpreted as a program on the default <kbd>PATH</kbd>
+(or as a pathname of an executable, if it contains a <code>/</code>). This
+directive is <em>very dangerous</em>, and is only provided to make the
+<kbd>--override</kbd> options effective. It should not normally be used.
+It is an error for the execution to fail when it is attempted (after
+all the configuration has been parsed).
+<p><dt><code>execute-builtin </code><var>service-name</var><code> </code><var>service-arguments</var><code></code><dd>Executes the builtin service <var>service-name</var>. These builtin
+services display information about the server and/or the request, and
+ignore any arguments passed from the service side except possibly to
+print them as part of their output. They write their results to their
+standard output (i.e., wherever file descriptor 1 is directed). The
+builtin services are:
+
+<dl compact>
+<dt><code>execute</code><dd>Displays the execution settings, defined variables,
+arguments, etc. with which the builtin service was invoked.
+<dt><code>environment</code><dd>Displays the environment variable settings with which the builtin
+service was invoked.
+<dt><code>parameter </code><var>parameter</var><code></code><dd>Displays the values of the service configuration language parameter
+specified.
+<dt><code>version</code><dd>Displays the version string and compilation details of the uservd
+server program.
+<dt><code>reset</code><dd>Displays the default reset configuration (evaluated when <kbd>reset</kbd>
+is found in a configuration file, or when an error is caught by
+<kbd>catch-quit</kbd>).
+<dt><code>toplevel</code><dd>Displays the top-level default configuration (the configuration data,
+evaluated by the server, which calls all the other configuration
+files).
+<dt><code>override</code><dd>Displays the top-level override configuration (the configuration data,
+evaluated by the server, which causes all the other configuration data
+to be parsed).
+<dt><code>help</code><dd>Displays a list of the understood builtin service names and arguments.</dl>
+
+
+In the future other builtin services may be defined which do more than
+just print information.
+<dt><code>set-environment</code><dt><code>no-set-environment</code><dd>Runs <code>/etc/environment</code> to set the service user's environment.
+This adds the overhead of invoking a shell, but doesn't cause any
+shell (de)mangling of the service's arguments. This is achieved by
+invoking
+<pre>.../program arg arg arg ...</pre>
+as
+<pre>/bin/sh -c '. /etc/environment; exec "$@"' - .../program arg arg arg ...</pre>
+<kbd>no-set-environment</kbd> cancels the effect of
+<kbd>set-environment</kbd>.
+<dt><code>no-suppress-args</code><dt><code>suppress-args</code><dd>Include any arguments given to the client as arguments to the program
+invoked as a result of an <kbd>execute</kbd>,
+<kbd>execute-from-directory</kbd> or <kbd>execute-from-path</kbd> directive.
+<kbd>suppress-args</kbd> undoes the effect of <kbd>no-suppress-args</kbd>.
+<dt><code>require-fd </code><var>fd-range</var><code> read|write</code><dd>Insist that the filedescriptor(s) be opened for reading resp. writing.
+It is an error if any descriptor marked as required when the service
+is about to be invoked (after the configuration has been parsed) was
+not specified when the client was invoked. Each file descriptor has a
+separate setting, and the last one of <kbd>require-fd</kbd>,
+<kbd>allow-fd</kbd>, <kbd>ignore-fd</kbd>, <kbd>null-fd</kbd> or <kbd>reject-fd</kbd>
+which affected a particular file descriptor will take effect.<P>
+
+<var>fd-range</var> may be a single number, two numbers separated by a
+hyphen, or one number followed by a hyphen (indicating all descriptors
+from that number onwards). It may also be one of the words
+<code>stdin</code>, <code>stdout</code> or <code>stderr</code>. Open-ended file descriptor
+rangers are allowed only with <kbd>reject-fd</kbd> and <kbd>ignore-fd</kbd>,
+as otherwise the service program would find itself with a very large
+number of file descriptors open.<P>
+
+When the configuration has been parsed, and before the service is
+about to be executed, stderr (fd 2) must be required or allowed
+(<kbd>require-fd</kbd> or <kbd>allow-fd</kbd>) for writing; this is so that
+the error message printed by the server's child process if it cannot
+<kbd>exec</kbd> the service program is not lost.
+<dt><code>allow-fd </code><var>fd-range</var><code> [read|write]</code><dd>Allow the descriptor(s) to be opened for reading resp. writing, or
+either if neither <code>read</code> nor <code>write</code> is specified. If a
+particular descriptor not specified by the client then it will be open
+onto <code>/dev/null</code> (for reading, writing, or both, depending on
+whether <code>read</code>, <code>write</code> or neither was specified).
+<dt><code>null-fd </code><var>fd-range</var><code> [read|write]</code><dd>Specify that the descriptor(s) be opened onto <kbd>/dev/null</kbd> for
+reading resp. writing, or both if neither <code>read</code> nor <code>write</code>
+is specified. Any specification of these file descriptors by the
+client will be silently ignored; the client will see its ends of the
+descriptors being closed immediately.
+<dt><code>reject-fd </code><var>fd-range</var><code></code><dd>Do not allow the descriptor(s) to be specified by the client. It is
+an error if any descriptor(s) marked for rejection are specified when
+the service is about to be invoked (after the configuration has been
+parsed).
+<dt><code>ignore-fd </code><var>fd-range</var><code></code><dd>Silently ignore any specification by the client of those
+descriptor(s). The pipes corresponding to these descriptors will be
+closed just before the service is invoked.
+<dt><code>disconnect-hup</code><dt><code>no-disconnect-hup</code><dd>Causes the service's process group to get a <kbd>SIGHUP</kbd> if the
+client disconnects before the main service process terminates.
+<kbd>no-disconnect-hup</kbd> cancels <kbd>disconnect-hup</kbd>.<P>
+
+If one of the reading descriptors specified when the client is called
+gets a read error, or if the service is disconnected for some other
+reason, then the <kbd>SIGHUP</kbd> will be delivered <em>before</em> the
+writing end(s) of the service's reading pipe(s) are closed, so that
+the client can distinguish disconnection from reading EOF on a pipe.
+<dt><code>reset</code><dd>Resets the execution settings to the default. This is equivalent to:
+<pre>cd ~/
+reject
+no-set-environment
+suppress-args
+allow-fd 0 read
+allow-fd 1-2 write
+reject-fd 3-
+disconnect-hup</pre>
+</dl>
+
+
+If no <kbd>execute</kbd>, <kbd>execute-from-path</kbd>,
+<kbd>execute-from-directory</kbd> or <kbd>builtin</kbd> is interpreted before
+all the files are read then the request is rejected.
+
+<hr>
+<h2><A name="s-configerrors">
+4.3 Errors in the configuration file
+</A></h2>
+
+If a syntax error or other problem occurs when processing a
+configuration file then a diagnostic will be issued, to wherever the
+error messages are currently being sent (see the <kbd>errors-</kbd> family
+of directives, above).<P>
+
+The error will cause processing of the configuration files to cease at
+that point, unless the error was inside a <kbd>catch-quit</kbd> construct.
+In this case the settings controlling the program's execution will be
+reset to the defaults as if a <kbd>reset</kbd> directive had been issued,
+and parsing continues after <kbd>hctac</kbd>.
+
+<hr>
+<h2><A name="s-defaults">
+4.4 Defaults
+</A></h2>
+
+The default configuration processing is as if the daemon were parsing
+an overall configuration file whose contents were as follows:
+
+<pre>reset
+user-rcfile ~/.userv/rc
+errors-to-stderr
+include /etc/userv/system.default
+if grep service-user-shell /etc/shells
+ errors-push
+ catch-quit
+ include-ifexist <var>file specified by most recent user-rcfile directive</var>
+ hctac
+ srorre
+fi
+include /etc/userv/system.override
+quit</pre><P>
+
+If one of the <kbd>--override</kbd> options to the client is used then it
+will instead be as if the daemon were parsing an overall configuration
+as follows:
+
+<pre>reset
+errors-to-stderr
+include <var>file containing configuration data sent by client</var>
+quit</pre>
+
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-ipass.html">next</A>; <A href="ch-envir.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Execution environment of the service program</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 3<br>
+Execution environment of the service program
+</h1>
+
+The daemon which is handling the service user side of things will read
+configuration files to decide what to do. If it decides to allow the
+service to be provided it will fork a subprocess to execute the
+service.<P>
+
+The service will have no controlling terminal, but it will be a
+process group leader.<P>
+
+If the client is killed or times out or a file or descriptor being
+read or written by the client process gets an error then the service
+will be disconnected from the client. The client will return an exit
+status of 255 and some the service's pipes may be closed at the other
+end. The service will become a child of <kbd>init</kbd>. The service may
+well not notice the disconnection, though writing to a pipe after this
+may produce a <kbd>SIGPIPE</kbd> and the facility exists to have a
+<kbd>SIGHUP</kbd> sent to the service on disconnection.
+<hr>
+<h2><A name="s3.1">
+3.1 File descriptors
+</A></h2>
+
+The service program's standard filedescriptors, and possibly other
+file descriptors, will be connected to pipes or to
+<kbd>/dev/null</kbd>. The <kbd>userv</kbd> client/daemon pair will arrange
+that data is copied between the files or file descriptors specified to
+to the client by the caller and these these pipes.<P>
+
+Pipes which may be written to will be closed if a write error occurs
+on the corresponding client-side file or descriptor, which may result
+in a <kbd>SIGPIPE</kbd> in the service program; pipes open for reading
+will get <kbd>EOF</kbd> if the client-side file descriptor gets <kbd>EOF</kbd>
+or an error.<P>
+
+If the service closes one of its reading file descriptors the writing
+end of the corresponding pipe will generate a <kbd>SIGPIPE</kbd> when
+attempts are made by the client/daemon pair to write to it. This will
+not be considered an error; rather, the relevant pipe will be
+discarded and the corresponding file or file descriptor held by the
+client will be closed.<P>
+
+Likewise, if one of the file descriptors held by the client for
+writing by the service is a pipe whose other end is closed by the
+caller then the client/daemon pair will see an error when trying to
+copy data provided by the service. This too will not be considered an
+error; rather, the pipe correspondong to that descriptor will be
+closed and any further writes will cause the service to get a
+<kbd>SIGPIPE</kbd>.<P>
+
+Note that not all write errors or broken pipes on file descriptors may
+be visible to the service, since buffered data may be discarded by the
+operating system and there will be a finite interval between the error
+happening and the service being disconnected from the client or the
+next write causing a <kbd>SIGPIPE</kbd>.<P>
+
+Read errors on file descriptors (and disconnection) will only be
+visible to the service and distinguishable from normal end of file if
+<kbd>disconnect-hup</kbd> is in effect.<P>
+
+Read and write errors (other than broken pipes, as described above)
+will always be visible to the caller; they are system errors, and will
+therefore cause the client to print an error message to stderr and
+return with an exit status of 255.<P>
+
+If the main service program process exits while it still has running
+children any file descriptors held by those children can remain open,
+depending on the use of <code>wait</code>, <code>nowait</code> or <code>close</code> for the
+relevant file descriptor in the client's arguments. By default
+writing filedescriptors remain open and the client will wait for them
+to be closed at the service end, and reading file descriptors are
+closed immediately. These leftover child processes will not get a any
+<kbd>SIGHUP</kbd> even if a read or write error occurs or the client
+disconnects before then.
+<hr>
+<h2><A name="s3.2">
+3.2 Environment
+</A></h2>
+
+The service will have some information in environment variables:
+<dl compact>
+<dt><code>USERV_USER</code><dd>The login name of the calling user. If the <kbd>LOGNAME</kbd> variable is
+set (or, if that is unset, if the <kbd>USER</kbd> variable is set) in the
+environment passed to the client by the caller then the password entry
+for that login name will be looked up; if that password entry's uid is
+the same as that of the calling process then that login name will be
+used, otherwise (or if neither <kbd>LOGNAME</kbd> nor <kbd>USER</kbd> is set)
+the calling process's uid will be looked up to determine their login
+name (and if this lookup fails then the service will not be invoked).
+<dt><code>USERV_UID</code><dd>The uid of the calling process.
+<dt><code>USERV_GID</code><dd>The gid and supplementary group list of the calling process: first the
+group in gid and then those in the supplementary group list, in
+decimal, separated by spaces.
+<dt><code>USERV_GROUP</code><dd>The group names of the calling process, listed in the same way as the
+ids are in <kbd>USERV_GID</kbd>. If no name can be found for any of the
+calling process's group(s) then the service will not be invoked.
+<dt><code>USERV_CWD</code><dd>The client's current working directory name (this directory may not be
+accessible to the service). If it could not be determined or the
+<kbd>--hidecwd</kbd> flag was used then this variable will be set to an
+empty string (this is not considered an error).
+<dt><code>USERV_SERVICE</code><dd>The service name requested by the caller.
+<dt><code>USERV_U_</code><var>name</var><code></code><dd>The value supplied to the client by the caller using -D<var>name</var>.
+</dl>
+
+
+<kbd>HOME</kbd>, <kbd>PATH</kbd>, <kbd>SHELL</kbd>, <kbd>LOGNAME</kbd> and <kbd>USER</kbd>
+will be set appropriately (according to the details of the service
+user).
+
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-config.html">next</A>; <A href="ch-client.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Introduction</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 1<br>
+Introduction
+</h1>
+There is a daemon which invokes user service programs (henceforth
+`services') in response to requests by callers of a companion client
+program (henceforth the `client') and according to rules set forth in
+system-wide and user-specific configuration files. The companion
+client program is setuid root, and negotiates with the daemon through
+an <kbd>AF_UNIX</kbd> socket and associated objects in a system-wide
+private directory set aside for the purpose. The user who wishes the
+service to be performed and calls the client is called the `calling
+user'; the process which calls the client is called the `calling
+process'.
+<P>
+The daemon and the client are responsible for ensuring that
+information is safely carried across the security boundary between the
+two users, and that the processes on either side cannot interact with
+each other in any unexpected ways.
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-client.html">next</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Information passed through the client/daemon combination</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 5<br>
+Information passed through the client/daemon combination
+</h1>
+
+The information described below is the only information which passes
+between the caller and the service.
+
+<ul>
+<li>The service name supplied by the caller is available in the
+configuration language for deciding whether and which service program
+to invoke, in the <kbd>service</kbd> parameter, and is used by the
+<kbd>execute-from-directory</kbd> and <kbd>execute-from-path</kbd>
+configuration directives. It is usually used to select which service
+program to invoke. It is also passed to the service program in the
+<kbd>USERV_SERVICE</kbd> environment variable.
+<p><li>File descriptors specified by the client and allowed according to the
+configuration language will be connected. Each file descriptor is
+opened for reading or writing. Communication is via pipes, one end of
+each pipe being open on the appropriate file descriptor in the service
+program (when it is invoked) and the other end being held by the
+client process, which will read and write files it opens on behalf of
+its caller or file descriptors it is passed by its caller.<P>
+
+Data may be passed into the service through reading pipes and out of
+it through writing pipes. These pipes can remain open only until the
+service and client have terminated, or can be made to stay open after
+the client has terminated and (if the service program forks) the main
+service process has exited; the behaviour is controlled by options
+passed to the client by its caller.<P>
+
+The caller can arrange that a writing pipe be connected to a pipe or
+similar object and cause attempts to write to that descriptor by the
+service to generate a <kbd>SIGPIPE</kbd> (or <kbd>EPIPE</kbd> if
+<kbd>SIGPIPE</kbd> is caught or ignored) in the service.<P>
+
+Likewise, the service can close filedescriptors specified for reading,
+which will cause the corresponding filedescriptors passed by the
+caller to be closed, so that if these are pipes processes which write
+to them will receive <kbd>SIGPIPE</kbd> or <kbd>EPIPE</kbd>.
+<p><li>If <kbd>no-suppress-args</kbd> is set then arguments passed to the client
+by its caller will be passed on, verbatim, to the service.
+<p><li>Fatal signals and system call failures experienced by the client will
+result in the disconnection of the service from the client and
+possibly some of the communication file descriptors described above;
+if <kbd>disconnect-hup</kbd> is set then the service will also be sent a
+<kbd>SIGHUP</kbd>.
+<p><li>The value of the <kbd>LOGNAME</kbd> (or <kbd>USER</kbd>) environment variable
+as passed to the client will be used as the login name of the calling
+user if the uid of the calling process matches the uid corresponding
+to that login name. Otherwise the calling uid's password entry will
+be used to determine the calling user's login name.<P>
+
+This login name and the calling uid are available in the configuration
+language in the <kbd>calling-user</kbd> parameter and are passed to the
+service program in environment variables <kbd>USERV_USER</kbd> and
+<kbd>USERV_UID</kbd>.<P>
+
+The shell corresponding to that login name (according to the password
+entry) is available as in the configuration language's
+<kbd>calling-user-shell</kbd> parameter.<P>
+
+If no relevant password entry can be found then no service will be
+invoked.
+<p><li>The numeric values and textual names for calling gid and supplementary
+group list are available in the configuration language in the
+<kbd>calling-group</kbd> parameter and are passed to the service in
+environment variables.<P>
+
+If no name can be found for a numeric group to which the calling
+process belongs then no service will be invoked.
+<p><li>The name of the current working directory in which the client was
+invoked is passed, if available and not hidden using <kbd>--hidecwd</kbd>,
+to the service program in the <kbd>USERV_CWD</kbd> variable. This grants no
+special access to that directory unless it is a subdirectory of a
+directory which is executable (searchable) but not readable by the
+service user.
+<p><li>Settings specified by the caller using the <code>--defvar
+</code><var>name</var><code>=</code><var>value</var><code></code> option to the client are available in the
+configuration language as the corresponding <code>u-</code><var>name</var><code></code>
+parameters and are passed to the service program in environment
+variables <code>USERV_U_</code><var>name</var><code></code>.
+<p><li>If the calling user is root or the same as the service user then
+options may be given to the client which bypass the usual security
+features; in this case other information may pass between the caller
+and the service.
+<p></ul>
+
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-notes.html">next</A>; <A href="ch-config.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - Applications and notes on use</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>
+User service daemon and client specification - chapter 6<br>
+Applications and notes on use
+</h1>
+<hr>
+<h2><A name="s-standards">
+6.1 Standard services and directory management
+</A></h2>
+
+In later versions of this specification standard service names and
+interfaces for common services such as mail delivery and WWW CGI
+scripts will be specified.<P>
+
+<kbd>userv</kbd>-using applications and system services which hide
+<kbd>userv</kbd> behind wrapper scripts may need to store information in
+the user's filespace to preserve the correct placement of the security
+perimiters. Such applications should usually do so in a directory
+(created by them) <code>~/.userv/.servdata/</code><var>service</var><code></code>, where
+<var>service</var> is the service name or application in question.<P>
+
+The use of a dot-directory inside <code>~/.userv</code> will hopefully avoid
+the user becoming confused by finding parts of a semi-privileged
+application's internal state in their filespace, and or discourage
+them from fiddling with and thus corrupting it. (Note that such
+applications should of course not rely for their global integrity on
+the integrity of the data on the user's side of the security
+boundary.)
+<hr>
+<h2><A name="s-reducepriv">
+6.2 Reducing the number of absolutely privileged subsystems
+</A></h2>
+
+Currently most Unix systems have many components which need to run as
+root, even though most of their activity does not strictly require
+it. This gives rise to a large and complex body of code which must be
+trusted with the security of the system.<P>
+
+Using <kbd>userv</kbd> many of these subsystems no longer need any unusual
+privilege.<P>
+
+<kbd>cron</kbd> and <kbd>at</kbd>, <kbd>lpr</kbd> and the system's mail transfer
+agent (<kbd>sendmail</kbd>, <kbd>smail</kbd>, <kbd>exim</kbd> or the like) all
+fall into this category.
+<hr>
+<h2><A name="s-noexcess">
+6.3 Do not give away excessive privilege to <kbd>userv</kbd>-using facilities
+</A></h2>
+
+There is a danger that people reimplementing the facilities I mention
+above using <kbd>userv</kbd> will discard much of the security benefit by
+using a naive implementation technique. This will become clearer with
+an example:<P>
+
+Consider the <kbd>lpr</kbd> program. In current systems this needs to
+have an absolutely privileged component in order to support delayed
+printing without copying: when the user queues a file to be printed
+the filename is stored in the print queue, rather than a copy of it,
+and the printer daemon accesses the file directly when it is ready to
+print the job. In order that the user can print files which are not
+world-readable the daemon is given root privilege so that it can open
+the file in the context of the user, rather than its own.<P>
+
+A simple-minded approach to converting this scheme to use <kbd>userv</kbd>
+might involve giving the printer daemon (the <kbd>lp</kbd> user) the
+ability to read the file by allowing them to run <kbd>cat</kbd> (or a
+special-purpose file-reading program) as any user. The <kbd>lpr</kbd>
+program would use a <kbd>userv</kbd> service to store the filename in the
+printer daemon's queues, and the daemon would read the file later when
+it felt like it.<P>
+
+However, this would allow the printer daemon to read any file on the
+system, whether or not someone had asked for it to be printed. Since
+many files will contain passwords and other security-critical
+information this is nearly as bad as giving the daemon root access in
+the first place. Any security holes in the print server which allow a
+user to execute commands as the <kbd>lp</kbd> user will give the user the
+ability to read any file on the system.<P>
+
+Instead, it is necessary to keep a record of which files the daemon
+has been asked to print <em>outside</em> the control of the print daemon.
+This record could be kept by a new root-privileged component, but this
+is not necessary: the record of which files a user has asked to be
+printed can be kept under the control of the user in question. The
+submission program <kbd>lpr</kbd> will make a record in an area under the
+user's control before communicating with the print server, and the
+print server would be given the ability to run a special file-reading
+program which would only allow files to be read which were listed in
+the user's file of things they'd asked to print.<P>
+
+Now security holes in most of the printing system do not critically
+affect the security of the entire system: they only allow the attacker
+to read and interfere with print jobs. Bugs in the programs run by the
+print server to read users' files (and to remove entries from the list
+of files when it has done with them) will still be serious, but this
+program can be quite simple.<P>
+
+Similar considerations apply to many <kbd>userv</kbd>-based versions of
+facilities which currently run as root.<P>
+
+It is debatable whether the user-controlled state should be kept in
+the user's filespace (in dotfiles, say) or kept in a separate area set
+aside for the purpose; however, using the user's home directory (and
+probably creating a separate subdirectory of it as a dotfile to
+contain many subsystems' state) has fewer implications for the rest of
+the system and makes it entirely clear where the security boundaries
+lie.
+<hr>
+<h2><A name="s-notreally">
+6.4 <kbd>userv</kbd> is not a replacement for <kbd>really</kbd> and <kbd>sudo</kbd>
+</A></h2>
+
+<kbd>userv</kbd> is not intended as a general-purpose system
+administration tool with which system administrators can execute
+privileged programs when they need to. It is unsuitable for this
+purpose precisely because it enforces a strong separation between the
+calling and the called program, which is undesirable in this context.<P>
+
+Its facilities for restricting activities to running certain programs
+may at first glance seem to provide similar functionality to
+<kbd>sudo</kbd><A href="footnotes.html#2" name="fr2">[2]</A>. However, the
+separation mentioned above is a problem here too, particular for
+interaction - it can be hard for a <kbd>userv</kbd> service program to
+interact with its real caller or the user in question.
+<hr>
+<h2><A name="s-nogeneral">
+6.5 Don't give access to general-purpose utilities
+</A></h2>
+
+Do not specify general purpose programs like <kbd>mv</kbd> or <kbd>cat</kbd>
+in <kbd>execute-</kbd> directives without careful thought about their
+arguments, and certainly not if <kbd>no-suppress-args</kbd> is specified.
+If you do so it will give the caller much more privilige than you
+probably intend.<P>
+
+It is a shame that I have to say this here, but inexperienced
+administrators have made similar mistakes with programs like
+<kbd>sudo</kbd>.
+<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>; <A href="ch-ipass.html">back</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification - footnotes</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>User service daemon and client specification - footnotes</h1>
+<h2><A href="ch-client.html#fr1" name="1">1</A></h2>
+<P>
+<kbd>userv</kbd> is
+short for `user services', and is pronounced `you-serve'.<h2><A href="ch-notes.html#fr2" name="2">2</A></h2>
+<P>
+<kbd>sudo</kbd> is a program which allows users to
+execute certain programs as root, according to configuration files
+specified by the system administrator.<hr>
+User service daemon and client specification
+- <A href="index.html#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="index.html#toc">Contents</A>; <A href="index.html#abstract">abstract</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+<html><head>
+<title>User service daemon and client specification</title>
+<link rev=made href="mailto:ian@davenant.greenend.org.uk">
+</head><body>
+<h1>User service daemon and client specification</h1>
+
+<h2><A name="abstract">
+0.1 Abstract
+</A></h2>
+
+This is a specification for a Unix system facility to allow one
+program to invoke another when only limited trust exists
+between them.
+
+<hr>
+<h2><A name="toc">
+0.2 Table of contents
+</A></h2>
+<ul>
+<li><A href="ch-intro.html">1 Introduction</A>
+<li><A href="ch-client.html">2 Client program usage
+</A>
+<ul>
+<li><A href="ch-client.html#s2.1">2.1</A> Options
+<li><A href="ch-client.html#s-optoverride">2.2</A> Security-overriding options
+</ul>
+<li><A href="ch-envir.html">3 Execution environment of the service program</A>
+<ul>
+<li><A href="ch-envir.html#s3.1">3.1</A> File descriptors
+<li><A href="ch-envir.html#s3.2">3.2</A> Environment
+</ul>
+<li><A href="ch-config.html">4 Service-side configuration</A>
+<ul>
+<li><A href="ch-config.html#s4.1">4.1</A> Configuration file syntax
+<li><A href="ch-config.html#s-directives">4.2</A> Configuration file directives
+<li><A href="ch-config.html#s-configerrors">4.3</A> Errors in the configuration file
+<li><A href="ch-config.html#s-defaults">4.4</A> Defaults
+</ul>
+<li><A href="ch-ipass.html">5 Information passed through the client/daemon combination</A>
+<li><A href="ch-notes.html">6 Applications and notes on use</A>
+<ul>
+<li><A href="ch-notes.html#s-standards">6.1</A> Standard services and directory management
+<li><A href="ch-notes.html#s-reducepriv">6.2</A> Reducing the number of absolutely privileged subsystems
+<li><A href="ch-notes.html#s-noexcess">6.3</A> Do not give away excessive privilege to <kbd>userv</kbd>-using facilities
+<li><A href="ch-notes.html#s-notreally">6.4</A> <kbd>userv</kbd> is not a replacement for <kbd>really</kbd> and <kbd>sudo</kbd>
+<li><A href="ch-notes.html#s-nogeneral">6.5</A> Don't give access to general-purpose utilities
+</ul>
+</ul>
+<hr><h2><A name="copyright">0.3 Copyright</A></h2>
+<kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.<P>
+
+<kbd>userv</kbd> is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.<P>
+
+This program is distributed in the hope that it will be useful, but
+<em>without any warranty</em>; without even the implied warranty of
+<em>merchantability</em> or <em>fitness for a particular purpose</em>. See
+the GNU General Public License for more details.<P>
+
+You should have received a copy of the GNU General Public License
+along with <kbd>userv</kbd>; if not, write to the Free Software
+Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+<hr>
+User service daemon and client specification
+- <A href="#copyright"><kbd>userv</kbd> is Copyright 1996-1999 Ian Jackson.</A>
+<br>
+<A href="#toc">Contents</A>; <A href="#abstract">abstract</A>.
+<br>
+<address>0.61.1<br>
+Ian Jackson <A href="mailto:ian@davenant.greenend.org.uk">ian@davenant.greenend.org.uk</A></address>
+</body></html>
--- /dev/null
+%!PS-Adobe-3.0
+%%Creator: Basser Lout Version 3.10 (November 1996)
+%%CreationDate: Sun Apr 18 19:09:46 1999
+%%DocumentData: Binary
+%%DocumentNeededResources: (atend)
+%%DocumentMedia: Plain 595 842 0 white ()
+%%DocumentSuppliedResources: (atend)
+%%Pages: (atend)
+%%BoundingBox: 0 0 595 842
+%%EndComments
+
+%%BeginProlog
+%%BeginResource: procset LoutStartUp
+/m { 3 1 roll moveto show } bind def
+/s { exch currentpoint exch pop moveto show } bind def
+/k { exch neg 0 rmoveto show } bind def
+/ul { gsave setlinewidth dup 3 1 roll
+ moveto lineto stroke grestore } bind def
+/in { 1440 mul } def
+/cm { 567 mul } def
+/pt { 20 mul } def
+/em { 120 mul } def
+/sp { louts mul } def
+/vs { loutv mul } def
+/ft { loutf mul } def
+/dg { } def
+
+/LoutGraphic {
+ /louts exch def
+ /loutv exch def
+ /loutf exch def
+ /ymark exch def
+ /xmark exch def
+ /ysize exch def
+ /xsize exch def
+} def
+
+/LoutGr2 { gsave translate LoutGraphic gsave } def
+
+/LoutFont
+{ findfont exch scalefont setfont
+} bind def
+
+/LoutRecode {
+ { findfont dup length dict begin
+ {1 index /FID ne {def} {pop pop} ifelse} forall
+ /Encoding exch def
+ currentdict end definefont pop
+ }
+ stopped pop
+} bind def
+
+/BeginEPSF {
+ /LoutEPSFState save def
+ /dict_count countdictstack def
+ /op_count count 1 sub def
+ userdict begin
+ /showpage { } def
+ 0 setgray 0 setlinecap
+ 1 setlinewidth 0 setlinejoin
+ 10 setmiterlimit [] 0 setdash newpath
+ /languagelevel where
+ { pop languagelevel
+ 1 ne
+ { false setstrokeadjust false setoverprint
+ } if
+ } if
+} bind def
+
+/EndEPSF {
+ count op_count sub { pop } repeat
+ countdictstack dict_count sub { end } repeat
+ LoutEPSFState restore
+} bind def
+%%EndResource
+
+%%BeginResource encoding vec2
+/vec2 [
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright
+/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash
+/zero /one /two /three /four /five /six /seven
+/eight /nine /colon /semicolon /less /equal /greater /question
+/at /A /B /C /D /E /F /G
+/H /I /J /K /L /M /N /O
+/P /Q /R /S /T /U /V /W
+/X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore
+/quoteleft /a /b /c /d /e /f /g
+/h /i /j /k /l /m /n /o
+/p /q /r /s /t /u /v /w
+/x /y /z /braceleft /bar /braceright /asciitilde /.notdef
+/quotesinglbase /quotedblbase /ellipsis /OE /oe /quotedblleft /quotedblright /fi
+/fl /endash /emdash /bullet /dagger /daggerdbl /florin /fraction
+/dotlessi /grave /acute /circumflex /tilde /macron /breve /dotaccent
+/dieresis /.notdef /ring /cedilla /.notdef /hungarumlaut /ogonek /caron
+/space /exclamdown /cent /sterling /currency /yen /brokenbar /section
+/dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron
+/degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered
+/cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown
+/Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla
+/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis
+/Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply
+/Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls
+/agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla
+/egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis
+/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide
+/oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis
+] def
+%%EndResource
+
+%%BeginResource: procset LoutMarginNotes
+% @PrependGraphic file /usr/lib/lout/include/dl.lpg
+
+% path for @FullWidthRule symbol
+/LoutRule
+{ 0 0 moveto xsize 0 lineto
+} def
+
+% path for @Box symbol
+/LoutBox
+{ 0 0 moveto xsize 0 lineto
+ xsize ysize lineto 0 ysize lineto
+ closepath
+} def
+
+% path for @CurveBox symbol
+/LoutCurveBox
+{ xmark 0 moveto
+ xsize xmark sub xmark xmark 270 360 arc
+ xsize xmark sub ysize xmark sub xmark 0 90 arc
+ xmark ysize xmark sub xmark 90 180 arc
+ xmark xmark xmark 180 270 arc
+ closepath
+} def
+
+% path for @ShadowBox symbol
+/LoutShadowBox
+{ xmark 2 mul 0 moveto xsize 0 lineto
+ xsize ysize xmark 2 mul sub lineto
+ xsize xmark sub ysize xmark 2 mul sub lineto
+ xsize xmark sub xmark lineto
+ xmark 2 mul xmark lineto
+ closepath
+} def
+
+% set up dictionary containing margin note data: parity LoutMargSet -
+/LoutMargSet
+{ /LoutMargDict 12 dict def
+ LoutMargDict begin
+ /parity exch def
+ /matr matrix currentmatrix def
+ /rightx xsize def
+ /lefty ysize def % highest allowable point for top of next left note
+ /righty ysize def % highest allowable point for top of next right note
+ /max { 2 copy gt { pop } { exch pop } ifelse } def
+ /min { 2 copy lt { pop } { exch pop } ifelse } def
+ end
+} def
+
+%translate coordinate system for marginal notes: type LoutMargShift -
+% where type 0 is left margin, 1 is right margin, 2 is outer, 3 is inner
+/LoutMargShift
+{ LoutMargDict begin
+
+ % y coordinate of top of note, in margin coords, before vertical adjust
+ 0 ysize transform matr itransform exch pop
+
+ % decide whether left or right margin based on type and parity
+ exch [ 0 1 parity 1 parity sub ] exch get 0 eq
+ {
+ % left margin: adjust top of note downwards if overlaps previous note
+ lefty min
+
+ % bottom of note is new lefty position and also translate position
+ ysize sub dup /lefty exch def
+
+ % want right edge of note at coordinate zero
+ xsize neg exch
+ }
+ {
+ % right margin: adjust top of note downwards if overlaps previous note
+ righty min
+
+ % bottom of note is new righty position and also translate position
+ ysize sub dup /righty exch def
+
+ % want left edge of note at coordinate rightx
+ rightx exch
+ } ifelse
+
+ % stack now contains coord of bottom left corner in margin coordinates
+ matr setmatrix translate
+ end
+} def
+
+% create LoutPageDict with left, right, foot, top for @Place symbol users
+/LoutPageSet
+{
+ /LoutPageDict 5 dict def
+ LoutPageDict begin
+ /matr matrix currentmatrix def
+ /left 0 def
+ /right xsize def
+ /foot 0 def
+ /top ysize def
+ end
+
+} def
+
+%%EndResource
+
+%%EndProlog
+
+%%BeginSetup
+%%IncludeResource: font Times-Roman
+/Times-Romanfnt82 vec2 /Times-Roman LoutRecode
+/fnt82 { /Times-Romanfnt82 LoutFont } def
+%%IncludeResource: font Times-Bold
+/Times-Boldfnt84 vec2 /Times-Bold LoutRecode
+/fnt84 { /Times-Boldfnt84 LoutFont } def
+%%IncludeResource: font Courier-Bold
+/Courier-Boldfnt31 vec2 /Courier-Bold LoutRecode
+/fnt31 { /Courier-Boldfnt31 LoutFont } def
+%%IncludeResource: font Times-Italic
+/Times-Italicfnt83 vec2 /Times-Italic LoutRecode
+/fnt83 { /Times-Italicfnt83 LoutFont } def
+%%EndSetup
+
+%%Page: 1 1
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8959 13842(1)m 340 fnt84 1359 12943(User)m 2118(ser)s 3(vice)k
+3190(daemon)s 4421(and)s 5047(client)s 5922(speci\207cation)s 200 fnt82
+2792 12427(Ian)m 3093(Jackson)s gsave
+3770 12472 translate
+0.6953 1.0000 scale
+200 fnt31 1031 -43(<ian@davenant.greenend.org.uk>)m
+grestore
+240 fnt82
+4245 11924(0.61.1)m 9066 609 0 609 240 240 60 0 10664 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 5(0.1.)m 628(Abstract)s
+grestore
+0 10202(This)m
+476(is)s 686(a)s 852(speci\207cation)s 2117(for)s 2455(a)s
+2621(Unix)s 3155(system)s 3879(f)s 2(acility)k 4606(to)s
+4845(allo)s 6(w)k 5424(one)s 5826(program)s 6696(to)s
+6935(in)s 9(v)k 4(ok)k 2(e)k 7628(another)s
+8405(when)s 0 9962(only)m 480(limited)s 1214(trust)s 1698(e)s 3(xists)k
+2290(between)s 3144(them.)s 9066 610 0 610 240 240 60 0 8998 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 6(0.2.)m 628(Contents)s
+
+grestore
+240 fnt84 0 8586(1.)m 1200(Intr)s 4(oduction)k 8953(3)s
+0 8229(2.)m 1200(Client)s 1883(pr)s 4(ogram)k 2839(usage)s
+8952(4)s 240 fnt82 0 7990(2.1.)m 1200(Options)s 8952(4)s
+0 7753(2.2.)m 1200(Security-o)s 3(v)k 3(erriding)k 3118(options)s
+8958(7)s 240 fnt84 0 7408(3.)m 1200(Execution)s 2279(en)s 9(vir)k 4(onment)k
+3627(of)s 3899(the)s 4273(ser)s 2(vice)k 5030(pr)s 4(ogram)k
+8952(8)s 240 fnt82 0 7169(3.1.)m 1200(File)s 1627(descriptors)s
+8959(8)s 0 6932(3.2.)m 1200(En)s 9(vironment)k 8955(9)s
+240 fnt84 0 6587(4.)m 1200(Ser)s 2(vice-side)k 2474(con\207guration)s
+8831(10)s 240 fnt82 0 6348(4.1.)m 1200(Con\207guration)s 2587(\207le)s
+2948(syntax)s 8831(10)s 0 6111(4.2.)m 1200(Con\207guration)s 2587(\207le)s
+2948(directi)s 6(v)k 3(es)k 8831(10)s 0 5873(4.3.)m
+1200(Errors)s 1847(in)s 2090(the)s 2438(con\207guration)s 3771(\207le)s
+8833(16)s 0 5636(4.4.)m 1200(Def)s 2(aults)k 8838(17)s
+240 fnt84 0 5291(5.)m 1200(Inf)s 6(ormation)k 2498(passed)s
+3231(thr)s 4(ough)k 4106(the)s 4480(client/daemon)s 5969(combination)s
+8832(18)s 0 4934(6.)m 1200(A)s 6(pplications)k 2536(and)s
+2977(notes)s 3562(on)s 3871(use)s 8831(20)s 240 fnt82
+0 4695(6.1.)m 1200(Standard)s 2108(services)s 2928(and)s 3332(directory)s
+4248(management)s 8831(20)s 0 4457(6.2.)m 1200(Reducing)s 2171(the)s
+2519(number)s 3310(of)s 3581(absolutely)s 4618(pri)s 6(vile)k 3(ged)k
+5636(subsystems)s 8831(20)s 0 4219(6.3.)m 1200(Do)s 1546(not)s
+1912(gi)s 6(v)k 3(e)k 2371(a)s 3(w)k 2(ay)k
+2925(e)s 3(xcessi)k 6(v)k 3(e)k 3885(pri)s 6(vile)k 3(ge)k
+4781(to)s gsave
+5020 4273 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+5520(-using)s 6171(f)s 2(acilities)k
+8831(20)s 0 3981(6.4.)m gsave
+1200 4035 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+1760(is)s
+1970(not)s 2336(a)s 2502(replacement)s 3729(for)s gsave
+4067 4035 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(really)m
+grestore
+4727(and)s gsave
+5131 4035 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(sudo)m
+grestore
+8851(21)s
+0 3742(6.5.)m 1200(Don')s 4(t)k 1814(gi)s 6(v)k 3(e)k
+2273(access)s 2934(to)s 3173(general-purpose)s 4769(utilities)s 8851(21)s
+9066 670 0 670 240 240 60 0 2491 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(0.3.)m 628(Copyright)s 2109(Notice)s
+grestore
+gsave
+0 2381 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -460(userv)m
+grestore
+560 2327(is)m 770(Cop)s 2(yright)k 1799(1996-1999)s
+2889(Ian)s 3251(Jackson.)s gsave
+0 1768 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+544 1714(is)m
+737(free)s 1146(softw)s 2(are;)k 2062(you)s 2460(can)s
+2832(redistrib)s 4(ute)k 3955(it)s 4130(and/or)s 4784(modify)s
+5512(it)s 5688(under)s 6276(the)s 6607(terms)s 7172(of)s
+7426(the)s 7757(GNU)s 8315(General)s 0 1474(Public)m 659(License)s
+1453(as)s 1698(published)s 2682(by)s 2971(the)s 3314(Free)s
+3789(Softw)s 2(are)k 4699(F)s 3(oundation;)k 5894(either)s
+6492(v)s 3(ersion)k 7245(2)s 7414(of)s 7680(the)s
+8023(License,)s 8867(or)s 0 1234(\(at)m 311(your)s 810(option\))s
+1550(an)s 3(y)k 1947(later)s 2430(v)s 3(ersion.)k
+0 826(This)m 476(program)s 1346(is)s 1556(distrib)s 4(uted)k
+2632(in)s 2875(the)s 3223(hope)s 3745(that)s 4163(it)s
+4355(will)s 4781(be)s 5063(useful,)s 5754(b)s 4(ut)k
+240 fnt83 6116 828(without)m 6898(any)s 7300(warr)s 3(anty)k
+240 fnt82 8171 826(;)m 8283(without)s 0 52(User)m 511(service)s
+1243(daemon)s 2058(and)s 2462(client)s 3052(speci\207cation)s 8491(0.61.1)s
+
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 2 2
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Times-Italic
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(2)m 240 fnt82 0 13252(e)m 6(v)k 3(en)k
+500(the)s 848(implied)s 1636(w)s 2(arranty)k 2537(of)s
+240 fnt83 2808 13254(mer)m 8(c)k 3(hantability)k 240 fnt82
+4367 13252(or)m 240 fnt83 4626 13254(\207tness)m 5279(for)s 5623(a)s
+5798(particular)s 6833(purpose)s 240 fnt82 7598 13252(.)m 7702(See)s
+8103(the)s 8451(GNU)s 0 13012(General)m 811(Public)s 1475(License)s
+2274(for)s 2612(more)s 3159(details.)s 0 12604(Y)m 26(ou)k
+442(should)s 1139(ha)s 4(v)k 3(e)k 1640(re)s
+1821(cei)s 6(v)k 3(ed)k 2494(a)s 2660(cop)s 2(y)k
+3178(of)s 3449(the)s 3797(GNU)s 4372(Gen)s 4768(er)s
+4953(al)s 5180(Pub)s 5546(lic)s 5837(Li)s 6043(cense)s
+6630(along)s 7215(with)s gsave
+7697 12658 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+8197(;)s
+8309(if)s 8526(not,)s 0 12363(write)m 546(to)s 785(the)s
+1133(Free)s 1613(Soft)s 2011(w)s 2(are)k 2529(F)s 3(oun)k
+3016(da)s 3242(tion,)s 3721(59)s 4012(T)s 16(em)k
+4434(ple)s 4782(Place)s 5355(-)s 5483(Suite)s 6030(330,)s
+6497(Boston,)s 7283(MA)s 7726(02111-1307,)s 0 12123(USA.)m 0 52(0.61.1)m
+4809(User)s 5320(service)s 6052(daemon)s 6867(and)s 7271(client)s
+7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 3 3
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8953 13842(3)m gsave
+0 12792 translate
+240 fnt82 9066 622 0 622 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 4(1.)m 412(Intr)s 6(oduction)k
+
+grestore
+240 fnt82 0 12330(There)m 613(is)s 823(a)s 989(daemon)s
+1804(which)s 2446(in)s 9(v)k 4(ok)k 2(es)k
+3227(user)s 3685(service)s 4417(programs)s 5371(\(henceforth)s 6529(`services'\))s
+7584(in)s 7827(response)s 8720(to)s 0 12090(requests)m 822(by)s
+1104(callers)s 1765(of)s 2024(a)s 2178(companion)s 3287(client)s
+3865(program)s 4723(\(henceforth)s 5869(the)s 6205(`client'\))s 7009(and)s
+7401(according)s 8385(to)s 8611(rules)s 0 11850(set)m 325(forth)s
+846(in)s 1089(system-wide)s 2353(and)s 2757(user)s 4(-speci\207c)k
+4013(con\207guration)s 5346(\207les.)s 5848(The)s 6276(companion)s 7397(client)s
+7987(program)s 0 11610(is)m 210(setuid)s 839(root,)s 1331(and)s
+1735(ne)s 3(gotiates)k 2752(with)s 3234(the)s 3582(daemon)s
+4397(through)s 5199(an)s gsave
+5482 11664 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(AF_UNIX)m
+grestore
+6242(sock)s 2(et)k
+6911(and)s 7315(associated)s 8355(objects)s 0 11370(in)m 243(a)s
+409(system-wide)s 1673(pri)s 6(v)k 6(ate)k 2380(directory)s
+3296(set)s 3621(aside)s 4168(for)s 4506(the)s 4854(purpose.)s
+5716(The)s 6144(user)s 6602(who)s 7068(wishes)s 7770(the)s
+8118(service)s 8850(to)s 0 11130(be)m 282(performed)s 1335(and)s
+1739(calls)s 2227(the)s 2575(client)s 3165(is)s 3375(called)s
+4003(the)s 4351(`calling)s 5133(user';)s 5722(the)s 6070(process)s
+6838(which)s 7480(calls)s 7968(the)s 8316(client)s 8906(is)s
+0 10890(called)m 628(the)s 976(`calling)s 1758(process'.)s 0 10482(The)m
+428(daemon)s 1243(and)s 1647(the)s 1995(client)s 2585(are)s
+2932(responsible)s 4077(for)s 4415(ensuring)s 5292(that)s 5710(information)s
+6895(is)s 7105(safely)s 7729(carried)s 8449(across)s 0 10242(the)m
+338(security)s 1138(boundary)s 2087(between)s 2931(the)s 3269(tw)s 2(o)k
+3669(users,)s 4257(and)s 4650(that)s 5058(the)s 5396(processes)s
+6353(on)s 6640(either)s 7233(side)s 7664(cannot)s 8351(interact)s
+0 10002(with)m 482(each)s 977(other)s 1528(in)s 1771(an)s 3(y)k
+2168(une)s 3(xpected)k 3313(w)s 2(ays.)k 0 52(User)m
+511(service)s 1243(daemon)s 2058(and)s 2462(client)s 3052(speci\207cation)s
+8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 4 4
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(4)m gsave
+0 12729 translate
+240 fnt82 9066 688 0 688 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 70(2.)m 412(Client)s
+1382(pr)s 6(ogram)k 2737(usage)s
+grestore
+gsave
+480 12321 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+gsave
+864 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(options)m
+grestore
+2003([\211\211])s gsave
+2723 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(service\211user)m
+
+grestore
+gsave
+4591 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(service\211name)m
+grestore
+6594([)s gsave
+6738 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(ar)m 8(gument)k
+
+grestore
+8181(\202])s 0 -305(userv)m gsave
+864 -253 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(options)m
+grestore
+2003(\211B|\211\211builtin)s
+3875([\211\211])s gsave
+4595 -253 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(b)m 4(uiltin\211service)k
+grestore
+6742([)s
+gsave
+6886 -253 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(info\211ar)m 8(gument)k
+grestore
+9029(\202])s
+grestore
+240 fnt83
+0 11448(service-user)m 240 fnt82 1232 11446(speci\207es)m 2106(which)s 2748(user)s
+3206(is)s 3416(to)s 3655(pro)s 3(vide)k 4439(the)s
+4787(service.)s 5567(The)s 5995(user)s 6453(may)s 6919(be)s
+7201(a)s 7367(login)s 7916(name)s 8490(or)s 8749(a)s
+0 11206(numeric)m 836(uid,)s 1249(or)s gsave
+1508 11260 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211)m
+
+grestore
+1668(to)s 1907(indicate)s 2719(that)s 3137(the)s 3485(service)s
+4217(user)s 4675(is)s 4885(to)s 5124(be)s 5406(the)s
+5754(same)s 6301(as)s 6551(the)s 6899(calling)s 7602(user)s 13(.)k
+0 10798(The)m 428(service)s 1160(name)s 1734(is)s 1944(interpreted)s
+3036(by)s 3330(the)s 3678(userv)s 153 fnt82 4191 10887(1)m
+240 fnt82 4311 10798(daemon)m 5126(on)s 5423(behalf)s 6092(of)s
+6363(the)s 6711(service)s 7443(user)s 13(.)k 7932(It)s
+8137(will)s 8563(often)s 0 10558(be)m 282(the)s 630(name)s
+1204(of)s 1475(a)s 1641(program.)s 9066 670 0 670 240 240 60 0 9534 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(2.1.)m
+628(Options)s
+grestore
+0 9072(Single-letter)m 1233(options)s 1983(may)s 2442(be)s
+2718(combined)s 3714(as)s 3957(is)s 4161(usual)s 4714(with)s
+5190(Unix)s 5718(programs,)s 6721(and)s 7119(the)s 7461(v)s 6(alue)k
+8022(for)s 8354(such)s 8843(an)s 0 8832(option)m 669(may)s
+1135(appear)s 1832(in)s 2075(the)s 2423(same)s 2970(ar)s 4(gument)k
+3929(or)s 4188(in)s 4431(the)s 4779(ne)s 3(xt.)k
+gsave
+120 8478 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211B)m
+grestore
+gsave
+120 8238 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211builtin)m
+grestore
+480 7944(Requests)m
+1387(that)s 1797(a)s 1955(b)s 4(uiltin)k 2624(service)s
+3347(be)s 3621(pro)s 3(vided.)k 4565(This)s 5033(is)s
+5235(equi)s 6(v)k 6(alent)k 6270(to)s 6501(using)s
+7065(the)s gsave
+7405 7998 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211override)m
+grestore
+8457(option)s 480 7703(to)m
+719(specify)s 1463(a)s 1629(string)s 2226(consisting)s 3249(of)s
+gsave
+3520 7757 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211builtin)m
+grestore
+5081(follo)s 6(wed)k 5983(by)s
+6277(the)s 240 fnt83 6625 7705(b)m 4(uiltin-service)k 240 fnt82
+8053 7703(requested,)m 480 7463(and)m 884(requesting)s 1933(a)s 2099(service)s
+2831(user)s 3289(of)s gsave
+3560 7517 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211)m
+grestore
+3720(\(indicating)s
+4808(the)s 5156(calling)s 5859(user\).)s 480 7055(If)m 701(the)s
+1039(b)s 4(uiltin)k 1707(ser)s 1985(vice)s 2429(be)s
+2651(ing)s 3000(re)s 3181(quest)s 3686(ed)s 3961(re)s
+4142(quires)s 4767(a)s 240 fnt83 4924 7057(service-)m 5667(ar)s 8(gument)k
+240 fnt82 6631 7055(then)m 7090(this)s 7477(must)s 7992(be)s
+8264(sup)s 8590(plied)s 480 6814(to)m 712(the)s 1052(client)s
+1635(in)s 1870(the)s 2211(same)s 2750(ar)s 2935(gu)s
+3170(ment)s 3700(as)s 3943(the)s 240 fnt83 4283 6816(b)m 4(uiltin-)k
+4970(service)s 240 fnt82 5639 6814(.)m 5736(See)s 6129(`Di)s
+6441(rec)s 6725(ti)s 6(v)k 3(es)k 7211(for)s
+7541(chang)s 8106(ing)s 8457(e)s 3(x)k 8675(e)s
+8777(cu)s 8998(-)s 480 6574(tion)m 909(set)s 1174(tings',)s
+1825(page)s 2333(14)s 2627(for)s 2965(de)s 3187(tails)s
+3635(of)s 3906(the)s 4254(b)s 4(uiltin)k 4931(ser)s
+5209(vices)s 5751(a)s 4(v)k 6(ail)k 6200(able,)s
+6705(and)s 7109(`Security-)s 8052(o)s 3(v)k 3(erriding)k
+480 6334(op)m 713(tions',)s 1364(page)s 1872(7)s 2040(for)s
+2378(de)s 2600(tails)s 3048(of)s 3319(the)s gsave
+3667 6388 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211override)m
+grestore
+4728(op)s 4961(tions.)s 480 5926(The)m 897(actual)s
+1511(service)s 2232(name)s 2794(passed)s 3479(will)s 3894(be)s
+4164(the)s 240 fnt83 4501 5928(b)m 4(uiltin-service)k 240 fnt82
+5869 5926(;)m 5970(note)s 6427(that)s 6833(this)s 7218(actual)s
+7832(service)s 8552(name)s 480 5686(\(as)m 809(opposed)s 1666(to)s
+1905(the)s 2253(o)s 3(v)k 3(erride)k 3099(data\))s
+3625(and)s 4029(the)s 240 fnt83 4377 5688(info-ar)m 8(gument)k
+240 fnt82 5742 5686(s)m 5886(supplied)s 6755(will)s 7181(be)s
+7463(ignored)s 8252(by)s 8546(most)s 480 5446(b)m 4(uiltin)k
+1149(services;)s 2022(the)s 2361(o)s 3(v)k 3(erride)k
+3199(mechanism)s 4339(and)s gsave
+4735 5500 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211builtin)m
+grestore
+6287(will)s
+6705(be)s 6978(used)s 7467(to)s 7697(ensure)s 8369(that)s
+8778(the)s 480 5206(right)m 991(b)s 4(uiltin)k 1668(service)s
+2400(is)s 2610(called)s 3238(with)s 3720(the)s 4068(right)s
+240 fnt83 4579 5208(service-ar)m 8(gument)k 240 fnt82 6248 5206(s.)m
+gsave
+120 4866 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211f)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd)m
+grestore
+561([)s
+gsave
+705 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(modi\207er)m 2(s)k
+grestore
+1961(]=)s gsave
+2249 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(\207lename)m
+grestore
+
+grestore
+gsave
+120 4626 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211file)m gsave
+1008 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd)m
+
+grestore
+1281([)s gsave
+1425 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(modi\207er)m 2(s)k
+grestore
+2681(]=)s
+gsave
+2969 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+grestore
+
+grestore
+480 4332(Requests)m 1384(that)s 1791(data)s
+2238(be)s 2509(copied)s 3194(in)s 3426(and)s 3819(out)s
+4174(of)s 4434(the)s 4771(service)s 5492(using)s 6053(pipes.)s
+6651(F)s 3(or)k 7029(each)s 7513(\207le)s 7863(or)s
+8111(descriptor)s 480 4092(this)m 858(will)s 1266(be)s 1530(done)s
+2033(by)s 2309(creating)s 3113(a)s 3261(pipe,)s 3761(one)s
+4145(end)s 4531(of)s 4784(which)s 5407(is)s 5599(passed)s
+6277(to)s 6498(the)s 6827(service)s 7541(program)s 8393(and)s
+8778(the)s 480 3852(other)m 1028(end)s 1429(of)s 1697(which)s
+2336(is)s 2543(passed)s 3236(to)s 3472(a)s 3635(cop)s 2(y)k
+4149(of)s gsave
+4417 3906 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cat)m
+grestore
+4774(in)s 9(v)k 4(ok)k 2(ed)k
+5586(by)s 5877(the)s 6222(client;)s 6861(the)s 7206(other)s
+7754(\207le)s 8111(descriptor)s 480 3612(passed)m 1176(to)s gsave
+1415 3666 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(cat)m
+grestore
+1775(will)s 2201(be)s 2483(one)s 2885(inherited)s
+3792(by)s 4086(the)s 4434(client)s 5024(program)s 5894(from)s
+6418(the)s 6766(caller)s 7355(or)s 7614(one)s 8016(opened)s
+8766(by)s 480 3372(the)m 828(client)s 1418(program)s 2288(on)s
+2585(behalf)s 3254(of)s 3525(the)s 3873(caller)s 13(.)k
+480 2964(The)m 890(descriptor)s 1886(in)s 2110(the)s 2439(service)s
+3152(program)s 4004(that)s 4403(should)s 5081(be)s 5344(connected)s
+6353(must)s 6860(be)s 7123(speci\207ed)s 8012(as)s 240 fnt83
+8243 2966(fd)m 240 fnt82 8435 2964(,)m 8523(either)s 480 2724(as)m
+728(a)s 891(decimal)s 1699(number)s 2487(or)s 2743(as)s
+2990(one)s 3389(of)s 3657(the)s 4002(strings)s gsave
+4688 2778 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(stdin)m
+grestore
+5188(,)s gsave
+5292 2778 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdout)m
+grestore
+5949(or)s
+gsave
+6205 2778 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stderr)m
+grestore
+6805(.)s 6906(The)s 7331(ne)s 3(xt)k
+7797(ar)s 4(gument)k 8753(is)s 8960(a)s 480 2484(\207lename)m
+1359(which)s 2001(will)s 2427(be)s 2709(opened)s 3459(by)s
+3753(the)s 4101(client)s 4691(with)s 5173(the)s 5521(pri)s 6(vile)k 3(ges)k
+6505(of)s 6776(the)s 7124(calling)s 7827(user)s 13(.)k
+240 fnt83 480 2078(modi\207er)m 2(s)k 240 fnt82 1424 2076(is)m
+1634(used)s 2131(to)s 2370(specify)s 3114(whether)s 3944(the)s
+4292(\207le)s 4653(or)s 4912(descriptor)s 5927(is)s 6137(to)s
+6376(be)s 6658(read)s 7127(from)s 7651(or)s 7910(written)s
+8643(to.)s 480 1835(It)m 682(consists)s 1487(of)s 1755(a)s
+1918(series)s 2508(of)s 2776(w)s 2(ords)k 3407(separated)s
+4364(by)s 4655(commas.)s 5552(A)s 5779(comma)s 6540(may)s
+7003(separate)s 7838(the)s 240 fnt83 8182 1837(modi\207er)m 2(s)k
+240 fnt82 480 1594(from)m 1004(the)s 240 fnt83 1352 1596(fd)m
+240 fnt82 1604 1594(and)m 2008(is)s 2218(required)s 3072(if)s
+240 fnt83 3289 1596(fd)m 240 fnt82 3541 1594(is)m 3751(not)s
+4117(numeric.)s 1134 0 0 0 240 240 60 0 948 LoutGr2
+0 0 moveto xsize 0 lineto stroke
+grestore
+
+grestore
+122 fnt82 0 753(1)m gsave
+58 726 translate
+0.6953 1.0000 scale
+192 fnt31 0 -42(userv)m
+
+grestore
+192 fnt82 505 683(is)m 673(short)s 1103(for)s 1373(`user)s
+1802(services',)s 2566(and)s 2890(is)s 3058(pronounced)s 4010(`you-serv)s 2(e'.)k
+240 fnt82 0 52(0.61.1)m 4809(User)s 5320(service)s 6052(daemon)s
+6867(and)s 7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 5 5
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8953 13844(5)m 240 fnt82 480 13254(The)m 908(modi\207er)s
+1778(w)s 2(ords)k 2412(are:)s gsave
+600 13068 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(read)m
+
+grestore
+gsave
+960 12828 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_RDONLY)m
+grestore
+1761 12774(:)m 1867(Allo)s 6(w)k
+2513(reading)s 3283(and)s 3687(not)s 4053(writing.)s 4847(May)s
+5340(not)s 5706(be)s 5988(used)s 6485(with)s gsave
+6967 12828 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(write)m
+grestore
+7527(or)s 7786(things)s 8422(that)s 960 12534(imply)m
+1572(it.)s gsave
+600 12348 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+gsave
+960 12108 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_WRONLY)m
+
+grestore
+1761 12054(:)m 1867(Allo)s 6(w)k 2513(writing)s 3256(and)s
+3660(not)s 4026(reading.)s 240 fnt83 4847 12056(Doesn')m 7(t)k
+5661(truncate)s 6511(or)s 6789(cr)s 8(eate)k 240 fnt82
+7431 12054(without)m gsave
+8222 12108 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(truncate)m
+grestore
+960 11814(or)m gsave
+1219 11868 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(create)m
+grestore
+1819(.)s gsave
+1923 11868 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+2483(or)s
+2742(things)s 3378(that)s 3796(imply)s 4408(it)s 4600(may)s
+5066(not)s 5432(be)s 5714(used)s 6211(with)s gsave
+6693 11868 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(read)m
+grestore
+7093(.)s gsave
+600 11628 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(overwrite)m
+grestore
+960 11334(Equi)m 6(v)k 6(alent)k
+2044(to)s gsave
+2283 11388 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write,create,truncate)m
+grestore
+4385(.)s gsave
+600 11148 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(create)m
+grestore
+gsave
+600 10908 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(creat)m
+grestore
+gsave
+960 10668 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_CREAT)m
+
+grestore
+1660 10614(:)m 1766(Creates)s 2533(the)s 2881(\207le)s 3242(if)s
+3459(necessary)s 15(.)k 4477(Implies)s gsave
+5244 10668 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+
+grestore
+5744(.)s gsave
+600 10428 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(exclusive)m
+grestore
+gsave
+600 10188 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(excl)m
+
+grestore
+gsave
+960 9948 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_EXCL)m
+grestore
+1560 9894(:)m 1666(F)s 3(ails)k
+2178(if)s 2395(the)s 2743(\207le)s 3104(already)s 3861(e)s 3(xists.)k
+4506(Implies)s gsave
+5273 9948 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+5833(and)s gsave
+6237 9948 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(create)m
+grestore
+6837(.)s 6941(May)s 7434(not)s 7800(be)s
+8082(used)s 8579(with)s gsave
+960 9708 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(truncate)m
+grestore
+1761 9654(.)m
+gsave
+600 9468 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(truncate)m
+grestore
+gsave
+600 9228 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(trunc)m
+grestore
+gsave
+960 8988 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(O_TRUNC)m
+grestore
+1660 8934(:)m 1766(T)s 8(runcate)k 2663(an)s 3(y)k
+3060(e)s 3(xisting)k 3867(\207le.)s 4276(Implies)s gsave
+5043 8988 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(write)m
+grestore
+5543(.)s 5647(May)s 6140(not)s 6506(be)s
+6788(used)s 7285(with)s gsave
+7767 8988 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(exclusive)m
+grestore
+8668(.)s
+gsave
+600 8748 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(append)m
+grestore
+gsave
+960 8508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_APPEND)m
+grestore
+1761 8454(:)m
+1867(All)s 2227(writes)s 2861(will)s 3287(append)s 4037(to)s
+4276(the)s 4624(\207le.)s 5033(Implies)s gsave
+5800 8508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+
+grestore
+6360(\(b)s 4(ut)k 6801(not)s gsave
+7167 8508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(create)m
+
+grestore
+7767(\).)s gsave
+600 8268 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(sync)m
+grestore
+gsave
+960 8028 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_SYNC)m
+
+grestore
+1560 7974(:)m 1666(Do)s 2012(writes)s 2646(synchronously)s 15(.)k
+4132(Implies)s gsave
+4899 8028 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+5399(.)s gsave
+600 7788 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(wait)m
+grestore
+gsave
+600 7548 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(nowait)m
+grestore
+gsave
+600 7308 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(close)m
+
+grestore
+960 7014(These)m 1587(modi\207ers)s 2541(control)s 3273(the)s 3621(beha)s 4(viour)k
+4634(of)s 4905(the)s 5253(client,)s 5890(with)s 6372(respect)s
+7108(to)s 7347(the)s 7695(pipes)s 8251(carrying)s 960 6774(data)m
+1418(to)s 1657(and)s 2061(from)s 2585(the)s 2933(service,)s
+3716(when)s 4292(the)s 4640(service)s 5372(terminates.)s 6470(See)s
+6871(belo)s 6(w)k 15(.)k gsave
+600 6588 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(fd)m
+
+grestore
+960 6294(The)m 240 fnt83 1388 6296(\207lename)m 240 fnt82 2252 6294(is)m
+2462(not)s 2828(a)s 2994(\207lename)s 3873(b)s 4(ut)k
+4235(a)s 4401(numeric)s 5237(\207le)s 5598(descriptor)s 13(.)k
+6644(One)s 7099(or)s 7358(both)s 7841(of)s gsave
+8112 6348 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(read)m
+grestore
+8572(and)s gsave
+960 6107 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+1520 6053(must)m
+2045(be)s 2327(speci\207ed,)s 3284(and)s 3688(no)s 3981(other)s
+4532(w)s 2(ords)k 5166(are)s 5513(allo)s 6(wed.)k
+6368(The)s 240 fnt83 6796 6055(\207lename)m 240 fnt82 7660 6053(may)m
+8126(also)s 8564(be)s gsave
+960 5867 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdin)m
+grestore
+1460 5813(,)m
+gsave
+1567 5867 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdout)m
+grestore
+2227(or)s gsave
+2486 5867 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stderr)m
+
+grestore
+3146(for)s 3484(\207le)s 3845(descriptor)s 4860(0,)s 5087(1)s
+5242(or)s 5501(2)s 5675(respecti)s 6(v)k 3(ely)k 15(.)k
+480 5251(If)m 701(no)s 240 fnt83 984 5253(modi\207er)m 2(s)k
+240 fnt82 1918 5251(which)m 2550(imply)s gsave
+3152 5305 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(read)m
+
+grestore
+3602(or)s gsave
+3851 5305 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+4401(are)s 4738(used)s
+5226(it)s 5408(is)s 5608(as)s 5848(if)s gsave
+6055 5305 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(write)m
+grestore
+6605(had)s 6999(been)s 7498(speci\207ed,)s 8445(e)s 3(xcept)k
+480 5011(that)m 898(if)s 1115(the)s 1463(\207ledescriptor)s 2783(0)s
+2958(of)s 3229(the)s 3577(service)s 4309(is)s 4519(being)s
+5104(opened)s 5854(\(either)s 6536(speci\207ed)s 7444(numerically)s 8639(or)s
+480 4771(with)m gsave
+962 4825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdin)m
+grestore
+1462(\))s 1590(it)s
+1782(is)s 1992(as)s 2242(if)s gsave
+2459 4825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(overwrite)m
+
+grestore
+3420(had)s 3824(been)s 4333(speci\207ed)s 5241(\(or)s gsave
+5579 4825 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(write)m
+grestore
+6139(if)s 6356(only)s gsave
+6836 4825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(fd)m
+
+grestore
+7096(w)s 2(as)k 7517(speci\207ed\).)s 480 4363(The)m 892(client)s
+1465(will)s 1874(also)s 2296(use)s gsave
+2654 4417 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(O_NOCTTY)m
+
+grestore
+3498(when)s 4057(opening)s 4866(\207les)s 5298(speci\207ed)s 6189(by)s
+6466(the)s 6798(caller)s 9(,)k 7408(to)s 7630(a)s 4(v)k 4(oid)k
+8195(changing)s 480 4123(its)m 756(controlling)s 1858(terminal.)s 480 3715(By)m
+810(de)s 1032(f)s 2(ault)k 1523(stdin,)s 2091(std)s
+2368(out)s 2729(and)s 3129(stderr)s 3728(of)s 3995(the)s
+4338(ser)s 4616(vice)s 5066(will)s 5488(be)s 5766(con)s
+6109(nect)s 6507(ed)s 6786(to)s 7021(the)s 7365(cor)s
+7670(re)s 7851(spond)s 8422(ing)s 8776(de)s 8998(-)s
+480 3475(scrip)m 937(tors)s 1346(on)s 1643(the)s 1991(client.)s
+2625(Di)s 2858(ag)s 3077(nos)s 3401(tics)s 3783(from)s
+4307(the)s 4655(client)s 5245(and)s 5649(dae)s 5977(mon)s
+6460(will)s 6886(also)s 7324(ap)s 7543(pear)s 8014(on)s
+8311(stderr)s 13(.)k 480 3067(If)m gsave
+710 3121 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(wait)m
+
+grestore
+1170(is)s 1380(speci\207ed,)s 2337(the)s 2685(client)s 3275(will)s
+3701(w)s 2(ait)k 4170(for)s 4508(the)s 4856(pipe)s
+5324(to)s 5563(be)s 5845(closed,)s 6563(and)s 6967(only)s
+7447(e)s 3(xit)k 7862(after)s 8358(this)s 480 2827(has)m
+850(happened.)s 1872(This)s 2348(means)s 3010(that)s 3428(either)s
+4031(the)s 4379(recei)s 6(ving)k 5315(end)s 5719(of)s
+5990(the)s 6338(pipe)s 6806(connection)s 7913(w)s 2(as)k
+8334(closed)s 480 2587(while)m 1067(data)s 1525(w)s 2(as)k
+1946(still)s 2358(a)s 4(v)k 6(ailable)k 3266(at)s
+3498(the)s 3846(sending)s 4644(end,)s 5097(or)s 5356(that)s
+5774(the)s 6122(end)s 6526(of)s 6797(\207le)s 7158(w)s 2(as)k
+7579(reached)s 8380(on)s 8677(the)s 480 2347(reading)m 1250(\207le)s
+1611(descriptor)s 13(.)k 2657(Errors)s 3304(encountered)s 4531(reading)s
+5301(or)s 5560(writing)s 6303(in)s 6546(the)s 6894(client)s
+7484(at)s 7716(this)s 8112(stage)s 8659(will)s 480 2106(be)m
+762(considered)s 1855(a)s 2021(system)s 2744(error)s 3266(and)s
+3670(cause)s 4256(the)s 4603(client)s 5193(to)s 5431(e)s 3(xit)k
+5845(with)s 6327(status)s 6921(255,)s 7387(b)s 4(ut)k
+7749(will)s 8174(not)s 8539(cause)s 480 1866(disconnection)m 1866(at)s
+2098(the)s 2446(service)s 3178(side)s 3619(since)s 4166(the)s
+4514(service)s 5246(has)s 5616(already)s 6373(e)s 3(xited.)k
+480 1458(If)m gsave
+710 1512 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(close)m
+grestore
+1270(is)s 1480(speci\207ed)s
+2388(the)s 2736(client)s 3326(will)s 3752(immediately)s 5000(close)s
+5547(the)s 5895(pipe)s 6363(connection)s 7470(by)s 7764(killing)s
+8441(the)s 480 1218(rele)m 6(v)k 6(ant)k 1297(cop)s 2(y)k
+1815(of)s gsave
+2086 1272 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cat)m
+grestore
+2386(.)s 2490(If)s
+2720(the)s 3068(service)s 3800(uses)s 4263(the)s 4611(descriptor)s
+5626(it)s 5818(will)s 6244(get)s gsave
+6596 1272 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+
+grestore
+7356(\(or)s gsave
+7694 1272 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(EPIPE)m
+grestore
+8194(\))s 8322(for)s
+8660(a)s 480 978(writing)m 1218(descriptor)s 2228(or)s 2482(end)s
+2881(of)s 3147(\207le)s 3502(for)s 3835(a)s 3996(reading)s
+4761(one;)s 5214(the)s 5557(descriptor)s 6566(opened)s 7311(by)s
+7600(or)s 7854(passed)s 8545(to)s 8778(the)s 480 738(client)m
+1070(will)s 1496(also)s 1934(be)s 2216(closed.)s 0 52(User)m
+511(service)s 1243(daemon)s 2058(and)s 2462(client)s 3052(speci\207cation)s
+8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 6 6
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(6)m 240 fnt82 480 13251(If)m gsave
+707 13305 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(nowait)m
+grestore
+1364(is)s 1570(speci\207ed)s 2475(then)s 2941(the)s
+3285(client)s 3872(will)s 4294(not)s 4657(w)s 2(ait)k
+5123(and)s 5523(the)s 5868(connection)s 6972(will)s 7394(remain)s
+8111(open)s 8630(after)s 480 13011(the)m 824(client)s 1409(terminates.)s
+2502(Data)s 3008(may)s 3469(continue)s 4344(to)s 4578(be)s
+4856(passed)s 5547(between)s 6396(the)s 6739(inheritors)s 7700(of)s
+7966(the)s 8309(rele)s 6(v)k 6(ant)k 480 12771(descriptor)m
+1484(on)s 1770(the)s 2107(service)s 2828(side)s 3258(and)s
+3651(the)s 3988(corresponding)s 5399(\207le)s 5749(or)s 5997(descriptor)s
+7001(on)s 7287(the)s 7624(client)s 8203(side)s 8633(until)s
+480 12531(either)m 1071(side)s 1499(closes)s 2121(their)s 2606(descriptor)s 13(.)k
+3639(This)s 4102(should)s 4786(not)s 5140(usually)s 5872(be)s
+6141(speci\207ed)s 7036(for)s 7362(stderr)s 7952(\(or)s 8277(stdout)s
+8909(if)s gsave
+480 12345 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211signals)m 1440(stdout)s
+grestore
+2141 12291(is)m
+2350(used\))s 2916(since)s 3462(diagnostics)s 4588(from)s 5111(the)s
+5457(service)s 6188(side)s 6628(may)s 7093(arri)s 6(v)k 3(e)k
+7695(after)s 8190(the)s 8536(client)s 480 12051(has)m 850(e)s 3(xited)k
+1489(and)s 1893(be)s 2175(confused)s 3097(with)s 3579(e)s 3(xpected)k
+4484(output.)s 480 11643(The)m 908(def)s 2(ault)k 1629(is)s
+gsave
+1839 11697 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(wait)m
+grestore
+2299(for)s 2637(writing)s 3380(\207le)s
+3741(descriptors)s 4840(and)s gsave
+5244 11697 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(close)m
+grestore
+5804(for)s
+6142(reading)s 6912(ones.)s gsave
+120 11303 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211w)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(fd)m
+grestore
+561(=)s gsave
+705 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(action)m
+grestore
+
+grestore
+gsave
+120 11063 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211fdwait)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd)m
+grestore
+1425(=)s gsave
+1569 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(action)m
+grestore
+
+grestore
+480 10769(Sets)m 924(the)s 1267(action)s 1903(on)s
+2194(termination)s 3347(of)s 3613(the)s 3956(service)s 4682(for)s
+5015(the)s 5358(speci\207ed)s 6261(\207le)s 6616(descriptor;)s 240 fnt83
+7678 10771(action)m 240 fnt82 8325 10769(must)m 8844(be)s gsave
+480 10583 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(wait)m
+grestore
+880 10529(,)m gsave
+981 10583 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(nowait)m
+grestore
+1634(or)s
+gsave
+1886 10583 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(close)m
+grestore
+2439(as)s 2682(described)s 3650(abo)s 3(v)k 3(e.)k
+4313(The)s 4734(\207le)s 5088(descriptor)s 6096(must)s 6615(be)s
+6890(speci\207ed)s 7791(as)s 8034(open)s 8550(when)s 480 10289(this)m
+876(option)s 1545(is)s 1755(encountered;)s 3036(this)s 3432(option)s
+4101(is)s 4311(o)s 3(v)k 3(erridden)k 5398(by)s
+5692(an)s 3(y)k 6089(later)s gsave
+6572 10343 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211file)m
+
+grestore
+7232(or)s gsave
+7491 10343 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211fdwait)m
+grestore
+8352(option)s 480 10049(-)m
+608(e)s 6(v)k 3(en)k 1108(by)s 1402(a)s
+gsave
+1568 10103 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211file)m
+grestore
+2228(which)s 2870(does)s 3360(not)s
+3726(specify)s 4470(an)s 4753(action)s 5394(on)s 5691(termination)s
+6849(\(in)s 7171(this)s 7567(case)s 8034(the)s 8382(def)s 2(ault)k
+480 9809(will)m 906(be)s 1188(used,)s 1734(as)s 1984(described)s
+2958(abo)s 3(v)k 3(e\).)k gsave
+120 9479 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211D)m
+gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+1016(=)s gsave
+1160 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(value)m
+
+grestore
+
+grestore
+gsave
+120 9239 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211defvar)m gsave
+1296 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+2024(=)s
+gsave
+2168 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(value)m
+grestore
+
+grestore
+480 8945(Set)m 845(a)s 1011(user)s 4(-)k
+1473(de\207ned)s 2236(v)s 6(ari)k 2595(able)s 240 fnt83
+3049 8947(name)m 240 fnt82 3621 8945(to)m 240 fnt83 3860 8947(val)m
+4152(ue)s 240 fnt82 4371 8945(.)m 4475(These)s 5102(user)s 4(-)k
+5564(de\207ned)s 6327(v)s 6(ari)k 6686(ables)s 7228(are)s
+7575(made)s 8149(a)s 4(v)k 6(ail)k 8598(able)s
+480 8705(in)m 723(the)s 1071(con)s 1414(\207g)s 1660(u)s
+1775(ra)s 1960(tion)s 2389(lan)s 2678(guage)s 3306(as)s
+3556(the)s 3904(pa)s 4130(ram)s 4501(e)s 4603(ters)s
+gsave
+4998 8759 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(u\211)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+
+grestore
+5764(and)s
+6168(are)s 6515(passed)s 7211(to)s 7450(the)s 7798(ser)s
+8076(vice)s 8530(in)s 8773(en)s 8996(-)s 480 8465(vi)m
+660(ron)s 976(ment)s 1508(v)s 6(ari)k 1867(ables)s
+gsave
+2402 8519 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_U_)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+
+grestore
+3709(.)s
+240 fnt83 3806 8467(name)m 240 fnt82 4371 8465(may)m 4831(con)s
+5174(tain)s 5582(only)s 6055(al)s 6222(phanu)s 6803(mer)s
+7174(ics)s 7483(and)s 7880(un)s 8117(der)s 8422(scores,)s
+480 8225(and)m 884(must)s 1409(start)s 1879(with)s 2360(a)s
+2526(let)s 2764(ter)s 13(.)k 3106(If)s 3335(se)s 6(v)k
+3643(er)s 3828(al)s 4055(de\207)s 4406(ni)s 4586(tions)s
+5102(are)s 5449(gi)s 6(v)k 5744(en)s 6026(for)s
+6364(the)s 6712(same)s 240 fnt83 7258 8227(name)m 240 fnt82
+7830 8225(then)m 8299(only)s 8778(the)s 480 7985(last)m 871(is)s
+1081(ef)s 1278(fec)s 1562(ti)s 6(v)k 3(e.)k
+gsave
+120 7694 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211t)m gsave
+432 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(seconds)m
+grestore
+
+grestore
+gsave
+120 7454 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211timeout)m gsave
+1440 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(seconds)m
+grestore
+
+grestore
+480 7160(T)m 8(ime)k
+1029(out)s 1392(the)s 1736(service)s 2465(if)s 2678(it)s
+2867(tak)s 2(es)k 3403(longer)s 4071(than)s 240 fnt83
+4536 7162(seconds)m 240 fnt82 5346 7160(seconds)m 6151(\(a)s 6393(positi)s 6(v)k 3(e)k
+7193(inte)s 3(ger)k 9(,)k 7948(in)s 8187(decimal\).)s
+480 6919(T)m 8(imeout)k 1331(will)s 1746(produce)s 2562(a)s
+2717(diagnostic)s 3742(on)s 4028(stderr)s 4620(and)s 5013(an)s
+5284(e)s 3(xit)k 5688(status)s 6272(of)s 6532(255.)s
+6985(If)s 240 fnt83 7204 6921(seconds)m 240 fnt82 8006 6919(is)m
+8205(zero)s 8657(then)s 480 6679(no)m 773(timeout)s 1563(will)s
+1989(be)s 2271(implemented)s 3577(\(this)s 4052(is)s 4262(the)s
+4610(def)s 2(ault\).)k gsave
+120 6339 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211S)m
+grestore
+240 fnt83
+380 6287(method)m gsave
+120 6099 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211signals)m
+grestore
+1081 6047(method)m 240 fnt82
+480 5805(Af)m 6(fects)k 1212(the)s 1544(handling)s 2420(of)s
+2675(the)s 3008(e)s 3(xit)k 3407(status)s 3987(when)s
+4547(the)s 4879(service)s 5596(terminates)s 6625(due)s 7012(to)s
+7235(a)s 7386(signal.)s 8045(\(The)s 8536(client)s 480 5564(will)m
+906(al)s 2(w)k 2(ays)k 1617(\207nish)s 2206(by)s
+2500(calling)s gsave
+3203 5618 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(_exit)m
+grestore
+3703(,)s 3810(so)s
+4076(that)s 4494(only)s 4974(numbers)s 5849(from)s 6373(0)s
+6548(to)s 6787(255)s 7193(can)s 7582(be)s 7864(returned)s
+8718(and)s 480 5324(not)m 830(the)s 1162(full)s 1532(range)s
+2102(of)s 2357(numbers)s 3216(and)s 3603(signal)s 4213(indications)s
+5297(which)s 5922(can)s 6295(be)s 6561(returned)s 7398(by)s
+7676(the)s gsave
+8008 5378 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(wait)m
+grestore
+8451(f)s 2(amily)k
+480 5084(of)m 751(system)s 1475(calls.\))s 480 4676(The)m 240 fnt83
+908 4678(method)m 240 fnt82 1679 4676(may)m 2145(be)s 2427(one)s
+2829(of)s 3100(the)s 3448(follo)s 6(wing:)k 240 fnt83
+600 4438(status)m 240 fnt82 960 4196(The)m 1386(client')s 13(s)k
+2123(e)s 3(xit)k 2536(status)s 3128(will)s 3552(be)s
+240 fnt83 3831 4198(status)m 240 fnt82 4384 4196(.)m 4486(This)s
+4959(will)s 5383(not)s 5746(be)s 6026(distinguishable)s 7527(from)s
+8049(the)s 8394(service)s 960 3955(really)m 1557(ha)s 4(ving)k
+2258(e)s 3(xited)k 2897(with)s 3379(code)s 240 fnt83
+3887 3957(status)m 240 fnt82 4440 3955(.)m 4544(This)s 5020(method)s
+5796(is)s 6006(the)s 6354(def)s 2(ault,)k 7122(with)s
+7604(a)s 240 fnt83 7770 3957(status)m 240 fnt82 8383 3955(of)m
+8654(254.)s gsave
+600 3769 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(number)m
+grestore
+gsave
+600 3529 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(number\211nocore)m
+
+grestore
+960 3235(The)m 1388(client')s 13(s)k 2128(e)s 3(xit)k
+2543(status)s 3138(will)s 3564(be)s 3846(the)s 4194(number)s
+4985(of)s 5256(the)s 5604(signal)s 6230(which)s 6872(caused)s
+7581(the)s 7929(termination)s 960 2995(of)m 1231(the)s 1579(service.)s
+2359(If)s gsave
+2589 3049 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(number)m
+grestore
+3249(is)s 3459(used)s
+3956(rather)s 4572(than)s gsave
+5041 3049 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(number\211nocore)m
+grestore
+6402(then)s
+6871(128)s 7278(will)s 7704(be)s 7986(added)s 960 2755(if)m
+1177(the)s 1525(service)s 2257(dumped)s 3087(core.)s gsave
+3602 2809 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(number)m
+grestore
+4262(is)s 4472(v)s 3(ery)k 4948(lik)s 2(e)k
+5360(the)s 5708(e)s 3(xit)k 6123(code)s 6631(mangling)s
+7588(done)s 8110(by)s 8404(the)s 960 2515(Bourne)m 1721(shell.)s
+gsave
+600 2329 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(highbit)m
+grestore
+960 2035(The)m 1388(client')s 13(s)k
+2128(e)s 3(xit)k 2543(status)s 3138(will)s 3564(be)s
+3846(the)s 4194(number)s 4985(of)s 5256(the)s 5604(signal)s
+6230(with)s 6712(128)s 7119(added.)s 7795(If)s 8025(the)s
+8373(service)s 960 1795(e)m 3(xits)k 1459(normally)s 2376(with)s
+2858(an)s 3141(e)s 3(xit)k 3556(code)s 4064(of)s
+4335(greater)s 5057(than)s 5526(127)s 5934(then)s 6403(127)s
+6811(will)s 7237(be)s 7519(returned.)s gsave
+600 1609 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdout)m
+
+grestore
+960 1315(The)m 1375(service')s 13(s)k 2247(numeric)s 3069(w)s 2(ait)k
+3524(status)s 4105(as)s 4341(tw)s 2(o)k 4737(decimal)s
+5534(numbers)s 6395(\(high)s 6943(byte)s 7397(\207rst\))s 7882(and)s
+8272(a)s 8424(te)s 3(xtual)k 960 1075(description)m 2079(of)s
+2350(its)s 2626(meaning)s 3503(will)s 3929(be)s 4211(printed)s
+4946(to)s 5185(the)s 5533(client')s 13(s)k 6273(standard)s
+7141(output.)s 7857(It)s 8062(will)s 8488(be)s 960 835(preceded)m
+1865(by)s 2142(a)s 2292(ne)s 6(wline)k 3082(and)s
+3470(follo)s 6(wed)k 4355(by)s 4633(an)s 4899(e)s 3(xtra)k
+5417(ne)s 6(wline,)k 6258(and)s 6646(the)s 6977(numbers)s
+7836(are)s 8166(separated)s 0 52(0.61.1)m 4809(User)s 5320(service)s
+6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 7 7
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8951 13844(7)m 240 fnt82 960 13256(from)m 1484(each)s
+1979(other)s 2530(and)s 2934(from)s 3458(the)s 3806(te)s 3(xtual)k
+4508(description)s 5627(by)s 5921(single)s 6548(spaces.)s 7276(The)s
+7704(e)s 3(xit)k 8119(status)s 8714(of)s 960 13016(the)m
+1308(client)s 1898(will)s 2324(be)s 2606(zero,)s 3124(unless)s
+3773(a)s 3939(system)s 4663(error)s 5186(occurs)s 5861(in)s
+6104(which)s 6746(case)s 7213(no)s 7506(e)s 3(xit)k
+7921(status)s 8516(and)s 960 12776(description)m 2079(will)s 2505(be)s
+2787(printed)s 3522(to)s 3761(stdout,)s 4453(and)s 4857(an)s
+5140(error)s 5663(message)s 6529(will)s 6955(be)s 7237(printed)s
+7972(to)s 8211(stderr)s 960 12536(as)m 1210(usual.)s 480 12024(Problems)m
+1420(such)s 1902(as)s 2137(client)s 2713(usage)s 3299(errors,)s
+3948(the)s 4281(service)s 4999(not)s 5351(being)s 5921(found)s
+6524(or)s 6768(permission)s 7860(being)s 8430(denied)s 480 11784(or)m
+739(f)s 2(ailure)k 1415(of)s 1686(a)s 1852(system)s
+2576(call)s 2975(are)s 3322(system)s 4046(errors.)s 4706(An)s
+5056(error)s 5579(message)s 6445(describing)s 7494(the)s 7842(problem)s
+8699(will)s 480 11543(be)m 758(printed)s 1489(on)s 1782(the)s
+2125(client')s 13(s)k 2861(stderr)s 9(,)k 3498(and)s
+3898(the)s 4241(client')s 13(s)k 4977(e)s 3(xit)k
+5388(status)s 5978(will)s 6400(be)s 6678(255.)s 7138(If)s
+7363(the)s 7707(client)s 8293(dies)s 8724(due)s 480 11303(to)m
+719(a)s 885(signal)s 1511(this)s 1907(should)s 2604(be)s
+2886(treated)s 3593(as)s 3843(a)s 4009(serious)s 4737(system)s
+5461(error)s 13(.)k gsave
+120 10963 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211H)m
+grestore
+gsave
+120 10723 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211hidecwd)m
+grestore
+480 10429(Pre)m 6(v)k 3(ents)k 1345(the)s
+1693(calling)s 2396(process')s 13(s)k 3323(current)s 4059(directory)s
+4975(name)s 5549(from)s 6073(being)s 6658(passed)s 7354(to)s
+7593(the)s 7941(service;)s 8729(the)s 480 10189(null)m 907(string)s
+1504(will)s 1930(be)s 2212(passed)s 2908(instead.)s gsave
+120 9849 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211P)m
+grestore
+gsave
+120 9609 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211sigpipe)m
+grestore
+480 9315(If)m 700(the)s
+1038(service)s 1760(program)s 2620(is)s 2820(terminated)s 3888(due)s
+4280(to)s 4509(a)s gsave
+4665 9369 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+grestore
+5415(the)s
+5753(e)s 3(xit)k 6157(status)s 6742(of)s 7003(the)s
+7341(client)s 7921(will)s 8337(be)s 8608(zero,)s 480 9075(e)m 6(v)k 3(en)k
+967(if)s 1170(it)s 1349(w)s 2(ould)k 1990(ha)s 4(v)k 3(e)k
+2477(been)s 2973(something)s 4009(else)s 4423(according)s 5405(to)s
+5630(the)s 5965(e)s 3(xit)k 6366(status)s 6948(method)s
+7710(speci\207ed.)s 8650(This)s 480 8835(option)m 1149(has)s 1519(no)s
+1812(ef)s 6(fect)k 2408(on)s 2705(the)s 3053(code)s
+3561(and)s 3965(description)s 5084(printed)s 5819(if)s 6036(the)s
+6384(e)s 3(xit)k 6799(status)s 7394(method)s gsave
+8170 8889 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(stdout)m
+grestore
+8830(is)s 480 8595(in)m 723(use.)s gsave
+120 8305 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211h)m
+grestore
+gsave
+120 8065 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211help)m
+grestore
+gsave
+120 7825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211copyright)m
+
+grestore
+gsave
+480 7585 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211h)m
+grestore
+740 7531(or)m gsave
+999 7585 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211help)m
+
+grestore
+1659(prints)s 2254(the)s 2602(client')s 13(s)k 3342(usage)s
+3943(message;)s gsave
+4865 7585 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211copyright)m
+grestore
+6026(prints)s 6621(the)s
+6969(cop)s 2(yright)k 7944(and)s 8348(lack)s 8807(of)s
+480 7291(w)m 2(arranty)k 1381(notice.)s 9066 670 0 670 240 240 60 0 6161 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(2.2.)m
+628(Security-o)s 3(v)k 3(erriding)k 3373(options)s
+grestore
+0 5699(There)m
+613(are)s 960(also)s 1398(some)s 1959(options)s 2715(which)s
+3357(are)s 3704(a)s 4(v)k 6(ailable)k 4612(for)s
+4950(deb)s 4(ugging)k 6011(and)s 6415(to)s 6654(allo)s 6(w)k
+7233(the)s 7581(system)s 0 5459(administrator)m 1333(to)s 1572(o)s 3(v)k 3(erride)k
+2418(a)s 2584(user')s 13(s)k 3192(polic)s 3(y)k 15(.)k
+3876(These)s 4503(options)s 5259(are)s 5606(a)s 4(v)k 6(ailable)k
+6514(only)s 6994(if)s 7211(the)s 7559(client)s 8149(is)s
+8359(called)s 0 5219(by)m 294(root)s 739(or)s 998(if)s
+1215(the)s 1563(calling)s 2266(user)s 2724(is)s 2934(the)s
+3282(same)s 3829(as)s 4079(the)s 4427(service)s 5159(user)s 13(.)k
+gsave
+120 4865 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211override)m gsave
+1584 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(con\207gur)m 3(ation-data)k
+
+grestore
+
+grestore
+gsave
+120 4625 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211override\211file)m gsave
+2304 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+grestore
+
+grestore
+480 4331(Do)m
+826(not)s 1192(read)s 1661(the)s 2009(usual)s 2569(con\207guration)s
+3902(\207les.)s 4404(Instead,)s 5201(the)s 5549(client)s 6139(sends)s
+240 fnt83 6722 4333(con\207gur)m 3(ation-data)k 240 fnt82 480 4090(\(follo)m 6(wed)k
+1461(by)s 1755(a)s 1921(ne)s 6(wline\))k 2800(or)s
+3059(the)s 3407(contents)s 4255(of)s 240 fnt83 4526 4092(\207lename)m
+240 fnt82 5390 4090(\(which)m 6111(is)s 6321(opened)s 7071(in)s
+7314(the)s 7662(conte)s 3(xt)k 8423(of)s 8694(the)s
+480 3849(client\))m 1138(to)s 1377(the)s 1725(daemon)s 2540(and)s
+2944(the)s 3292(daemon)s 4107(uses)s 4570(that)s 4988(data)s
+5446(instead.)s 6227(The)s 240 fnt83 6655 3851(con\207gur)m 3(ation-data)k
+240 fnt82 8503 3849(must)m 480 3609(all)m 772(be)s 1052(in)s
+1293(one)s 1693(ar)s 4(gument.)k 2694(It)s 2897(will)s
+3321(ha)s 4(v)k 3(e)k 3820(a)s 3984(single)s
+4609(ne)s 6(wline)k 5414(appended)s 6388(so)s 6652(that)s
+7068(a)s 7232(single)s 7857(directi)s 6(v)k 3(e)k
+8737(can)s 480 3369(easily)m 1083(be)s 1357(gi)s 6(v)k 3(en,)k
+1979(b)s 4(ut)k 2333(if)s 2542(more)s 3080(than)s
+3541(one)s 3935(directi)s 6(v)k 3(e)k 4809(is)s
+5011(required)s 5857(it)s 6040(will)s 6458(ha)s 4(v)k 3(e)k
+6951(to)s 7182(contain)s 7935(one)s 8329(or)s 8579(more)s
+480 3129(real)m 892(ne)s 6(wlines.)k gsave
+120 2838 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211spoof\211user)m
+gsave
+1872 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(user)m
+grestore
+
+grestore
+480 2544(Pretend)m 1268(to)s 1507(the)s
+1855(service)s 2587(that)s 3005(it)s 3197(is)s 3407(being)s
+3992(called)s 4620(by)s 240 fnt83 4914 2546(user)m 240 fnt82
+5391 2544(\(which)m 6112(may)s 6578(be)s 6860(a)s 7026(username)s
+7998(or)s 8257(a)s 8423(uid\).)s 480 2304(This)m 956(will)s
+1382(also)s 1820(af)s 6(fect)k 2416(the)s 2764(group)s
+3376(and)s 3780(supplementary)s 5242(groups)s 5945(supplied)s 6814(to)s
+7053(the)s 7401(service;)s 8189(the)s 3(y)k 8652(will)s
+480 2064(be)m 759(the)s 1103(standard)s 1968(group)s 2576(and)s
+2977(supplementary)s 4435(groups)s 5135(for)s 240 fnt83 5469 2066(user)m
+240 fnt82 5886 2064(.)m 5987(The)s gsave
+6411 2118 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211spoof\211user)m
+
+grestore
+7669(option)s 8334(will)s 240 fnt83 8756 2066(not)m 240 fnt82
+480 1824(af)m 6(fect)k 1076(which)s 1718(user)s 2176(is)s
+2386(chosen)s 3108(if)s 3325(the)s 3673(service)s 4405(user)s
+4863(is)s 5073(speci\207ed)s 5981(as)s 6231(just)s gsave
+6636 1878 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211)m
+grestore
+6736(;)s 6848(in)s 7091(this)s 7487(case)s
+7954(the)s 8302(service)s 480 1584(user)m 938(will)s 1364(be)s
+1646(the)s 1994(real)s 2406(calling)s 3109(user)s 13(.)k
+0 52(User)m 511(service)s 1243(daemon)s 2058(and)s 2462(client)s
+3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 8 8
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(8)m gsave
+0 12726 translate
+240 fnt82 9066 688 0 688 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 70(3.)m 412(Execution)s
+1943(en)s 13(vir)k 6(onment)k 3856(of)s 4243(the)s
+4774(ser)s 3(vice)k 5846(pr)s 6(ogram)k
+grestore
+240 fnt82
+0 12264(The)m 428(daemon)s 1243(which)s 1885(is)s 2095(handling)s
+2986(the)s 3334(service)s 4066(user)s 4524(side)s 4965(of)s
+5236(things)s 5872(will)s 6298(read)s 6767(con\207guration)s 8100(\207les)s
+8549(to)s 0 12024(decide)m 680(what)s 1205(to)s 1444(do.)s
+1788(If)s 2018(it)s 2210(decides)s 2978(to)s 3217(allo)s 6(w)k
+3796(the)s 4144(service)s 4876(to)s 5115(be)s 5397(pro)s 3(vided)k
+6303(it)s 6495(will)s 6921(fork)s 7380(a)s 7546(subprocess)s
+8647(to)s 0 11784(e)m 3(x)k 3(ecute)k 780(the)s
+1128(service.)s 0 11376(The)m 428(service)s 1160(will)s 1586(ha)s 4(v)k 3(e)k
+2087(no)s 2380(controlling)s 3482(terminal,)s 4384(b)s 4(ut)k
+4746(it)s 4938(will)s 5364(be)s 5646(a)s 5812(process)s
+6580(group)s 7192(leader)s 13(.)k 0 10968(If)m 223(the)s
+563(client)s 1146(is)s 1348(killed)s 1942(or)s 2194(times)s
+2754(out)s 3112(or)s 3364(a)s 3522(\207le)s 3875(or)s
+4127(descriptor)s 5134(being)s 5711(read)s 6173(or)s 6424(written)s
+7149(by)s 7436(the)s 7776(client)s 8358(process)s 0 10728(gets)m
+436(an)s 719(error)s 1242(then)s 1711(the)s 2059(service)s
+2791(will)s 3217(be)s 3499(disconnected)s 4806(from)s 5330(the)s
+5678(client.)s 6312(The)s 6740(client)s 7330(will)s 7756(return)s
+8383(an)s 0 10487(e)m 3(xit)k 415(status)s 1010(of)s
+1281(255)s 1687(and)s 2091(some)s 2652(the)s 3000(service')s 13(s)k
+3886(pipes)s 4442(may)s 4908(be)s 5190(closed)s 5859(at)s
+6091(the)s 6439(other)s 6990(end.)s 7440(The)s 7868(service)s
+8600(will)s 0 10247(become)m 800(a)s 966(child)s 1502(of)s
+gsave
+1773 10301 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(init)m
+grestore
+2173(.)s 2277(The)s 2705(service)s
+3437(may)s 3903(well)s 4369(not)s 4735(notice)s 5375(the)s
+5723(disconnection,)s 7159(though)s 7882(writing)s 8625(to)s 8864(a)s
+0 10007(pipe)m 468(after)s 964(this)s 1360(may)s 1826(produce)s
+2653(a)s gsave
+2819 10061 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+grestore
+3579(and)s 3983(the)s
+4331(f)s 2(acility)k 5058(e)s 3(xists)k 5650(to)s
+5889(ha)s 4(v)k 3(e)k 6390(a)s gsave
+6556 10061 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(SIGHUP)m
+grestore
+7216(sent)s 7661(to)s 7900(the)s 8248(service)s
+0 9767(on)m 297(disconnection.)s 9066 670 0 670 240 240 60 0 8743 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(3.1.)m 628(File)s
+1216(descriptors)s
+grestore
+0 8281(The)m 428(service)s 1160(program')s 13(s)k
+2180(standard)s 3048(\207ledescriptors,)s 4508(and)s 4912(possibly)s 5764(other)s
+6315(\207le)s 6676(descriptors,)s 7831(will)s 8257(be)s 0 8041(connected)m
+1028(to)s 1266(pipes)s 1821(or)s 2080(to)s gsave
+2318 8095 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(/dev/null)m
+grestore
+3219(.)s 3322(The)s gsave
+3750 8095 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+
+grestore
+4309(client/daemon)s 5719(pair)s 6150(will)s 6575(arrange)s 7346(that)s
+7764(data)s 8221(is)s 8430(copied)s 0 7801(between)m 854(the)s
+1202(\207les)s 1651(or)s 1910(\207le)s 2271(descriptors)s 3370(speci\207ed)s
+4278(to)s 4517(to)s 4756(the)s 5104(client)s 5694(by)s
+5988(the)s 6336(caller)s 6925(and)s 7329(these)s 7876(these)s
+8423(pipes.)s 0 7393(Pipes)m 569(which)s 1211(may)s 1677(be)s
+1959(written)s 2692(to)s 2931(will)s 3357(be)s 3639(closed)s
+4308(if)s 4525(a)s 4691(write)s 5237(error)s 5760(occurs)s
+6435(on)s 6732(the)s 7080(corresponding)s 0 7153(client-side)m 1043(\207le)s
+1396(or)s 1647(descriptor)s 9(,)k 2692(which)s 3326(may)s
+3784(result)s 4366(in)s 4601(a)s gsave
+4760 7207 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+
+grestore
+5512(in)s 5747(the)s 6087(service)s 6811(program;)s 7725(pipes)s
+8273(open)s 8788(for)s 0 6913(reading)m 770(will)s 1196(get)s
+gsave
+1548 6967 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(EOF)m
+grestore
+1908(if)s 2125(the)s 2473(client-side)s
+3523(\207le)s 3884(descriptor)s 4899(gets)s gsave
+5335 6967 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(EOF)m
+
+grestore
+5695(or)s 5954(an)s 6237(error)s 13(.)k 0 6505(If)m
+230(the)s 578(service)s 1310(closes)s 1945(one)s 2347(of)s
+2618(its)s 2894(reading)s 3663(\207le)s 4024(descriptors)s 5123(the)s
+5471(writing)s 6214(end)s 6618(of)s 6889(the)s 7237(corresponding)s
+8658(pipe)s 0 6265(will)m 421(generate)s 1280(a)s gsave
+1441 6319 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(SIGPIPE)m
+grestore
+2195(when)s 2766(attempts)s 3620(are)s 3962(made)s
+4530(by)s 4819(the)s 5161(client/daemon)s 6567(pair)s 6992(to)s
+7226(write)s 7766(to)s 8000(it.)s 8230(This)s 8700(will)s
+0 6025(not)m 366(be)s 648(considered)s 1742(an)s 2025(error;)s
+2600(rather)s 9(,)k 3254(the)s 3602(rele)s 6(v)k 6(ant)k
+4419(pipe)s 4887(will)s 5313(be)s 5595(discarded)s 6569(and)s
+6973(the)s 7321(corresponding)s 8743(\207le)s 0 5785(or)m 259(\207le)s
+620(descriptor)s 1635(held)s 2105(by)s 2399(the)s 2747(client)s
+3337(will)s 3763(be)s 4045(closed.)s 0 5377(Lik)m 2(e)k 6(wise,)k
+975(if)s 1192(one)s 1594(of)s 1865(the)s 2213(\207le)s
+2574(descriptors)s 3673(held)s 4143(by)s 4437(the)s 4785(client)s
+5375(for)s 5713(writing)s 6456(by)s 6750(the)s 7098(service)s
+7830(is)s 8040(a)s 8206(pipe)s 0 5137(whose)m 665(other)s
+1213(end)s 1613(is)s 1820(closed)s 2485(by)s 2776(the)s
+3120(caller)s 3706(then)s 4171(the)s 4516(client/daemon)s 5923(pair)s
+6351(will)s 6773(see)s 7131(an)s 7410(error)s 7930(when)s
+8502(trying)s 0 4897(to)m 239(cop)s 2(y)k 757(data)s
+1215(pro)s 3(vided)k 2121(by)s 2415(the)s 2763(service.)s
+3543(This)s 4019(too)s 4378(will)s 4804(not)s 5170(be)s
+5452(considered)s 6546(an)s 6829(error;)s 7404(rather)s 9(,)k
+8058(the)s 8406(pipe)s 0 4657(correspondong)m 1476(to)s 1715(that)s
+2133(descriptor)s 3148(will)s 3574(be)s 3856(closed)s 4525(and)s
+4929(an)s 3(y)k 5326(further)s 6035(writes)s 6669(will)s
+7095(cause)s 7682(the)s 8030(service)s 8762(to)s 0 4417(get)m
+352(a)s gsave
+518 4471 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+grestore
+1218(.)s 0 4009(Note)m
+521(that)s 939(not)s 1305(all)s 1598(write)s 2144(errors)s
+2751(or)s 3010(brok)s 2(en)k 3730(pipes)s 4286(on)s
+4583(\207le)s 4944(descriptors)s 6043(may)s 6509(be)s 6791(visible)s
+7484(to)s 7723(the)s 8071(service,)s 0 3769(since)m 547(b)s 4(uf)k 6(fered)k
+1404(data)s 1862(may)s 2328(be)s 2610(discarded)s 3584(by)s
+3878(the)s 4226(operating)s 5182(system)s 5906(and)s 6310(there)s
+6843(will)s 7269(be)s 7551(a)s 7717(\207nite)s 8264(interv)s 6(al)k
+0 3529(between)m 847(the)s 1188(error)s 1703(happening)s 2747(and)s
+3144(the)s 3484(service)s 4209(being)s 4787(disconnected)s 6086(from)s
+6603(the)s 6944(client)s 7526(or)s 7778(the)s 8119(ne)s 3(xt)k
+8580(write)s 0 3289(causing)m 784(a)s gsave
+950 3343 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+
+grestore
+1650(.)s 0 2881(Read)m 550(errors)s 1157(on)s 1454(\207le)s
+1815(descriptors)s 2914(\(and)s 3397(disconnection\))s 4854(will)s 5280(only)s
+5760(be)s 6042(visible)s 6735(to)s 6974(the)s 7322(service)s
+8054(and)s 0 2641(distinguishable)m 1504(from)s 2028(normal)s 2760(end)s
+3164(of)s 3435(\207le)s 3796(if)s gsave
+4013 2695 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(disconnect\211hup)m
+
+grestore
+5474(is)s 5684(in)s 5927(ef)s 6(fect.)k 0 2233(Read)m
+549(and)s 951(write)s 1495(errors)s 2100(\(other)s 2728(than)s
+3196(brok)s 2(en)k 3914(pipes,)s 4524(as)s 4772(described)s
+5744(abo)s 3(v)k 3(e\))k 6437(will)s 6861(al)s 2(w)k 2(ays)k
+7570(be)s 7850(visible)s 8541(to)s 8778(the)s 0 1993(caller;)m
+627(the)s 3(y)k 1075(are)s 1408(system)s 2117(errors,)s
+2766(and)s 3155(will)s 3566(therefore)s 4469(cause)s 5041(the)s
+5375(client)s 5950(to)s 6174(print)s 6671(an)s 6939(error)s
+7448(message)s 8299(to)s 8523(stderr)s 0 1752(and)m 404(return)s
+1031(with)s 1513(an)s 1796(e)s 3(xit)k 2211(status)s
+2806(of)s 3077(255.)s 0 1344(If)m 230(the)s 578(main)s
+1113(service)s 1845(program)s 2715(process)s 3483(e)s 3(xits)k
+3982(while)s 4569(it)s 4761(still)s 5173(has)s 5543(running)s
+6341(children)s 7181(an)s 3(y)k 7578(\207le)s 7939(descriptors)s
+0 1104(held)m 470(by)s 764(those)s 1325(children)s 2165(can)s
+2554(remain)s 3274(open,)s 3847(depending)s 4898(on)s 5195(the)s
+5543(use)s 5918(of)s gsave
+6189 1158 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(wait)m
+grestore
+6589(,)s
+gsave
+6696 1158 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(nowait)m
+grestore
+7356(or)s gsave
+7615 1158 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(close)m
+
+grestore
+8175(for)s 8513(the)s 0 864(rele)m 6(v)k 6(ant)k
+817(\207le)s 1178(descriptor)s 2193(in)s 2436(the)s 2784(client')s 13(s)k
+3524(ar)s 4(guments.)k 4620(By)s 4954(def)s 2(ault)k
+5675(writing)s 6418(\207ledescriptors)s 7822(remain)s 8542(open)s 0 52(0.61.1)m
+4809(User)s 5320(service)s 6052(daemon)s 6867(and)s 7271(client)s
+7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 9 9
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8952 13842(9)m 240 fnt82 0 13251(and)m 404(the)s
+752(client)s 1342(will)s 1768(w)s 2(ait)k 2237(for)s
+2575(them)s 3113(to)s 3352(be)s 3634(closed)s 4303(at)s
+4535(the)s 4883(service)s 5615(end,)s 6068(and)s 6472(reading)s
+7242(\207le)s 7603(descriptors)s 8702(are)s 0 13011(closed)m 669(immediately)s 15(.)k
+1952(These)s 2579(lefto)s 3(v)k 3(er)k 3375(child)s
+3911(processes)s 4878(will)s 5304(not)s 5670(get)s 6022(a)s
+6188(an)s 3(y)k gsave
+6585 13065 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGHUP)m
+grestore
+7245(e)s 6(v)k 3(en)k
+7745(if)s 7962(a)s 8128(read)s 8597(or)s 0 12771(write)m
+546(error)s 1069(occurs)s 1744(or)s 2003(the)s 2351(client)s
+2941(disconnects)s 4108(before)s 4774(then.)s 9066 609 0 609 240 240 60 0 11808 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 5(3.2.)m
+628(En)s 12(vir)k 5(onment)k
+grestore
+0 11346(The)m 428(service)s
+1160(will)s 1586(ha)s 4(v)k 3(e)k 2087(some)s
+2648(information)s 3833(in)s 4076(en)s 9(vironment)k 5336(v)s 6(ariables:)k
+gsave
+120 11160 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_USER)m
+grestore
+480 10866(The)m 908(login)s 1457(name)s
+2031(of)s 2302(the)s 2650(calling)s 3353(user)s 13(.)k
+3842(If)s 4072(the)s gsave
+4420 10920 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(LOGNAME)m
+grestore
+5180(v)s 6(ariable)k
+5999(is)s 6209(set)s 6534(\(or)s 9(,)k 6910(if)s
+7127(that)s 7545(is)s 7755(unset,)s 8367(if)s 8584(the)s
+gsave
+480 10680 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USER)m
+grestore
+940 10626(v)m 6(ariable)k 1759(is)s
+1969(set\))s 2362(in)s 2605(the)s 2953(en)s 9(vironment)k
+4213(passed)s 4909(to)s 5148(the)s 5496(client)s 6086(by)s
+6380(the)s 6728(caller)s 7317(then)s 7786(the)s 8134(passw)s 2(ord)k
+480 10386(entry)m 1025(for)s 1363(that)s 1781(login)s 2330(name)s
+2904(will)s 3330(be)s 3612(look)s 2(ed)k 4320(up;)s
+4672(if)s 4889(that)s 5307(passw)s 2(ord)k 6267(entry')s 13(s)k
+6968(uid)s 7332(is)s 7542(the)s 7890(same)s 8437(as)s
+8687(that)s 480 10146(of)m 745(the)s 1086(calling)s 1782(process)s
+2543(then)s 3005(that)s 3416(login)s 3958(name)s 4525(will)s
+4945(be)s 5220(used,)s 5759(otherwise)s 6737(\(or)s 7068(if)s
+7278(neither)s gsave
+7994 10200 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(LOGNAME)m
+grestore
+8747(nor)s gsave
+480 9960 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(USER)m
+grestore
+938 9906(is)m 1146(set\))s 1537(the)s 1883(calling)s
+2583(process')s 13(s)k 3508(uid)s 3870(will)s 4294(be)s
+4573(look)s 2(ed)k 5279(up)s 5570(to)s 5807(determine)s
+6815(their)s 7310(login)s 7857(name)s 8429(\(and)s 8909(if)s
+480 9666(this)m 876(lookup)s 1595(f)s 2(ails)k 2054(then)s
+2523(the)s 2871(service)s 3603(will)s 4029(not)s 4395(be)s
+4677(in)s 9(v)k 4(ok)k 2(ed\).)k gsave
+120 9480 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(USERV_UID)m
+grestore
+480 9186(The)m 908(uid)s 1272(of)s 1543(the)s
+1891(calling)s 2594(process.)s gsave
+120 9000 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_GID)m
+grestore
+480 8706(The)m
+908(gid)s 1272(and)s 1676(supplementary)s 3138(group)s 3750(list)s
+4101(of)s 4372(the)s 4720(calling)s 5423(process:)s 6246(\207rst)s
+6677(the)s 7025(group)s 7637(in)s 7880(gid)s 8244(and)s
+8648(then)s 480 8466(those)m 1041(in)s 1284(the)s 1632(supplementary)s
+3094(group)s 3706(list,)s 4104(in)s 4347(decimal,)s 5210(separated)s
+6170(by)s 6464(spaces.)s gsave
+120 8280 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_GROUP)m
+grestore
+480 7986(The)m
+908(group)s 1520(names)s 2182(of)s 2453(the)s 2801(calling)s
+3504(process,)s 4328(listed)s 4903(in)s 5146(the)s 5494(same)s
+6041(w)s 2(ay)k 6492(as)s 6742(the)s 7090(ids)s
+7420(are)s 7767(in)s gsave
+8010 8040 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_GID)m
+grestore
+8911(.)s
+480 7746(If)m 710(no)s 1003(name)s 1577(can)s 1966(be)s
+2248(found)s 2865(for)s 3203(an)s 3(y)k 3600(of)s
+3871(the)s 4219(calling)s 4922(process')s 13(s)k 5849(group\(s\))s
+6708(then)s 7177(the)s 7525(service)s 8257(will)s 8683(not)s
+480 7506(be)m 762(in)s 9(v)k 4(ok)k 2(ed.)k
+gsave
+120 7320 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_CWD)m
+grestore
+480 7026(The)m 908(client')s 13(s)k
+1648(current)s 2384(w)s 2(orking)k 3233(directory)s 4149(name)s
+4723(\(this)s 5198(directory)s 6114(may)s 6580(not)s 6946(be)s
+7228(accessible)s 8252(to)s 8491(the)s 480 6786(service\).)m 1339(If)s
+1568(it)s 1759(could)s 2348(not)s 2713(be)s 2994(determined)s
+4126(or)s 4384(the)s gsave
+4732 6840 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211hidecwd)m
+grestore
+5692(\210ag)s
+6103(w)s 2(as)k 6523(used)s 7019(then)s 7487(this)s
+7882(v)s 6(ariable)k 8700(will)s 480 6546(be)m 762(set)s
+1087(to)s 1326(an)s 1609(empty)s 2261(string)s 2858(\(this)s
+3333(is)s 3543(not)s 3909(considered)s 5003(an)s 5286(error\).)s
+gsave
+120 6360 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_SERVICE)m
+grestore
+480 6066(The)m 908(service)s 1640(name)s
+2214(requested)s 3188(by)s 3482(the)s 3830(caller)s 13(.)k
+gsave
+120 5880 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_U_)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+
+grestore
+480 5586(The)m
+908(v)s 6(alue)k 1476(supplied)s 2345(to)s 2584(the)s
+2932(client)s 3522(by)s 3816(the)s 4164(caller)s 4753(using)s
+5325(-D)s 240 fnt83 5569 5588(name)m 240 fnt82 6081 5586(.)m
+gsave
+0 5377 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(HOME)m
+grestore
+400 5323(,)m gsave
+507 5377 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(PATH)m
+
+grestore
+907(,)s gsave
+1014 5377 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SHELL)m
+grestore
+1514(,)s gsave
+1621 5377 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(LOGNAME)m
+grestore
+2381(and)s gsave
+2785 5377 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USER)m
+grestore
+3245(will)s
+3671(be)s 3953(set)s 4278(appropriately)s 5606(\(according)s 6681(to)s
+6920(the)s 7268(details)s 7942(of)s 8213(the)s 0 5083(service)m
+732(user\).)s 0 52(User)m 511(service)s 1243(daemon)s 2058(and)s
+2462(client)s 3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 10 10
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Times-Italic
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(10)m gsave
+0 12725 translate
+240 fnt82 9066 689 0 689 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 70(4.)m 412(Ser)s 3(vice-side)k
+2219(con\207guration)s
+grestore
+240 fnt82 0 12263(Which)m 695(ser)s 973(vices)s
+1515(may)s 1981(be)s 2263(run)s 2639(by)s 2933(whom)s
+3592(and)s 3996(un)s 4233(der)s 4598(what)s 5123(con)s
+5466(di)s 5646(tions)s 6162(is)s 6372(con)s 6715(trolled)s
+7396(by)s 7690(con)s 8033(\207g)s 8279(u)s 8394(ra)s
+8579(-)s 0 12023(tion)m 429(\207les.)s 0 11615(The)m 428(daemon)s
+1243(will)s 1669(read)s 2138(these)s 2685(\207les)s 3134(in)s
+3377(order)s 13(.)k 3972(Certain)s 4732(directi)s 6(v)k 3(es)k
+5702(in)s 5945(the)s 6293(\207les)s 6742(modify)s 7487(the)s
+7835(daemon')s 13(s)k 0 11375(e)m 3(x)k 3(ecution)k
+981(settings)s 1762(for)s 2100(in)s 9(v)k 4(oking)k
+2992(the)s 3340(service,)s 4123(for)s 4461(e)s 3(xample)k
+5324(allo)s 6(wing)k 6208(certain)s 6914(\207le)s 7275(descriptors)s
+8374(to)s 8613(be)s 0 11135(speci\207ed)m 908(by)s 1202(the)s
+1550(client)s 2140(or)s 2399(specifying)s 3448(which)s 4090(program)s
+4960(to)s 5199(e)s 3(x)k 3(ecute)k 5979(to)s
+6218(pro)s 3(vide)k 7002(the)s 7350(service.)s 0 10727(The)m
+240 fnt83 428 10729(last)m 240 fnt82 837 10727(instance)m 1676(of)s
+1947(each)s 2442(such)s 2938(setting)s 3628(will)s 4054(tak)s 2(e)k
+4506(ef)s 6(fect.)k 5146(The)s 5574(directi)s 6(v)k 3(es)k
+6544(which)s 7186(specify)s 7930(which)s 0 10487(program)m 864(to)s
+1096(e)s 3(x)k 3(ecute)k 1869(will)s 2288(not)s
+2647(stop)s 3092(the)s 3433(con\207guration)s 4759(\207le)s 5113(from)s
+5630(being)s 6208(read;)s 6724(the)s 3(y)k 7180(will)s
+7599(be)s 7874(remembered)s 0 10247(and)m 404(will)s 830(only)s
+1310(tak)s 2(e)k 1762(ef)s 6(fect)k 2358(if)s
+2575(the)s 3(y)k 3038(are)s 3385(not)s 3751(o)s 3(v)k 3(erridden)k
+4838(by)s 5132(a)s 5298(later)s 5781(directi)s 6(v)k 3(e.)k
+0 9839(The)m 428(daemon)s 1243(will)s 1669(\207rst)s 2100(read)s
+gsave
+2569 9893 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/etc/userv/system.default)m
+grestore
+5072(.)s 5176(Then,)s 5775(by)s
+6069(def)s 2(ault)k 6790(\(this)s 7265(beha)s 4(viour)k
+8278(may)s 0 9599(be)m 282(modi\207ed\),)s 1319(it)s 1511(will)s
+1937(read)s 2406(a)s 2572(per)s 4(-user)k 3410(\207le)s
+gsave
+3771 9653 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(~/.userv/rc)m
+grestore
+4872(,)s 4979(if)s 5196(it)s
+5388(e)s 3(xists)k 5980(and)s 6384(the)s 6732(service)s
+7464(user')s 13(s)k 8072(shell)s 8578(is)s 8788(in)s
+gsave
+0 9413 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/etc/shells)m
+grestore
+1101 9359(.)m 1205(Finally)s 1936(it)s
+2128(will)s 2554(read)s gsave
+3023 9413 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/etc/userv/system.override)m
+grestore
+5626(.)s
+0 8951(When)m 627(it)s 816(has)s 1183(read)s 1650(all)s
+1940(of)s 2208(these)s 2753(\207les)s 3199(it)s 3388(will)s
+3812(act)s 4147(ac)s 4352(cord)s 4775(ing)s 5131(to)s
+5368(the)s 5713(cur)s 6018(rent)s 6389(ly)s 6626(v)s 6(al)k
+6907(ues)s 7275(of)s 7543(of)s 7811(the)s 8156(e)s 3(x)k
+8374(e)s 8476(cu)s 8697(tion)s 0 8711(set)m 265(tings.)s
+9066 670 0 670 240 240 60 0 7687 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(4.1.)m 628(Con\207guration)s 2618(\207le)s 3100(syntax)s
+
+grestore
+0 7225(The)m 414(con\207guration)s 1733(\207le)s 2080(is)s 2276(a)s
+2428(series)s 3007(of)s 3264(directi)s 6(v)k 3(es,)k
+4276(usually)s 5007(one)s 5395(per)s 5746(line.)s 6193(The)s
+6607(portion)s 7341(of)s 7598(a)s 7750(line)s 8149(follo)s 6(wing)k
+0 6985(a)m 154(hash)s 638(character)s gsave
+1560 7039 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(#)m
+
+grestore
+1708(is)s 1906(tak)s 2(en)k 2466(as)s 2704(a)s
+2858(comment)s 3796(and)s 4188(ignored.)s 5011(Each)s 5533(directi)s 6(v)k 3(e)k
+6403(consists)s 7199(of)s 7458(a)s 7612(series)s 8194(of)s
+8452(tok)s 2(ens)k 0 6745(separated)m 960(by)s 1254(linear)s
+1857(whitespace)s 2975(\(spaces)s 3729(and)s 4133(tabs\);)s 4709(tok)s 2(ens)k
+5383(may)s 5849(be)s 6131(w)s 2(ords)k 6765(consisting)s
+7788(of)s 8059(non-space)s 0 6505(characters,)m 1074(or)s 9(,)k
+1371(where)s 2011(a)s 2177(string)s 2774(is)s 2984(required,)s
+3887(a)s 4053(string)s 4650(in)s 4893(double)s 5601(quotes.)s
+6330(Double-quoted)s 7824(strings)s 8512(may)s 0 6265(contain)m 761(the)s
+1109(follo)s 6(wing)k 2086(backslash)s 3073(escapes:)s gsave
+120 6079 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\\n)m
+grestore
+480 5785(ne)m 6(wline)k gsave
+120 5599 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\t)m
+
+grestore
+480 5305(tab)m gsave
+120 5119 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\r)m
+grestore
+480 4825(carriage)m 1304(return)s
+gsave
+120 4639 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\)m gsave
+144 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(OOO)m
+grestore
+
+grestore
+480 4345(character)m
+1414(whose)s 2082(octal)s 2601(code)s 3109(is)s 240 fnt83
+3319 4347(OOO)m gsave
+120 4159 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\x)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(XX)m
+
+grestore
+
+grestore
+240 fnt82 480 3865(character)m 1414(whose)s 2082(he)s 3(x)k
+2480(code)s 2988(is)s 240 fnt83 3198 3867(XX)m gsave
+120 3679 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\\)m gsave
+144 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(punctuation)m
+grestore
+
+grestore
+240 fnt82 480 3385(literal)m
+1090(punctuation)s 2277(character)s 3211(\(e)s 3(g)k gsave
+3566 3439 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\\\\)m
+grestore
+3766(,)s gsave
+3873 3439 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\")m
+grestore
+4073(\))s
+gsave
+120 3198 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\\)m gsave
+144 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(ne)m 3(wline)k
+
+grestore
+
+grestore
+1005 3144(\(ie,)m 1363(backslash)s 2350(at)s 2582(end)s 2986(of)s
+3257(line\))s 480 2904(string)m 1077(continues)s 2045(on)s 2342(ne)s 3(xt)k
+2811(line)s 0 2342(Relati)m 6(v)k 3(e)k 843(pathnames)s
+1917(in)s 2160(directi)s 6(v)k 3(es)k 3130(are)s
+3477(relati)s 6(v)k 3(e)k 4239(to)s 4478(the)s
+4826(service)s 5558(program')s 13(s)k 6578(current)s 7314(directory)s
+8230(\(usually)s 0 2102(the)m 348(service)s 1080(user')s 13(s)k
+1687(home)s 2275(directory\).)s 3319(P)s 3(athnames)k 4403(starting)s
+5171(with)s 5653(the)s 6000(tw)s 2(o)k 6410(characters)s
+gsave
+7427 2156 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(~/)m
+grestore
+7687(are)s 8033(tak)s 2(en)k
+8606(to)s 8844(be)s 0 1862(relati)m 6(v)k 3(e)k
+762(to)s 1001(the)s 1349(service)s 2081(user')s 13(s)k
+2689(home)s 3277(directory)s 15(.)k 9066 670 0 670 240 240 60 0 838 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(4.2.)m
+628(Con\207guration)s 2618(\207le)s 3100(dir)s 5(ecti)k 3(v)k 3(es)k
+
+grestore
+0 52(0.61.1)m 4809(User)s 5320(service)s 6052(daemon)s 6867(and)s
+7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 11 11
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8839 13842(11)m 300 fnt84 0 13210(4.2.1.)m 813(Immediate)s
+2261(dir)s 5(ecti)k 3(v)k 3(es)k 240 fnt82
+0 12696(The)m 428(follo)s 6(wing)k 1405(directi)s 6(v)k 3(es)k
+2375(tak)s 2(e)k 2827(ef)s 6(fect)k 3423(immediately:)s
+gsave
+120 12342 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cd)m gsave
+432 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(pathname)m
+grestore
+
+grestore
+480 12048(Change)m
+1268(directory)s 2184(in)s 2427(the)s 2775(service)s 3507(program.)s
+gsave
+4421 12102 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cd)m
+grestore
+4681(is)s 4891(cumulati)s 6(v)k 3(e.)k
+6048(It)s 6253(is)s 6463(an)s 6746(error)s 7269(if)s
+7486(the)s 7834(directory)s 480 11808(cannot)m 1178(be)s 1460(changed)s
+2316(to.)s gsave
+480 11454 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cd)m
+grestore
+740 11400(should)m 1437(not)s
+1803(be)s 2085(used)s 2582(between)s gsave
+3436 11454 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m
+
+grestore
+5698(and)s 6102(the)s 6450(in)s 9(v)k 4(ocation)k
+7504(of)s 7775(the)s 8123(service)s 480 11160(program,)m 1397(as)s
+1647(the)s 1995(test)s 2386(for)s 2724(the)s 3072(a)s 4(v)k 6(ailability)k
+4190(of)s 4461(the)s 4809(service)s 5541(program)s 6411(w)s 2(ould)k
+7066(be)s 7348(done)s 7870(with)s 8352(the)s 8700(old)s
+480 10920(current)m 1216(directory)s 2132(and)s 2536(the)s 2884(actual)s
+3509(e)s 3(x)k 3(ecution)k 4490(with)s 4972(the)s
+5320(ne)s 6(w)k 5767(\(probably)s 6751(causing)s 7535(an)s
+7818(error\).)s gsave
+120 10580 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(eof)m
+grestore
+480 10286(Stop)m 972(reading)s
+1742(the)s 2090(con\207guration)s 3423(\207le)s 3784(in)s 4027(question,)s
+4945(as)s 5195(if)s 5412(end)s 5816(of)s 6087(\207le)s
+6448(had)s 6852(been)s 7361(reached.)s 8208(An)s 3(y)k
+480 10046(control)m 1212(constructs)s 2232(\()s gsave
+2305 10100 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(if)m
+
+grestore
+2505(,)s gsave
+2612 10100 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+3673(or)s gsave
+3932 10100 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(errors\211push)m
+grestore
+5033(\))s 5161(which)s 5803(were)s 6323(started)s
+7017(in)s 7260(that)s 7678(\207le)s 8039(will)s 8465(be)s
+480 9806(considered)m 1574(\207nished.)s 2436(P)s 3(arsing)k 3203(will)s
+3629(continue)s 4509(in)s 4752(the)s 5100(\207le)s 5461(which)s
+6103(caused)s 6812(the)s 7160(\207le)s 7521(containing)s 8584(the)s
+gsave
+480 9620 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(eof)m
+grestore
+840 9566(to)m 1079(be)s 1361(read.)s
+gsave
+120 9276 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(quit)m
+grestore
+480 8982(Stop)m 969(reading)s 1735(con\207guration)s
+3064(\207les)s 3510(and)s 3910(act)s 4244(immediately)s 5489(on)s
+5782(the)s 6126(current)s 6859(settings.)s 7689(The)s 8113(beha)s 4(viour)k
+480 8742(of)m gsave
+751 8796 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(quit)m
+grestore
+1211(is)s 1421(subject)s
+2158(to)s 2397(the)s gsave
+2745 8796 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+3806(control)s
+4538(construct.)s gsave
+120 8402 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+
+grestore
+
+grestore
+gsave
+120 8162 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211ifexist)m gsave
+2304 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+grestore
+
+grestore
+480 7868(Read)m
+1026(the)s 1369(con\207guration)s 2698(\207le)s 240 fnt83 3054 7870(\207lename)m
+240 fnt82 3858 7868(,)m 3961(and)s 4360(then)s 4825(return)s
+5447(to)s 5682(this)s 6073(\207le)s 6430(and)s 6829(continue)s
+7705(parsing)s 8457(it)s 8644(with)s 480 7628(the)m 822(ne)s 3(xt)k
+1284(directi)s 6(v)k 3(e.)k 2207(It)s 2405(is)s
+2608(an)s 2884(error)s 3400(if)s 3610(the)s 3952(\207le)s
+4306(cannot)s 4997(be)s 5272(opened)s 6015(and)s 6412(read,)s
+6923(unless)s gsave
+7565 7682 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211ifexist)m
+grestore
+480 7388(is)m 690(used)s
+1187(and)s 1591(the)s 1939(\207le)s 2300(does)s 2790(not)s
+3156(e)s 3(xist,)k 3711(in)s 3954(which)s 4596(case)s
+5063(the)s 5411(directi)s 6(v)k 3(e)k 6293(is)s
+6503(silently)s 7260(ignored.)s gsave
+120 7048 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211lookup)m gsave
+2160 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(par)m 3(ameter)k
+grestore
+gsave
+3724 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(dir)m 8(ectory)k
+
+grestore
+
+grestore
+gsave
+120 6808 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211lookup\211all)m gsave
+2736 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(par)m 3(ameter)k
+
+grestore
+gsave
+4300 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(dir)m 8(ectory)k
+grestore
+
+grestore
+480 6514(Read)m 1030(the)s
+1378(con\207guration)s 2711(\207le)s 3072(in)s 240 fnt83 3315 6516(dir)m 8(ectory)k
+240 fnt82 4239 6514(whose)m 4907(name)s 5481(is)s 5691(the)s
+6039(v)s 6(alue)k 6607(of)s 240 fnt83 6878 6516(par)m 3(ameter)k
+240 fnt82 7937 6514(\(see)m 8377(the)s 480 6274(description)m 1599(of)s
+gsave
+1870 6328 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(if)m
+grestore
+2070(,)s 2177(`Control)s 3042(structure)s
+3933(directi)s 6(v)k 3(es',)k 5038(page)s 5546(12\).)s
+5969(If)s 240 fnt83 6199 6276(par)m 3(ameter)k 240 fnt82
+7258 6274(has)m 7628(se)s 6(v)k 3(eral)k 8350(v)s 6(alues)k
+480 6034(the)m 3(y)k 943(will)s 1369(be)s 1651(tried)s
+2146(in)s 2389(order;)s 3005(with)s gsave
+3487 6088 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211lookup)m
+
+grestore
+4948(this)s 5344(search)s 6011(will)s 6437(stop)s 6889(when)s
+7465(one)s 7867(is)s 8077(found,)s 8743(b)s 4(ut)k
+480 5794(with)m gsave
+962 5848 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211lookup\211all)m
+grestore
+2824(the)s 3172(search)s
+3839(will)s 4265(continue)s 5145(and)s 5549(an)s 3(y)k
+5946(\207les)s 6395(appropriate)s 7539(to)s 7778(other)s 8329(v)s 6(alues)k
+480 5554(will)m 906(be)s 1188(read)s 1657(too.)s 480 5146(If)m
+700(none)s 1212(of)s 1473(the)s 1811(parameter')s 13(s)k
+2965(v)s 6(alues)k 3610(had)s 4004(a)s 4160(corresponding)s
+5572(\207le)s 5923(then)s 6381(the)s 6719(\207le)s gsave
+7070 5200 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(:default)m
+grestore
+7921(will)s 8337(be)s 8608(read,)s 480 4906(if)m
+697(it)s 889(e)s 3(xists.)k 1534(If)s 240 fnt83
+1764 4908(par)m 3(ameter)k 240 fnt82 2763 4906(')m 13(s)k
+2973(list)s 3324(of)s 3595(v)s 6(alues)k 4251(w)s 2(as)k
+4672(empty)s 5324(then)s 5793(the)s 6141(\207le)s gsave
+6502 4960 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(:none)m
+grestore
+7062(will)s 7488(be)s 7770(tried)s 8265(\207rst)s
+8696(and)s 480 4666(read)m 949(if)s 1166(it)s 1358(e)s 3(xists,)k
+2006(otherwise)s gsave
+2991 4720 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:default)m
+grestore
+3852(will)s 4278(be)s
+4560(tried.)s 480 4258(It)m 685(is)s 895(not)s 1261(an)s
+1544(error)s 2067(for)s 2405(an)s 3(y)k 2802(of)s
+3073(the)s 3421(\207les)s 3870(\(including)s gsave
+4906 4312 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:default)m
+
+grestore
+5707(\))s 5835(not)s 6201(to)s 6440(e)s 3(xist,)k
+6995(b)s 4(ut)k 7357(it)s 7549(is)s 7759(an)s
+8042(error)s 8565(if)s 8782(a)s 480 4018(\207le)m 841(e)s 3(xists)k
+1433(and)s 1837(cannot)s 2535(be)s 2817(read)s 3286(or)s
+3545(if)s 3762(the)s 4110(directory)s 5026(cannot)s 5724(be)s
+6006(accessed.)s 480 3610(A)m 693(translation)s 1741(will)s 2150(be)s
+2415(applied)s 3160(to)s 3382(v)s 6(alues)k 4021(before)s
+4670(the)s 3(y)k 5116(are)s 5446(used)s 5926(to)s
+6148(construct)s 7067(a)s 7216(\207lename,)s 8129(so)s 8378(that)s
+8778(the)s 480 3370(lookup)m 1195(cannot)s 1888(access)s 2545(dot\207les)s
+3295(or)s 3550(\207les)s 3994(in)s 4232(other)s 4779(directories:)s
+5887(v)s 6(alues)k 6539(starting)s 7303(with)s 7781(full)s
+8162(stops)s 8700(will)s 480 3130(ha)m 4(v)k 3(e)k
+970(a)s 1124(colon)s 1702(prepended)s 2745(\(making)s gsave
+3584 3184 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(:.)m
+grestore
+3784(\),)s 3958(colons)s 4623(will)s 5037(be)s
+5308(doubled,)s 6175(and)s 6568(each)s 7051(slash)s 7575(will)s
+7989(be)s 8259(replaced)s 480 2890(with)m 962(a)s 1128(colon)s
+1717(follo)s 6(wed)k 2619(by)s 2913(a)s 3079(h)s 1(yphen)k
+gsave
+3841 2944 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:\211)m
+grestore
+4041(.)s 4145(A)s 4375(parameter)s
+5389(v)s 6(alue)k 5957(which)s 6599(is)s 6809(the)s
+7157(empty)s 7809(string)s 8406(will)s 8832(be)s 480 2650(replaced)m
+1347(with)s gsave
+1829 2704 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:empty)m
+grestore
+2489(\(note)s 3036(that)s
+3454(this)s 3850(is)s 4060(dif)s 6(ferent)k 4935(from)s
+5459(a)s 5625(parameter)s 6639(not)s 7005(ha)s 4(ving)k
+7706(an)s 3(y)k 8103(v)s 6(alues\).)k gsave
+120 2310 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(include\211directory)m gsave
+2592 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(dir)m 8(ectory)k
+grestore
+
+grestore
+480 2016(Read)m
+1030(con\207guration)s 2363(from)s 2887(all)s 3180(\207les)s 3629(in)s
+3872(directory)s 240 fnt83 4788 2018(dir)m 8(ectory)k 240 fnt82
+5712 2016(which)m 6354(are)s 6701(plain)s 7236(\207les)s 7685(whose)s
+8353(names)s 480 1776(consist)m 1204(only)s 1684(of)s 1955(alphanumerics)s
+3400(and)s 3804(h)s 1(yphens)k 4653(and)s 5057(start)s
+5527(with)s 6009(an)s 6292(alphanumeric.)s 7697(The)s 3(y)k
+8240(will)s 8666(be)s 480 1536(read)m 949(in)s 1192(le)s 3(xical)k
+1880(order)s 13(.)k 2475(It)s 2680(is)s 2890(an)s
+3173(error)s 3696(for)s 4034(the)s 4382(directory)s 5298(not)s
+5664(to)s 5903(e)s 3(xist)k 6411(or)s 6670(for)s
+7008(it)s 7200(or)s 7459(an)s 3(y)k 7856(of)s
+8127(the)s 8475(\207les)s 480 1296(found)m 1089(not)s 1447(to)s
+1677(be)s 1951(read)s 2411(successfully)s 15(,)k 3663(or)s
+3914(for)s 4243(an)s 3(ything)k 5123(with)s 5596(an)s
+5871(appropriate)s 7007(name)s 7572(not)s 7930(to)s 8160(be)s
+8434(a)s 8591(plain)s 480 1056(\207le)m 841(or)s 1100(a)s
+1266(symbolic)s 2196(link)s 2629(to)s 2868(a)s 3034(plain)s
+3569(\207le.)s gsave
+120 716 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(error)m gsave
+864 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(te)m 4(xt)k
+404(\202)s
+grestore
+
+grestore
+0 52(User)m 511(service)s 1243(daemon)s 2058(and)s
+2462(client)s 3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 12 12
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Times-Italic
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(12)m 240 fnt82 480 13254(Causes)m 1209(an)s
+1492(error)s 2015(whose)s 2683(message)s 3549(includes)s 4397(the)s
+4745(descripti)s 6(v)k 3(e)k 5840(string)s 240 fnt83
+6437 13256(te)m 4(xt)k 240 fnt82 6781 13254(.)m 240 fnt83
+6885 13256(te)m 4(xt)k 240 fnt82 7289 13254(may)m 7755(consist)s
+8479(of)s 480 13014(se)m 6(v)k 3(eral)k 1192(tok)s 2(ens)k
+1855(with)s 2326(interv)s 3(ening)k 3454(whitespace.)s 4609(The)s
+5026(whitespace)s 6134(will)s 6549(be)s 6820(included)s 7691(in)s
+7923(the)s 8260(message)s 480 12774(as)m 726(found)s 1338(in)s
+1576(the)s 1919(con\207guration)s 3247(\207le:)s 3653(all)s 3941(the)s
+4284(characters)s 5298(until)s 5786(the)s 6129(end)s 6528(of)s
+6794(the)s 7137(line)s 7546(will)s 7967(be)s 8244(included)s
+480 12534(v)m 3(erbatim,)k 1433(unless)s 2082(the)s 3(y)k
+2545(are)s 2892(part)s 3323(of)s 3594(a)s 3760(double-quoted)s
+5201(string,)s 5852(in)s 6095(which)s 6737(case)s 7204(the)s
+7552(usual)s 8112(meaning)s 480 12294(of)m 751(the)s 1099(string)s
+1696(\(i.e.,)s 2174(after)s 2670(backslash)s 3657(escape)s 4350(processing\))s
+5501(will)s 5927(be)s 6209(used.)s 6752(Comments)s 7840(and)s
+8244(linear)s 480 12054(whitespace)m 1598(at)s 1830(the)s 2178(end)s
+2582(of)s 2853(the)s 3201(line)s 3615(\(or)s 3953(just)s
+4358(before)s 5024(the)s 5372(comment\))s 6390(will)s 6816(still)s
+7228(be)s 7510(ignored.)s gsave
+120 11714 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(message)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(te)m 4(xt)k 404(\202)s
+grestore
+
+grestore
+480 11420(Causes)m 1209(a)s
+1375(message)s 2241(including)s 3198(the)s 3546(descripti)s 6(v)k 3(e)k
+4641(string)s 240 fnt83 5238 11422(te)m 4(xt)k 240 fnt82
+5642 11420(to)m 5881(be)s 6163(deli)s 6(v)k 3(ered)k
+7101(as)s 7351(if)s 7568(it)s 7760(were)s 8280(an)s
+8563(error)s 480 11180(message,)m 1397(b)s 4(ut)k 1759(does)s
+2249(not)s 2615(actually)s 3425(cause)s 4012(an)s 4295(error)s 13(.)k
+300 fnt84 0 10513(4.2.2.)m 813(Dir)s 5(ecti)k 3(v)k 3(es)k
+2148(with)s 2781(delay)s 3(ed)k 3828(effect)s 240 fnt82
+0 9942(The)m 428(follo)s 6(wing)k 1405(directi)s 6(v)k 3(es)k
+2375(ha)s 4(v)k 3(e)k 2876(no)s 3169(immediate)s
+4233(ef)s 6(fect,)k 4876(b)s 4(ut)k 5238(are)s
+5585(remembered)s 6837(and)s 7241(ha)s 4(v)k 3(e)k
+7742(an)s 8025(ef)s 6(fect)k 8621(on)s 0 9702(later)m
+483(processing)s 1559(of)s 1830(the)s 2178(con\207guration)s 3511(\207les.)s
+gsave
+120 9348 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(user\211rcfile)m gsave
+1728 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+grestore
+
+grestore
+480 9054(Speci\207es)m
+1380(that)s 1784(the)s 2118(\207le)s 240 fnt83 2465 9056(\207lename)m
+240 fnt82 3315 9054(should)m 3998(be)s 4266(read)s 4721(instead)s
+5442(of)s 5699(the)s 6033(user')s 13(s)k gsave
+6627 9108 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(~/.userv/rc)m
+grestore
+7728(.)s 7818(This)s 8280(does)s 240 fnt83
+8756 9056(not)m 240 fnt82 480 8814(happen)m 1229(immediately;)s 2535(instead,)s
+3319(the)s 3667(setting)s 4357(is)s 4567(remembered)s 5819(and)s
+6223(used)s 6720(after)s 7216(the)s gsave
+7564 8868 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(system.default)m
+
+grestore
+480 8574(con\207guration)m 1812(\207le)s 2171(has)s 2539(been)s 3046(read.)s
+3559(This)s 4033(directi)s 6(v)k 3(e)k 4913(has)s
+5281(no)s 5572(ef)s 6(fect)k 6166(in)s 6407(a)s
+6571(user')s 13(s)k 7177(con\207guration)s 8508(\207le)s 8867(or)s
+480 8334(in)m 723(the)s gsave
+1071 8388 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(system.override)m
+grestore
+2632(\207le,)s
+3044(as)s 3294(the)s 3642(user')s 13(s)k 4250(con\207guration)s
+5583(\207le)s 5944(has)s 6314(already)s 7071(been)s 7580(found)s
+8197(and)s 8601(read)s 480 8094(by)m 774(then)s 1243(and)s
+1647(will)s 2073(not)s 2439(be)s 2721(re-read.)s gsave
+120 7754 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(errors\211to\211stderr)m
+grestore
+480 7460(Causes)m 1209(error)s 1732(messages)s 2686(to)s
+2925(be)s 3207(deli)s 6(v)k 3(ered)k 4145(to)s
+4384(the)s 4732(client')s 13(s)k 5472(stderr)s 13(.)k
+gsave
+120 7120 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(errors\211to\211file)m
+grestore
+240 fnt83 1581 7068(\207lename)m 240 fnt82
+480 6826(Error)m 1039(messages)s 1989(will)s 2410(be)s 2688(written)s
+3416(to)s 240 fnt83 3651 6828(\207lename)m 240 fnt82 4455 6826(,)m
+4557(which)s 5195(will)s 5617(be)s 5894(opened)s 6640(in)s
+6878(the)s 7222(conte)s 3(xt)k 7978(of)s 8245(and)s
+8644(with)s 480 6586(the)m 828(pri)s 6(vile)k 3(ges)k
+1812(of)s 2083(the)s 2431(service)s 3163(user)s 13(.)k
+gsave
+120 6246 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(errors\211to\211syslog)m
+grestore
+1782 6192([)m 240 fnt83 1853 6194(facility)m
+240 fnt82 2571 6192([)m 240 fnt83 2642 6194(le)m 3(vel)k
+240 fnt82 3089 6192(]])m 480 5952(Error)m 1043(messages)s 1997(will)s
+2423(be)s 2705(deli)s 6(v)k 3(ered)k 3643(using)s
+gsave
+4215 6006 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(syslog)m
+grestore
+4815(.)s 4919(The)s 5347(def)s 2(ault)k
+240 fnt83 6068 5954(facility)m 240 fnt82 6786 5952(is)m gsave
+6996 6006 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(user)m
+grestore
+7396(;)s 7508(the)s 7856(def)s 2(ault)k
+240 fnt83 8577 5954(le)m 3(vel)k 240 fnt82 480 5712(is)m
+gsave
+690 5766 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(error)m
+grestore
+1190(.)s 300 fnt84 0 5095(4.2.3.)m
+813(Contr)s 5(ol)k 1874(structur)s 5(e)k 3117(dir)s 5(ecti)k 3(v)k 3(es)k
+240 fnt82 0 4580(The)m 421(follo)s 6(wing)k 1390(directi)s 6(v)k 3(es)k
+2353(are)s 2692(used)s 3182(to)s 3413(create)s 4031(control)s
+4755(structures.)s 5780(If)s 6002(the)s 6343(end)s 6739(of)s
+7003(the)s 7343(\207le)s 7697(is)s 7899(encountered)s 0 4340(before)m
+666(the)s 1014(end)s 1418(of)s 1689(an)s 3(y)k
+2086(control)s 2818(structure)s 3709(which)s 4351(w)s 2(as)k
+4772(started)s 5466(inside)s 6093(it)s 6285(then)s 6754(that)s
+7172(control)s 7904(structure)s 8795(is)s 0 4100(considered)m 1094(\207nished.)s
+1956(This)s 2432(is)s 2642(not)s 3008(an)s 3291(error)s 13(.)k
+gsave
+120 3746 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(if)m gsave
+432 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+grestore
+
+grestore
+gsave
+120 3506 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(elif)m gsave
+720 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+grestore
+
+grestore
+gsave
+120 3266 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(else)m
+
+grestore
+gsave
+120 3026 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(fi)m
+grestore
+480 2732(Lines)m 1062(follo)s 6(wing)k
+gsave
+2039 2786 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(if)m
+grestore
+2299(are)s 2646(interpreted)s 3738(only)s
+4218(if)s 4435(the)s 4783(condition)s 5744(is)s 5954(true.)s
+6429(Man)s 3(y)k 7039(conditions)s 8087(are)s 480 2492(properties)m
+1486(of)s 1757(parameter)s 2771(v)s 6(alues.)k 3480(Most)s
+4032(parameters)s 5130(ha)s 4(v)k 3(e)k 5631(a)s
+5797(single)s 6424(string)s 7021(as)s 7271(a)s 7437(v)s 6(alue;)k
+8061(ho)s 6(we)k 6(v)k 3(er)k 9(,)k
+480 2252(some)m 1035(may)s 1495(yield)s 2025(zero)s 2483(or)s
+2735(se)s 6(v)k 3(eral)k 3451(strings,)s 4189(in)s
+4426(which)s 5062(case)s 5522(the)s 5864(condition)s 6819(is)s
+7023(true)s 7444(if)s 7654(it)s 7840(is)s 8044(true)s
+8465(of)s 8729(an)s 3(y)k 480 2012(of)m 751(the)s
+1099(strings)s 1787(indi)s 6(vidually)k 15(.)k 3026(P)s 3(arameters)k
+4134(are)s 4481(described)s 5455(belo)s 6(w)k 15(.)k
+480 1604(The)m 908(conditions)s 1956(are:)s gsave
+600 1418 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(glob)m
+gsave
+720 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(par)m 3(ameter)k
+grestore
+gsave
+2284 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(glob-pattern)m
+
+grestore
+4120(\202)s
+grestore
+960 1124(The)m 1388(v)s 6(alue)k 1956(of)s
+2227(the)s 2575(parameter)s 3589(whose)s 4257(name)s 4831(is)s
+5041(gi)s 6(v)k 3(en)k 5621(matches)s 6455(one)s
+6857(of)s 7128(the)s 7476(glob)s 7955(patterns)s 960 884(\(anchored)m
+1974(at)s 2206(both)s 2689(ends;)s 3240(backslashes)s 4420(can)s
+4809(be)s 5091(used)s 5588(to)s 5827(escape)s 6520(metacharacters\).)s
+0 52(0.61.1)m 4809(User)s 5320(service)s 6052(daemon)s 6867(and)s
+7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 13 13
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8833 13842(13)m gsave
+600 13310 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(range)m gsave
+864 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(par)m 3(ameter)k
+grestore
+gsave
+2428 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(min)m
+grestore
+gsave
+3073 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(max)m
+grestore
+
+grestore
+240 fnt82 960 13016(The)m 1380(v)s 6(alue)k
+1940(of)s 2203(the)s 2543(parameter)s 3548(is)s 3750(a)s
+3908(nonne)s 3(g)k 1(ati)k 6(v)k 3(e)k
+5113(inte)s 3(ger)k 5825(and)s 6220(lies)s 6594(within)s
+7254(the)s 7594(range)s 8172(speci\207ed.)s 240 fnt83 960 12778(min)m
+240 fnt82 1373 12776(or)m 240 fnt83 1632 12778(max)m 240 fnt82
+2091 12776(may)m 2557(be)s gsave
+2839 12830 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52($)m
+grestore
+2999(to)s
+3238(indicate)s 4050(no)s 4343(lo)s 6(wer)k 4941(or)s
+5200(upper)s 5805(limit,)s 6362(respecti)s 6(v)k 3(ely)k 15(.)k
+gsave
+600 12589 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(grep)m gsave
+720 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(par)m 3(ameter)k
+
+grestore
+gsave
+2284 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207lename)m
+grestore
+
+grestore
+960 12295(The)m 240 fnt83 1388 12297(\207lename)m
+240 fnt82 2252 12295(refers)m 2845(to)s 3084(a)s 3250(\207le)s
+3611(one)s 4013(of)s 4284(whose)s 4952(lines)s 5454(is)s
+5664(the)s 6012(v)s 6(alue)k 6580(of)s 6851(the)s
+7199(parameter)s 8213(\(leading)s 960 12055(or)m 1211(trailing)s 1944(whitespace)s
+3053(on)s 3341(each)s 3827(line)s 4232(and)s 4627(empty)s
+5270(lines)s 5764(in)s 5998(the)s 6337(\207le)s 6689(are)s
+7027(ignored\).)s 7932(It)s 8128(is)s 8329(an)s 8603(error)s
+960 11815(for)m 1298(the)s 1646(\207le)s 2007(not)s 2373(to)s
+2612(be)s 2894(opened)s 3644(and)s 4048(read.)s gsave
+600 11628 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(!)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+grestore
+
+grestore
+960 11334(The)m 240 fnt83
+1388 11336(condition)m 240 fnt82 2346 11334(is)m 240 fnt83 2556 11336(not)m
+240 fnt82 2926 11334(true.)m 600 11094(Conjunctions:)m gsave
+1983 11148 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(&)m
+
+grestore
+2143(and)s gsave
+2547 11148 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(|)m
+grestore
+gsave
+1440 10901 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\()m
+gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+grestore
+0 -292(&)m gsave
+288 -240 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+
+grestore
+0 -532(&)m gsave
+288 -480 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(condition)m
+grestore
+0 -772(\202)m 0 -1012(\))m
+
+grestore
+960 9635(is)m 1170(true)s 1597(if)s 1814(all)s 2107(the)s
+2455(listed)s 3030(conditions)s 4078(are)s 4425(true;)s 4908(where)s
+gsave
+5548 9689 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(|)m
+grestore
+5708(is)s 5918(used)s 6415(it)s
+6607(is)s 6817(true)s 7244(if)s 7461(an)s 3(y)k
+7858(of)s 8129(them)s 8667(is)s 960 9390(true.)m 1428(Ne)s 6(wlines)k
+2368(must)s 2885(be)s 3159(used)s 3648(to)s 3879(separate)s
+4709(one)s 5104(condition)s 6057(from)s 6573(the)s 6913(ne)s 3(xt,)k
+7421(as)s 7663(sho)s 6(wn,)k 8382(and)s 8778(the)s
+960 9150(parentheses)m 2126(are)s 2473(mandatory)s 15(.)k 3585(These)s
+4212(conjunctions)s 5486(do)s 5779(not)s 6145(do)s 6438(lazy)s
+6890(e)s 6(v)k 6(aluation.)k 480 8588(The)m 908(parameters)s
+2006(are:)s gsave
+600 8402 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(service)m
+grestore
+960 8108(The)m 1388(service)s
+2120(name)s 2694(speci\207ed)s 3602(when)s 4178(the)s 4526(client)s
+5116(w)s 2(as)k 5537(called.)s gsave
+600 7922 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(calling\211user)m
+
+grestore
+960 7628(T)m 19(w)k 2(o)k 1431(strings:)s 2174(the)s
+2522(login)s 3071(name)s 3645(of)s 3916(the)s 4264(calling)s
+4967(user)s 5425(\(determined)s 6637(as)s 6887(for)s gsave
+7225 7682 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(USERV_USER)m
+grestore
+8226(,)s 8333(abo)s 3(v)k 3(e\))k
+960 7388(and)m 1364(the)s 1712(calling)s 2415(uid)s 2779(\(represented)s
+4017(in)s 4260(decimal\).)s gsave
+600 7202 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(calling\211group)m
+grestore
+960 6908(Se)m 6(v)k 3(eral)k
+1722(strings:)s 2465(the)s 2813(primary)s 3623(and)s 4027(supplementary)s
+5489(group)s 6101(names)s 6763(and)s 7167(gids)s 7617(\(in)s
+7939(decimal\))s 960 6668(of)m 1231(the)s 1579(calling)s 2282(process.)s
+3103(All)s 3463(the)s 3811(group)s 4423(names)s 5085(come)s
+5659(\207rst,)s 6137(and)s 6541(then)s 7010(the)s 7358(gids.)s
+7861(If)s 8091(the)s 8439(\207rst)s 960 6428(supplementary)m 2422(group)s
+3034(is)s 3244(the)s 3592(same)s 4139(as)s 4389(the)s
+4737(primary)s 5547(group)s 6159(then)s 6628(it)s 6820(is)s
+7030(elided.)s gsave
+600 6242 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(calling\211user\211shell)m
+grestore
+960 5948(The)m 1388(calling)s
+2091(user')s 13(s)k 2699(shell,)s 3257(as)s 3507(listed)s
+4082(in)s 4325(the)s 4673(passw)s 2(ord)k 5633(entry)s
+6178(for)s 6516(the)s 6864(calling)s 7567(login)s 8116(name)s
+8690(\(as)s 960 5708(determined)m 2093(for)s gsave
+2431 5762 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_USER)m
+
+grestore
+3432(,)s 3539(abo)s 3(v)k 3(e\).)k gsave
+600 5522 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(service\211user)m
+grestore
+960 5228(T)m 19(w)k 2(o)k 1431(strings:)s
+2174(the)s 2522(name)s 3096(of)s 3367(the)s 3715(service)s
+4447(user)s 4905(\(as)s 5234(speci\207ed)s 6142(to)s 6381(the)s
+6729(client\))s 7387(and)s 7791(their)s 8288(uid)s 960 4988(\(represented)m
+2198(in)s 2441(decimal\).)s gsave
+600 4802 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(service\211group)m
+grestore
+960 4508(Se)m 6(v)k 3(eral)k
+1722(strings:)s 2465(the)s 2813(primary)s 3623(and)s 4027(supplementary)s
+5489(group)s 6101(names)s 6763(and)s 7167(gids)s 7617(\(in)s
+7939(decimal\))s 8823(of)s 960 4268(the)m 1308(service)s 2040(user)s 13(.)k
+gsave
+600 4082 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(service\211user\211shell)m
+grestore
+960 3788(The)m 1388(service)s 2120(user')s 13(s)k
+2728(shell,)s 3286(as)s 3536(listed)s 4111(in)s 4354(their)s
+4851(passw)s 2(ord)k 5811(entry)s 15(.)k gsave
+600 3602 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(u\211)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+
+grestore
+960 3308(The)m 1388(v)s 6(alue)k
+1956(of)s 2227(the)s 2575(user)s 4(-de\207ned)k 3811(v)s 6(ariable)k
+240 fnt83 4630 3310(name)m 240 fnt82 5202 3308(passed)m 5898(by)s
+6192(the)s 6540(caller)s 7129(using)s 7701(the)s gsave
+8049 3362 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211defvar)m
+grestore
+960 3068(command-line)m 2397(option)s 3066(to)s 3305(the)s
+3653(client.)s 4287(If)s 4517(the)s 4865(v)s 6(ariable)k
+5684(w)s 2(as)k 6105(not)s 6471(de\207ned)s 7234(then)s
+7703(this)s 8099(parameter)s 960 2828(is)m 1170(an)s 1453(empty)s
+2105(list)s 2456(of)s 2727(strings;)s 3476(in)s 3719(this)s
+4115(case)s 4582(an)s 3(y)k 4979(condition)s 5940(which)s
+6582(tests)s 7057(it)s 7249(will)s 7675(be)s 7957(f)s 2(alse,)k
+8512(and)s gsave
+960 2642 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(include\211lookup)m
+grestore
+2421 2588(on)m 2718(it)s
+2910(will)s 3336(read)s 3805(the)s gsave
+4153 2642 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:none)m
+
+grestore
+4713(\207le,)s 5125(or)s gsave
+5384 2642 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:default)m
+grestore
+6245(if)s
+gsave
+6462 2642 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(:none)m
+grestore
+7022(is)s 7232(not)s 7598(found.)s
+gsave
+120 2219 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(errors\211push)m
+grestore
+240 fnt83 1281 2167(\207lename)m gsave
+120 1979 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(srorre)m
+grestore
+240 fnt82 480 1685(Stacks)m 1155(the)s 1503(error)s
+2026(handling)s 2917(beha)s 4(viour)k 3930(currently)s 4846(in)s
+5089(ef)s 6(fect.)k 5729(An)s 3(y)k 6193(changes)s
+7015(to)s 7254(error)s 7777(handling)s 8668(will)s 480 1445(tak)m 2(e)k
+932(ef)s 6(fect)k 1528(only)s 2008(between)s gsave
+2862 1499 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(errors\211push)m
+grestore
+4023(and)s gsave
+4427 1499 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(srorre)m
+grestore
+5027(.)s
+gsave
+120 1105 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+gsave
+120 865 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(hctac)m
+grestore
+0 52(User)m
+511(service)s 1243(daemon)s 2058(and)s 2462(client)s 3052(speci\207cation)s
+8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 14 14
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(14)m 240 fnt82 480 13254(An)m 3(y)k
+935(use)s 1301(of)s gsave
+1563 13308 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(quit)m
+grestore
+2013(inside)s
+gsave
+2631 13308 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+3683(will)s 4100(merely)s 4807(cause)s
+5385(the)s 5724(parsing)s 6472(to)s 6701(continue)s 7572(at)s
+gsave
+7795 13308 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(hctac)m
+grestore
+8345(instead.)s 480 13014(An)m 3(y)k
+944(control)s 1676(constructs)s 2696(started)s 3390(since)s 3937(the)s
+gsave
+4285 13068 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+5346(will)s 5772(be)s 6054(considered)s
+7148(\207nished)s 7964(if)s 8181(a)s gsave
+8347 13068 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(quit)m
+
+grestore
+480 12774(is)m 690(found.)s 480 12366(If)m 710(an)s 993(error)s
+1516(occurs)s 2191(inside)s gsave
+2818 12420 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+3879(the)s
+4227(e)s 3(x)k 3(ecution)k 5208(settings)s 5989(will)s
+6415(be)s 6697(reset)s 7207(\(as)s 7536(if)s 7753(by)s
+8047(the)s gsave
+8395 12420 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+grestore
+480 12126(directi)m 6(v)k 3(e\))k
+1434(and)s 1838(parsing)s 2595(will)s 3021(lik)s 2(e)k 6(wise)k
+3865(continue)s 4745(at)s gsave
+4977 12180 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(hctac)m
+grestore
+5477(.)s
+480 11718(If)m 705(a)s 865(le)s 3(xical)k 1548(or)s
+1801(syntax)s 2476(error)s 2993(is)s 3198(detected)s 4046(in)s
+4283(the)s 4626(same)s 5167(con\207guration)s 6495(\207le)s 6850(as)s
+7095(the)s gsave
+7437 11772 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+grestore
+8438(,)s 8539(while)s
+480 11478(looking)m 1265(for)s 1603(the)s gsave
+1951 11532 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(hctac)m
+
+grestore
+2511(after)s 3007(an)s 3290(error)s 3813(or)s gsave
+4072 11532 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(quit)m
+grestore
+4472(,)s 4579(that)s 4997(ne)s 6(w)k
+5444(error)s 5967(will)s 6393(not)s 6759(be)s 7041(caught.)s
+300 fnt84 0 10811(4.2.4.)m 813(Dir)s 5(ecti)k 3(v)k 3(es)k
+2148(f)s 7(or)k 2595(changing)s 3829(execution)s 5112(settings)s
+240 fnt82 0 10240(The)m 419(follo)s 6(wing)k 1386(directi)s 6(v)k 3(es)k
+2346(modify)s 3082(the)s 3420(e)s 3(x)k 3(ecution)k
+4391(settings;)s 5223(the)s 5562(serv)s 3(er)k 6192(will)s
+6608(remember)s 7627(the)s 7965(f)s 2(act)k 8370(that)s
+8778(the)s 0 9999(directi)m 6(v)k 3(e)k 881(w)s 2(as)k
+1300(encountered)s 2525(and)s 2927(act)s 3263(on)s 3559(it)s
+3749(only)s 4227(after)s 4721(all)s 5012(the)s 5359(con\207guration)s
+6690(has)s 7058(been)s 7565(parsed.)s 8291(The)s 240 fnt83
+8717 10001(last)m 240 fnt82 0 9759(directi)m 6(v)k 3(e)k
+882(which)s 1524(modi\207es)s 2399(an)s 3(y)k 2796(particuar)s
+3704(setting)s 4394(will)s 4820(tak)s 2(e)k 5272(ef)s 6(fect.)k
+gsave
+120 9405 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reject)m
+grestore
+480 9111(Reject)m 1150(the)s 1498(request.)s
+gsave
+2292 9165 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute)m
+grestore
+2992(,)s gsave
+3099 9165 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m
+
+grestore
+5361(and)s gsave
+5765 9165 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211path)m
+grestore
+7527(will)s 7953(change)s
+480 8871(this)m 876(setting.)s gsave
+120 8531 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(pr)m 10(o)k 2(gr)k 3(am)k
+grestore
+2461([)s
+gsave
+2605 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(ar)m 8(gument)k
+grestore
+4048(\202])s
+grestore
+480 8237(Ex)m 3(ecute)k
+1300(the)s 1645(program)s 240 fnt83 2512 8239(pr)m 10(o)k 2(gr)k 3(am)k
+240 fnt82 3332 8237(,)m 3436(with)s 3915(the)s 4259(ar)s 4(guments)k
+5299(as)s 5546(speci\207ed,)s 6500(follo)s 6(wed)k 7399(by)s
+7690(an)s 3(y)k 8083(ar)s 4(guments)k 480 7997(gi)m 6(v)k 3(en)k
+1052(to)s 1282(the)s 1621(client)s 2203(if)s gsave
+2411 8051 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(no\211suppress\211args)m
+grestore
+4064(is)s 4266(in)s 4500(ef)s 6(fect.)k
+5131(It)s 5328(is)s 5529(an)s 5803(error)s 6318(for)s
+6647(the)s 6986(e)s 3(x)k 3(ecution)k 7959(to)s
+8189(f)s 2(ail)k 8550(when)s 480 7757(it)m 672(is)s
+882(attempted)s 1882(\(after)s 2457(all)s 2750(the)s 3098(con\207guration)s
+4431(has)s 4801(been)s 5310(parsed\).)s 6117(If)s 240 fnt83
+6347 7759(pr)m 10(o)k 2(gr)k 3(am)k 240 fnt82
+7227 7757(does)m 7717(not)s 8083(contain)s 8844(a)s 480 7517(slash)m
+1015(it)s 1207(will)s 1633(be)s 1915(searched)s 2809(for)s
+3147(on)s 3444(the)s 3792(service)s 4524(user')s 13(s)k
+5132(path.)s gsave
+120 7177 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m gsave
+3312 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(pathname)m
+
+grestore
+4789([)s gsave
+4933 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(ar)m 8(gument)k
+grestore
+6376(\202])s
+
+grestore
+480 6883(T)m 19(ak)k 2(e)k 993(all)s 1286(the)s
+1634(characters)s 2652(after)s 3148(the)s 3496(last)s 3887(slash)s
+4422(of)s 4693(the)s 5041(service)s 5773(name)s 6347(speci\207ed)s
+7255(when)s 7831(the)s 8179(client)s 480 6642(w)m 2(as)k
+901(called,)s 1578(and)s 1982(e)s 3(x)k 3(ecute)k
+2762(that)s 3180(program)s 4050(in)s 4293(the)s 4641(directory)s
+5557(named)s 6253(by)s 240 fnt83 6547 6644(pathname)m 240 fnt82
+7545 6642(as)m 7795(if)s 8012(it)s 8204(had)s 8608(been)s
+480 6402(speci\207ed)m 1388(for)s 240 fnt83 1726 6404(e)m 4(xecute)k
+240 fnt82 2431 6402(.)m 2535(The)s 2963(part)s 3394(of)s
+3665(the)s 4013(service)s 4745(name)s 5319(used)s 5816(may)s
+6282(contain)s 7043(only)s 7523(alphanumerics)s 480 6162(and)m 884(h)s 1(yphens)k
+1732(and)s 2136(must)s 2660(start)s 3130(with)s 3611(an)s
+3894(alphanumeric)s 5247(\(and)s 5730(it)s 5921(must)s 6446(be)s
+6727(non-empty\),)s 7950(otherwise)s 8934(it)s 480 5922(is)m 690(an)s
+973(error)s 13(.)k 480 5514(This)m 956(directi)s 6(v)k 3(e)k
+1838(is)s 2048(ignored)s 2837(if)s 3054(the)s 3402(rele)s 6(v)k 6(ant)k
+4219(program)s 5089(does)s 5579(not)s 5945(e)s 3(xist)k
+6453(in)s 6696(the)s 7044(directory)s 7960(speci\207ed;)s 480 5274(in)m
+723(this)s 1119(case)s 1586(the)s 1934(program)s 2804(to)s
+3043(e)s 3(x)k 3(ecute)k 3823(is)s 4033(left)s
+4410(at)s 4642(its)s 4918(pre)s 6(vious)k 5787(setting)s
+6477(\(or)s 6815(unset,)s 7427(if)s 7644(it)s 7836(w)s 2(as)k
+8257(not)s 480 5034(set)m 805(before\).)s 480 4626(It)m 672(is)s
+869(an)s 1139(error)s 1649(for)s 1974(the)s 2309(test)s
+2687(for)s 3012(the)s 3347(e)s 3(xistence)k 4276(of)s
+4533(the)s 4868(program)s 5725(to)s 5951(f)s 2(ail)k
+6308(other)s 6846(than)s 7302(with)s 7771(a)s 7924(`no)s
+8283(such)s 8765(\207le)s 480 4386(or)m 729(directory')s 1693(indication.)s
+2743(It)s 2938(is)s 3138(also)s 3566(an)s 3839(error)s
+4352(for)s 4680(the)s 5018(e)s 3(x)k 3(ecution)k
+5989(to)s 6218(f)s 2(ail)k 6578(if)s 6785(and)s
+7179(when)s 7745(it)s 7927(is)s 8126(attempted)s 480 4146(\(after)m
+1055(all)s 1348(the)s 1696(con\207guration)s 3029(has)s 3399(been)s
+3908(parsed\).)s gsave
+120 3806 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211path)m
+grestore
+240 fnt83 480 3514(service)m
+240 fnt82 1202 3512(is)m 1404(interpreted)s 2488(as)s 2731(a)s
+2889(program)s 3751(on)s 4041(the)s 4381(def)s 2(ault)k
+gsave
+5094 3566 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(PATH)m
+grestore
+5546(\(or)s 5877(as)s 6119(a)s
+6277(pathname)s 7256(of)s 7519(an)s 7794(e)s 3(x)k 3(ecutable,)k
+8909(if)s 480 3271(it)m 660(contains)s 1495(a)s gsave
+1649 3325 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(/)m
+grestore
+1749(\).)s 1919(This)s 2383(directi)s 6(v)k 3(e)k
+3252(is)s 240 fnt83 3450 3273(very)m 3904(dang)s 2(er)k 10(ous)k
+240 fnt82 4899 3271(,)m 4994(and)s 5385(is)s 5583(only)s
+6050(pro)s 3(vided)k 6944(to)s 7170(mak)s 2(e)k
+7730(the)s gsave
+8065 3325 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211override)m
+grestore
+480 3031(options)m 1230(ef)s 6(fecti)k 6(v)k 3(e.)k
+2146(It)s 2344(should)s 3034(not)s 3393(normally)s 4304(be)s
+4579(used.)s 5115(It)s 5313(is)s 5516(an)s 5792(error)s
+6309(for)s 6640(the)s 6981(e)s 3(x)k 3(ecution)k
+7955(to)s 8187(f)s 2(ail)k 8550(when)s 480 2791(it)m
+672(is)s 882(attempted)s 1882(\(after)s 2457(all)s 2750(the)s
+3098(con\207guration)s 4431(has)s 4801(been)s 5310(parsed\).)s gsave
+120 2451 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(execute\211builtin)m gsave
+2304 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(service-name)m
+grestore
+gsave
+4249 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(service-ar)m 8(guments)k
+
+grestore
+
+grestore
+480 2157(Ex)m 3(ecutes)k 1388(the)s 1732(b)s 4(uiltin)k
+2405(service)s 240 fnt83 3133 2159(service-name)m 240 fnt82 4400 2157(.)m
+4500(These)s 5123(b)s 4(uiltin)k 5796(services)s 6612(display)s
+7353(information)s 8534(about)s 480 1917(the)m 822(serv)s 3(er)k
+1455(and/or)s 2120(the)s 2461(request,)s 3252(and)s 3649(ignore)s
+4310(an)s 3(y)k 4700(ar)s 4(guments)k 5737(passed)s
+6426(from)s 6944(the)s 7285(service)s 8011(side)s 8445(e)s 3(xcept)k
+480 1677(possibly)m 1320(to)s 1547(print)s 2046(them)s 2572(as)s
+2810(part)s 3228(of)s 3487(their)s 3972(output.)s 4676(The)s 3(y)k
+5207(write)s 5740(their)s 6225(results)s 6887(to)s 7114(their)s
+7599(standard)s 8454(output)s 480 1437(\(i.e.,)m 958(where)s 6(v)k 3(er)k
+1898(\207le)s 2259(descriptor)s 3274(1)s 3429(is)s 3639(directed\).)s
+4591(The)s 5019(b)s 4(uiltin)k 5696(services)s 6516(are:)s
+gsave
+600 1251 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute)m
+grestore
+960 957(Displays)m 1848(the)s 2196(e)s 3(x)k 3(ecution)k
+3177(settings,)s 4014(de\207ned)s 4777(v)s 6(ariables,)k 5740(ar)s 4(guments,)k
+6839(etc.)s 7221(with)s 7703(which)s 8345(the)s 960 717(b)m 4(uiltin)k
+1637(service)s 2369(w)s 2(as)k 2790(in)s 9(v)k 4(ok)k 2(ed.)k
+0 52(0.61.1)m 4809(User)s 5320(service)s 6052(daemon)s 6867(and)s
+7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 15 15
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8833 13842(15)m gsave
+600 13310 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(environment)m
+grestore
+240 fnt82
+960 13016(Dis)m 1283(plays)s 1839(the)s 2187(en)s 2410(vi)s
+2590(ron)s 2906(ment)s 3444(v)s 6(ari)k 3803(able)s
+4257(set)s 4522(tings)s 5038(with)s 5520(which)s 6162(the)s
+6510(b)s 4(uiltin)k 7187(ser)s 7465(vice)s 7919(w)s 2(as)k
+960 12776(in)m 1143(v)s 4(ok)k 2(ed.)k gsave
+600 12590 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(parameter)m gsave
+1440 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(par)m 3(ameter)k
+grestore
+
+grestore
+960 12296(Displays)m
+1848(the)s 2196(v)s 6(alues)k 2852(of)s 3123(the)s
+3471(service)s 4203(con\207guration)s 5536(language)s 6456(parameter)s 7470(speci\207ed.)s
+gsave
+600 12110 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(version)m
+grestore
+960 11816(Displays)m 1848(the)s 2196(v)s 3(ersion)k
+2954(string)s 3551(and)s 3955(compilation)s 5154(details)s 5828(of)s
+6099(the)s 6447(uservd)s 7143(serv)s 3(er)k 7783(program.)s
+gsave
+600 11630 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+grestore
+960 11336(Dis)m 1283(plays)s 1838(the)s
+2184(de)s 2406(f)s 2(ault)k 2899(re)s 3080(set)s
+3403(con)s 3746(\207g)s 3992(u)s 4107(ra)s 4292(tion)s
+4719(\(e)s 6(v)k 6(al)k 5179(u)s 5294(at)s
+5466(ed)s 5748(when)s gsave
+6323 11390 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+grestore
+6881(is)s
+7089(found)s 7704(in)s 7945(a)s 8109(con)s 8452(\207g)s
+8698(u)s 8813(ra)s 8998(-)s 960 11096(tion)m 1389(\207le,)s
+1801(or)s 2060(when)s 2636(an)s 2919(er)s 3104(ror)s
+3442(is)s 3652(caught)s 4350(by)s gsave
+4644 11150 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(catch\211quit)m
+
+grestore
+5645(\).)s gsave
+600 10910 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(toplevel)m
+grestore
+960 10616(Displays)m 1848(the)s
+2196(top-le)s 6(v)k 3(el)k 3091(def)s 2(ault)k
+3812(con\207guration)s 5145(\(the)s 5572(con\207guration)s 6905(data,)s 7410(e)s 6(v)k 6(aluated)k
+8372(by)s 8666(the)s 960 10376(serv)m 3(er)k 9(,)k
+1638(which)s 2280(calls)s 2768(all)s 3061(the)s 3409(other)s
+3960(con\207guration)s 5293(\207les\).)s gsave
+600 10190 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(override)m
+grestore
+960 9896(Displays)m
+1847(the)s 2194(top-le)s 6(v)k 3(el)k 3088(o)s 3(v)k 3(erride)k
+3932(con\207guration)s 5264(\(the)s 5690(con\207guration)s 7021(data,)s 7525(e)s 6(v)k 6(aluated)k
+8486(by)s 8778(the)s 960 9656(serv)m 3(er)k 9(,)k
+1638(which)s 2280(causes)s 2955(all)s 3248(the)s 3596(other)s
+4147(con\207guration)s 5480(data)s 5938(to)s 6177(be)s 6459(parsed\).)s
+gsave
+600 9470 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(help)m
+grestore
+960 9176(Displays)m 1848(a)s 2014(list)s
+2365(of)s 2636(the)s 2984(understood)s 4106(b)s 4(uiltin)k
+4783(service)s 5515(names)s 6177(and)s 6581(ar)s 4(guments.)k
+480 8913(In)m 736(the)s 1084(fu)s 1278(ture)s 1705(oth)s
+2008(er)s 2253(b)s 4(uiltin)k 2930(ser)s 3208(vices)s
+3750(may)s 4216(be)s 4498(de)s 4720(\207ned)s 5257(which)s
+5899(do)s 6192(more)s 6739(than)s 7208(just)s 7613(print)s
+8124(in)s 8307(for)s 8585(-)s 480 8673(ma)m 772(tion.)s
+gsave
+120 8383 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(set\211environment)m
+grestore
+gsave
+120 8143 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(no\211set\211environment)m
+grestore
+480 7849(Runs)m
+gsave
+1024 7903 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/etc/environment)m
+grestore
+2686(to)s 2925(set)s 3250(the)s
+3598(service)s 4330(user')s 13(s)k 4938(en)s 9(vironment.)k
+6242(This)s 6718(adds)s 7208(the)s 7556(o)s 3(v)k 3(erhead)k
+8485(of)s 480 7609(in)m 9(v)k 4(oking)k 1372(a)s
+1538(shell,)s 2096(b)s 4(ut)k 2458(doesn')s 4(t)k
+3218(cause)s 3805(an)s 3(y)k 4202(shell)s 4708(\(de\)mangling)s
+6049(of)s 6320(the)s 6668(service')s 13(s)k 7554(ar)s 4(guments.)k
+8650(This)s 480 7369(is)m 690(achie)s 6(v)k 3(ed)k
+1589(by)s 1883(in)s 9(v)k 4(oking)k gsave
+960 7183 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(.../program)m 1728(arg)s 2304(arg)s 2880(arg)s 3456(\202)s
+
+grestore
+480 6938(as)m gsave
+960 6752 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/bin/sh)m 1152(\211c)s 1584('.)s
+2016(/etc/environment;)s 4608(exec)s 5328("$@"')s 6192(\211)s 6480(.../program)s
+8208(arg)s 8784(arg)s 9360(arg)s 9936(\202)s
+grestore
+gsave
+480 6508 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(no\211set\211environment)m
+grestore
+2342 6454(cancels)m 3096(the)s 3444(ef)s 6(fect)k
+4040(of)s gsave
+4311 6508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(set\211environment)m
+grestore
+5812(.)s gsave
+120 6164 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(no\211suppress\211args)m
+grestore
+gsave
+120 5924 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(suppress\211args)m
+grestore
+480 5630(Include)m 1253(an)s 3(y)k
+1650(ar)s 4(guments)k 2693(gi)s 6(v)k 3(en)k
+3273(to)s 3512(the)s 3860(client)s 4450(as)s 4700(ar)s 4(guments)k
+5743(to)s 5982(the)s 6330(program)s 7200(in)s 9(v)k 4(ok)k 2(ed)k
+8015(as)s 8265(a)s 8431(result)s 480 5390(of)m 749(an)s
+gsave
+1030 5444 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute)m
+grestore
+1730(,)s gsave
+1834 5444 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m
+
+grestore
+4094(or)s gsave
+4351 5444 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211path)m
+grestore
+6110(directi)s 6(v)k 3(e.)k
+gsave
+7038 5444 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(suppress\211args)m
+grestore
+8396(undoes)s 480 5150(the)m 828(ef)s 6(fect)k
+1424(of)s gsave
+1695 5204 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(no\211suppress\211args)m
+grestore
+3297(.)s gsave
+120 4829 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(require\211fd)m gsave
+1584 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd-r)m 3(ang)k 2(e)k
+
+grestore
+2882(read|write)s
+grestore
+480 4530(In)m 676(sist)s 1054(that)s 1472(the)s
+1820(\207ledescrip)s 2808(tor\(s\))s 3373(be)s 3655(opened)s 4405(for)s
+4743(read)s 5152(ing)s 5511(resp.)s 6013(writ)s 6397(ing.)s
+6807(It)s 7012(is)s 7222(an)s 7505(er)s 7690(ror)s
+8028(if)s 8245(an)s 3(y)k 8642(de)s 8864(-)s
+480 4290(scrip)m 937(tor)s 1258(mark)s 2(ed)k 2027(as)s
+2272(re)s 2453(quired)s 3118(when)s 3689(the)s 4033(ser)s
+4311(vice)s 4760(is)s 4966(about)s 5554(to)s 5788(be)s
+6066(in)s 6249(v)s 4(ok)k 2(ed)k 6882(\(af)s
+7158(ter)s 7465(the)s 7808(con)s 8151(\207g)s 8397(u)s
+8512(ra)s 8697(tion)s 480 4050(has)m 850(been)s 1359(parsed\))s
+2111(w)s 2(as)k 2532(not)s 2898(spec)s 3316(i)s
+3376(\207ed)s 3793(when)s 4369(the)s 4717(client)s 5307(w)s 2(as)k
+5728(in)s 5911(v)s 4(ok)k 2(ed.)k 6595(Each)s
+7130(\207le)s 7491(de)s 7713(scrip)s 8170(tor)s 8495(has)s
+480 3810(a)m 646(sep)s 958(a)s 1064(rate)s 1477(set)s
+1742(ting,)s 2221(and)s 2625(the)s 2973(last)s 3364(one)s
+3766(of)s gsave
+4037 3864 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(require\211fd)m
+grestore
+5038(,)s gsave
+5145 3864 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(allow\211fd)m
+grestore
+5946(,)s gsave
+6053 3864 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(ignore\211fd)m
+grestore
+6954(,)s
+gsave
+7061 3864 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(null\211fd)m
+grestore
+7821(or)s gsave
+8080 3864 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reject\211fd)m
+
+grestore
+480 3570(which)m 1122(af)s 1319(fect)s 1676(ed)s 1960(a)s
+2126(par)s 2431(tic)s 2662(u)s 2777(lar)s 3088(\207le)s
+3449(de)s 3671(scrip)s 4128(tor)s 4453(will)s 4879(tak)s 2(e)k
+5331(ef)s 5528(fect.)s 240 fnt83 480 3164(fd-r)m 3(ang)k 2(e)k
+240 fnt82 1352 3162(may)m 1818(be)s 2100(a)s 2266(single)s
+2893(number)s 9(,)k 3722(tw)s 2(o)k 4132(numbers)s
+5007(separated)s 5967(by)s 6261(a)s 6427(h)s 1(yphen,)k
+7239(or)s 7498(one)s 7900(number)s 480 2922(follo)m 6(wed)k
+1382(by)s 1676(a)s 1842(h)s 1(yphen)k 2604(\(indicating)s
+3692(all)s 3985(descriptors)s 5084(from)s 5608(that)s 6026(number)s
+6817(onw)s 2(ards\).)k 7809(It)s 8014(may)s 8480(also)s
+480 2682(be)m 760(one)s 1159(of)s 1428(the)s 1773(w)s 2(ords)k
+gsave
+2405 2736 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdin)m
+grestore
+2905(,)s gsave
+3009 2736 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stdout)m
+
+grestore
+3667(or)s gsave
+3923 2736 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(stderr)m
+grestore
+4523(.)s 4625(Open-ended)s
+5850(\207le)s 6209(descriptor)s 7221(rangers)s 7973(are)s 8317(allo)s 6(wed)k
+480 2442(only)m 960(with)s gsave
+1442 2496 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reject\211fd)m
+grestore
+2403(and)s
+gsave
+2807 2496 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(ignore\211fd)m
+grestore
+3708(,)s 3815(as)s 4065(otherwise)s
+5050(the)s 5398(service)s 6130(program)s 7000(w)s 2(ould)k
+7655(\207nd)s 8086(itself)s 8634(with)s 480 2202(a)m 646(v)s 3(ery)k
+1122(lar)s 4(ge)k 1651(number)s 2442(of)s 2713(\207le)s
+3074(descriptors)s 4173(open.)s 480 1794(When)m 1109(the)s 1457(con\207guration)s
+2790(has)s 3160(been)s 3669(parsed,)s 4400(and)s 4804(before)s
+5470(the)s 5818(service)s 6550(is)s 6760(about)s 7352(to)s
+7591(be)s 7873(e)s 3(x)k 3(ecuted,)k 480 1554(stderr)m
+1082(\(fd)s 1417(2\))s 1663(must)s 2187(be)s 2468(required)s
+3320(or)s 3578(allo)s 6(wed)k 4385(\()s gsave
+4458 1608 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(require\211fd)m
+grestore
+5518(or)s gsave
+5776 1608 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(allow\211fd)m
+grestore
+6577(\))s
+6703(for)s 7040(writing;)s 7841(this)s 8235(is)s 8444(so)s
+8708(that)s 480 1314(the)m 823(error)s 1341(message)s 2202(printed)s
+2931(by)s 3220(the)s 3563(serv)s 3(er')k 13(s)k
+4348(child)s 4878(process)s 5641(if)s 5853(it)s 6040(cannot)s
+gsave
+6732 1368 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(exec)m
+grestore
+7187(the)s 7530(service)s 8256(program)s
+480 1074(is)m 690(not)s 1056(lost.)s gsave
+120 784 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(allow\211fd)m
+gsave
+1296 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd-r)m 3(ang)k 2(e)k
+grestore
+2594([read|write])s
+
+grestore
+0 52(User)m 511(service)s 1243(daemon)s 2058(and)s 2462(client)s
+3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 16 16
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(16)m 240 fnt82 480 13251(Allo)m 6(w)k
+1126(the)s 1474(descriptor\(s\))s 2729(to)s 2968(be)s 3250(opened)s
+4000(for)s 4338(reading)s 5108(resp.)s 5610(writing,)s 6407(or)s
+6666(either)s 7269(if)s 7486(neither)s gsave
+8209 13305 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(read)m
+
+grestore
+8669(nor)s gsave
+480 13065 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+grestore
+1040 13011(is)m 1250(speci\207ed.)s
+2204(If)s 2434(a)s 2600(particular)s 3574(descriptor)s 4589(not)s
+4955(speci\207ed)s 5863(by)s 6157(the)s 6505(client)s 7095(then)s
+7564(it)s 7756(will)s 8182(be)s 8464(open)s 480 12771(onto)m
+gsave
+959 12825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/dev/null)m
+grestore
+1920(\(for)s 2337(reading,)s 3161(writing,)s
+3958(or)s 4217(both,)s 4750(depending)s 5801(on)s 6098(whether)s
+gsave
+6928 12825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(read)m
+grestore
+7328(,)s gsave
+7435 12825 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+
+grestore
+7995(or)s 8254(neither)s 480 12531(w)m 2(as)k 901(speci\207ed\).)s
+gsave
+120 12191 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(null\211fd)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd-r)m 3(ang)k 2(e)k
+
+grestore
+2450([read|write])s
+grestore
+480 11892(Spec)m 938(i)s 998(fy)s 1251(that)s
+1669(the)s 2017(de)s 2239(scrip)s 2696(tor\(s\))s 3261(be)s
+3543(opened)s 4293(onto)s gsave
+4772 11946 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(/dev/null)m
+grestore
+5733(for)s
+6071(read)s 6480(ing)s 6839(resp.)s 7341(writ)s 7725(ing,)s
+8138(or)s 8397(both)s 8880(if)s 480 11652(nei)m 766(ther)s
+gsave
+1181 11706 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(read)m
+grestore
+1624(nor)s gsave
+1986 11706 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(write)m
+
+grestore
+2529(is)s 2722(spec)s 3140(i)s 3200(\207ed.)s 3646(An)s 3(y)k
+4093(spec)s 4511(i)s 4571(\207)s 4696(ca)s 4908(tion)s
+5320(of)s 5574(these)s 6104(\207le)s 6448(de)s 6670(scrip)s
+7127(tors)s 7519(by)s 7796(the)s 8127(client)s 8700(will)s
+480 11412(be)m 762(silent)s 1279(ly)s 1519(ig)s 1698(nored;)s
+2355(the)s 2703(client)s 3293(will)s 3719(see)s 4080(its)s
+4356(ends)s 4846(of)s 5117(the)s 5465(de)s 5687(scrip)s
+6144(tors)s 6553(be)s 6775(ing)s 7134(closed)s 7803(im)s
+8055(me)s 8343(di)s 8523(ate)s 8797(ly)s 15(.)k
+gsave
+120 11072 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reject\211fd)m gsave
+1440 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd-r)m 3(ang)k 2(e)k
+
+grestore
+
+grestore
+480 10778(Do)m 824(not)s 1187(allo)s 6(w)k 1764(the)s
+2109(descriptor\(s\))s 3362(to)s 3598(be)s 3878(speci\207ed)s 4783(by)s
+5075(the)s 5420(client.)s 6052(It)s 6254(is)s 6462(an)s
+6742(error)s 7263(if)s 7477(an)s 3(y)k 7871(descriptor\(s\))s
+480 10538(mark)m 2(ed)k 1253(for)s 1591(rejection)s 2483(are)s
+2830(speci\207ed)s 3738(when)s 4314(the)s 4662(service)s 5394(is)s
+5604(about)s 6196(to)s 6435(be)s 6717(in)s 9(v)k 4(ok)k 2(ed)k
+7532(\(after)s 8107(the)s 480 10298(con\207guration)m 1813(has)s 2183(been)s
+2692(parsed\).)s gsave
+120 9958 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(ignore\211fd)m gsave
+1440 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(fd-r)m 3(ang)k 2(e)k
+
+grestore
+
+grestore
+480 9664(Silent)m 1037(ly)s 1260(ig)s 1439(nore)s 1902(an)s 3(y)k
+2281(spec)s 2699(i)s 2759(\207)s 2884(ca)s 3096(tion)s
+3507(by)s 3783(the)s 4113(client)s 4685(of)s 4938(those)s
+5481(de)s 5703(scrip)s 6160(tor\(s\).)s 6762(The)s 7172(pipes)s
+7710(cor)s 8015(re)s 8196(spond)s 8767(ing)s 480 9424(to)m
+719(these)s 1266(de)s 1488(scrip)s 1945(tors)s 2354(will)s
+2780(be)s 3062(closed)s 3731(just)s 4136(be)s 4358(fore)s
+4798(the)s 5146(ser)s 5424(vice)s 5878(is)s 6088(in)s
+6271(v)s 4(ok)k 2(ed.)k gsave
+120 9084 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(disconnect\211hup)m
+
+grestore
+gsave
+120 8844 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(no\211disconnect\211hup)m
+grestore
+480 8550(Causes)m 1209(the)s 1557(service')s 13(s)k
+2443(process)s 3211(group)s 3823(to)s 4062(get)s 4414(a)s
+gsave
+4580 8604 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGHUP)m
+grestore
+5240(if)s 5457(the)s 5805(client)s
+6395(disconnects)s 7562(before)s 8228(the)s 8576(main)s 480 8310(service)m
+1212(process)s 1980(terminates.)s gsave
+3078 8364 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(no\211disconnect\211hup)m
+grestore
+4840(cancels)s
+gsave
+5594 8364 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(disconnect\211hup)m
+grestore
+6995(.)s 480 7902(If)m 700(one)s
+1091(of)s 1352(the)s 1689(reading)s 2449(descriptors)s 3537(speci\207ed)s
+4435(when)s 5000(the)s 5337(client)s 5917(is)s 6116(called)s
+6734(gets)s 7159(a)s 7315(read)s 7773(error)s 9(,)k
+8324(or)s 8572(if)s 8778(the)s 480 7661(service)m 1212(is)s
+1422(disconnected)s 2729(for)s 3067(some)s 3628(other)s 4179(reason,)s
+4910(then)s 5379(the)s gsave
+5727 7715 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGHUP)m
+grestore
+6387(will)s
+6813(be)s 7095(deli)s 6(v)k 3(ered)k 240 fnt83
+8033 7663(befor)m 8(e)k 240 fnt82 8689 7661(the)m 480 7421(writing)m
+1223(end\(s\))s 1869(of)s 2140(the)s 2488(service')s 13(s)k
+3374(reading)s 4144(pipe\(s\))s 4856(are)s 5203(closed,)s 5921(so)s
+6187(that)s 6605(the)s 6953(client)s 7543(can)s 7932(distinguish)s
+480 7181(disconnection)m 1866(from)s 2390(reading)s 3160(EOF)s 3670(on)s
+3967(a)s 4133(pipe.)s gsave
+120 6841 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+grestore
+480 6547(Resets)m
+1155(the)s 1503(e)s 3(x)k 3(ecution)k 2484(settings)s
+3265(to)s 3504(the)s 3852(def)s 2(ault.)k 4617(This)s
+5093(is)s 5303(equi)s 6(v)k 6(alent)k 6347(to:)s
+gsave
+960 6361 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cd)m 432(~/)s 0 -292(reject)m 0 -532(no\211set\211environment)m
+0 -772(suppress\211args)m 0 -1012(allow\211fd)m 1296(0)s 1584(read)s 0 -1252(allow\211fd)m
+1296(1\2112)s 1872(write)s 0 -1492(reject\211fd)m 1440(3\211)s 0 -1732(disconnect\211hup)m
+
+grestore
+0 4085(If)m 230(no)s gsave
+523 4139 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute)m
+grestore
+1223(,)s
+gsave
+1330 4139 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211path)m
+grestore
+3032(,)s gsave
+3139 4139 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m
+
+grestore
+5401(or)s gsave
+5660 4139 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(builtin)m
+grestore
+6420(is)s 6630(interpreted)s
+7722(before)s 8388(all)s 8681(the)s 0 3845(\207les)m 449(are)s
+796(read)s 1265(then)s 1734(the)s 2082(request)s 2832(is)s
+3042(rejected.)s 9066 670 0 670 240 240 60 0 2821 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(4.3.)m 628(Err)s 5(ors)k
+1618(in)s 1958(the)s 2458(con\207guration)s 4359(\207le)s
+grestore
+0 2359(If)m
+230(a)s 396(syntax)s 1076(error)s 1599(or)s 1858(other)s
+2409(problem)s 3266(occurs)s 3941(when)s 4517(processing)s 5593(a)s
+5759(con\207guration)s 7092(\207le)s 7453(then)s 7922(a)s 8088(diagnostic)s
+0 2119(will)m 422(be)s 699(issued,)s 1399(to)s 1633(where)s 6(v)k 3(er)k
+2568(the)s 2911(error)s 3429(messages)s 4378(are)s 4721(currently)s
+5632(being)s 6212(sent)s 6652(\(see)s 7087(the)s gsave
+7430 2173 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(errors\211)m
+grestore
+8185(f)s 2(amily)k 8855(of)s 0 1879(directi)m 6(v)k 3(es,)k
+1026(abo)s 3(v)k 3(e\).)k 0 1471(The)m 428(error)s
+951(will)s 1377(cause)s 1964(processing)s 3040(of)s 3311(the)s
+3659(con\207guration)s 4992(\207les)s 5441(to)s 5680(cease)s 6253(at)s
+6485(that)s 6903(point,)s 7502(unless)s 8151(the)s 8499(error)s
+0 1231(w)m 2(as)k 421(inside)s 1048(a)s gsave
+1214 1285 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(catch\211quit)m
+grestore
+2275(construct.)s 3255(In)s 3511(this)s 3907(case)s
+4374(the)s 4722(settings)s 5503(controlling)s 6605(the)s 6953(program')s 13(s)k
+7973(e)s 3(x)k 3(ecution)k 0 991(will)m 426(be)s
+708(reset)s 1218(to)s 1457(the)s 1805(def)s 2(aults)k
+2610(as)s 2860(if)s 3077(a)s gsave
+3243 1045 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+
+grestore
+3803(directi)s 6(v)k 3(e)k 4685(had)s 5089(been)s
+5598(issued,)s 6303(and)s 6707(parsing)s 7464(continues)s 8432(after)s
+gsave
+0 805 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(hctac)m
+grestore
+500 751(.)m 0 52(0.61.1)m 4809(User)s
+5320(service)s 6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
+
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 17 17
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8831 13842(17)m gsave
+0 12808 translate
+240 fnt82 9066 609 0 609 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 5(4.4.)m 628(Defaults)s
+
+grestore
+240 fnt82 0 12346(The)m 428(def)s 2(ault)k 1149(con\207guration)s
+2482(processing)s 3558(is)s 3768(as)s 4018(if)s 4235(the)s
+4583(daemon)s 5398(were)s 5918(parsing)s 6675(an)s 6958(o)s 3(v)k 3(erall)k
+7670(con\207guration)s 0 12106(\207le)m 361(whose)s 1029(contents)s 1877(were)s
+2397(as)s 2647(follo)s 6(ws:)k gsave
+480 11920 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(reset)m
+0 -292(user\211rcfile)m 1728(~/.userv/rc)s 0 -532(errors\211to\211stderr)m 0 -772(include)m 1152(/etc/userv/system.default)s
+0 -1012(if)m 432(grep)s 1152(service\211user\211shell)s 3888(/etc/shells)s 432 -1252(errors\211push)m
+720 -1492(catch\211quit)m 1008 -1732(include\211ifexist)m gsave
+3312 -1680 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207le)m 345(speci\207ed)s
+1248(by)s 1530(most)s 2046(r)s 8(ecent)k 2699(user\211r)s 8(c\207le)k
+3767(dir)s 8(ective)k
+grestore
+720 -1972(hctac)m 432 -2212(srorre)m 0 -2452(fi)m
+0 -2692(include)m 1152(/etc/userv/system.override)s 0 -2932(quit)m
+grestore
+0 8444(If)m 226(one)s
+624(of)s 891(the)s gsave
+1235 8498 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211override)m
+grestore
+2292(options)s
+3044(to)s 3279(the)s 3623(client)s 4209(is)s 4415(used)s
+4908(then)s 5373(it)s 5561(will)s 5983(instead)s 6714(be)s
+6992(as)s 7238(if)s 7451(the)s 7795(daemon)s 8606(were)s
+0 8204(parsing)m 757(an)s 1040(o)s 3(v)k 3(erall)k
+1752(con\207guration)s 3085(as)s 3335(follo)s 6(ws:)k gsave
+480 8018 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(reset)m 0 -292(errors\211to\211stderr)m 0 -532(include)m gsave
+1152 -480 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(\207le)m
+345(containing)s 1423(con\207gur)s 3(ation)k 2765(data)s 3246(sent)s
+3695(by)s 3977(client)s
+grestore
+0 -772(quit)m
+grestore
+0 52(User)m 511(service)s
+1243(daemon)s 2058(and)s 2462(client)s 3052(speci\207cation)s 8491(0.61.1)s
+
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 18 18
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(18)m gsave
+0 12726 translate
+240 fnt82 9066 688 0 688 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 70(5.)m 412(Inf)s 8(ormation)k
+2257(passed)s 3297(thr)s 6(ough)k 4539(the)s 5070(client/daemon)s
+7185(combination)s
+grestore
+240 fnt82 0 12264(The)m 428(information)s 1613(described)s
+2587(belo)s 6(w)k 3220(is)s 3430(the)s 3778(only)s
+4258(information)s 5443(which)s 6085(passes)s 6747(between)s 7601(the)s
+7949(caller)s 8538(and)s 0 12024(the)m 348(service.)s 0 11616(\213)m
+480(The)s 908(service)s 1640(name)s 2214(supplied)s 3083(by)s
+3377(the)s 3725(caller)s 4314(is)s 4524(a)s 4(v)k 6(ailable)k
+5432(in)s 5675(the)s 6023(con\207guration)s 7356(language)s 8276(for)s
+480 11376(deciding)m 1343(whether)s 2158(and)s 2547(which)s 3175(service)s
+3892(program)s 4747(to)s 4971(in)s 9(v)k 4(ok)k 2(e,)k
+5701(in)s 5929(the)s gsave
+6262 11430 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(service)m
+grestore
+7008(parameter)s 9(,)k
+8045(and)s 8434(is)s 8629(used)s 480 11136(by)m 774(the)s
+gsave
+1122 11190 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211directory)m
+grestore
+3384(and)s gsave
+3788 11190 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(execute\211from\211path)m
+
+grestore
+5550(con\207guration)s 6883(directi)s 6(v)k 3(es.)k 7906(It)s
+8111(is)s 8321(usually)s 480 10896(used)m 977(to)s 1216(select)s
+1819(which)s 2461(service)s 3193(program)s 4063(to)s 4302(in)s 9(v)k 4(ok)k 2(e.)k
+5043(It)s 5248(is)s 5458(also)s 5896(passed)s 6592(to)s
+6831(the)s 7179(service)s 7911(program)s 8781(in)s 480 10656(the)m
+gsave
+828 10710 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_SERVICE)m
+grestore
+2189(en)s 9(vironment)k 3449(v)s 6(ariable.)k
+0 10225(\213)m 480(File)s 902(descriptors)s 1995(speci\207ed)s 2897(by)s
+3185(the)s 3528(client)s 4112(and)s 4510(allo)s 6(wed)k
+5313(according)s 6304(to)s 6537(the)s 6879(con\207guration)s 8206(language)s
+480 9985(will)m 906(be)s 1188(connected.)s 2262(Each)s 2797(\207le)s
+3158(descriptor)s 4173(is)s 4383(opened)s 5133(for)s 5471(reading)s
+6241(or)s 6500(writing.)s 7294(Communication)s 8893(is)s 480 9745(via)m
+832(pipes,)s 1444(one)s 1846(end)s 2250(of)s 2521(each)s
+3016(pipe)s 3484(being)s 4069(open)s 4592(on)s 4889(the)s
+5237(appropriate)s 6381(\207le)s 6742(descriptor)s 7757(in)s 8000(the)s
+8348(service)s 480 9505(program)m 1350(\(when)s 2005(it)s 2197(is)s
+2407(in)s 9(v)k 4(ok)k 2(ed\))k 3292(and)s
+3696(the)s 4044(other)s 4595(end)s 4999(being)s 5584(held)s
+6054(by)s 6348(the)s 6696(client)s 7286(process,)s 8110(which)s
+480 9265(will)m 906(read)s 1375(and)s 1779(write)s 2325(\207les)s
+2774(it)s 2966(opens)s 3576(on)s 3873(behalf)s 4542(of)s
+4813(its)s 5089(caller)s 5678(or)s 5937(\207le)s 6298(descriptors)s
+7397(it)s 7589(is)s 7799(passed)s 8495(by)s 480 9025(its)m
+756(caller)s 13(.)k 480 8617(Data)m 991(may)s 1457(be)s
+1739(passed)s 2435(into)s 2860(the)s 3208(service)s 3940(through)s
+4742(reading)s 5512(pipes)s 6068(and)s 6472(out)s 6838(of)s
+7109(it)s 7301(through)s 8103(writing)s 480 8377(pipes.)m 1083(These)s
+1703(pipes)s 2252(can)s 2634(remain)s 3347(open)s 3864(only)s
+4337(until)s 4823(the)s 5164(service)s 5889(and)s 6287(client)s
+6870(ha)s 4(v)k 3(e)k 7364(terminated,)s 8485(or)s
+8737(can)s 480 8137(be)m 762(made)s 1336(to)s 1575(stay)s
+2014(open)s 2537(after)s 3033(the)s 3381(client)s 3971(has)s
+4341(terminated)s 5420(and)s 5824(\(if)s 6120(the)s 6468(service)s
+7200(program)s 8070(forks\))s 8689(the)s 480 7897(main)m 1015(service)s
+1747(process)s 2515(has)s 2885(e)s 3(xited;)k 3578(the)s
+3926(beha)s 4(viour)k 4939(is)s 5149(controlled)s 6176(by)s
+6470(options)s 7226(passed)s 7922(to)s 8161(the)s 8509(client)s
+480 7657(by)m 774(its)s 1050(caller)s 13(.)k 480 7249(The)m
+901(caller)s 1483(can)s 1864(arrange)s 2629(that)s 3039(a)s
+3198(writing)s 3934(pipe)s 4394(be)s 4669(connected)s 5689(to)s
+5921(a)s 6080(pipe)s 6540(or)s 6792(similar)s 7506(object)s
+8143(and)s 8539(cause)s 480 7009(attempts)m 1340(to)s 1579(write)s
+2125(to)s 2364(that)s 2782(descriptor)s 3797(by)s 4091(the)s
+4439(service)s 5171(to)s 5410(generate)s 6275(a)s gsave
+6441 7063 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(SIGPIPE)m
+grestore
+7201(\(or)s gsave
+7539 7063 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(EPIPE)m
+grestore
+8099(if)s
+gsave
+8316 7063 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+grestore
+480 6769(is)m 690(caught)s 1388(or)s
+1647(ignored\))s 2506(in)s 2749(the)s 3097(service.)s 480 6361(Lik)m 2(e)k 6(wise,)k
+1455(the)s 1803(service)s 2535(can)s 2924(close)s 3471(\207ledescriptors)s
+4875(speci\207ed)s 5783(for)s 6121(reading,)s 6945(which)s 7587(will)s
+8013(cause)s 8600(the)s 480 6121(corresponding)m 1902(\207ledescriptors)s 3306(passed)s
+4002(by)s 4296(the)s 4644(caller)s 5233(to)s 5472(be)s
+5754(closed,)s 6472(so)s 6738(that)s 7156(if)s 7373(these)s
+7920(are)s 8267(pipes)s 480 5881(processes)m 1447(which)s 2089(write)s
+2635(to)s 2874(them)s 3412(will)s 3838(recei)s 6(v)k 3(e)k
+gsave
+4574 5935 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGPIPE)m
+grestore
+5334(or)s gsave
+5593 5935 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(EPIPE)m
+
+grestore
+6093(.)s 0 5426(\213)m 480(If)s gsave
+706 5480 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(no\211suppress\211args)m
+
+grestore
+2363(is)s 2568(set)s 2888(then)s 3353(ar)s 4(guments)k
+4391(passed)s 5082(to)s 5316(the)s 5660(client)s 6245(by)s
+6534(its)s 6805(caller)s 7390(will)s 7811(be)s 8088(passed)s
+8779(on,)s 480 5186(v)m 3(erbatim,)k 1433(to)s 1672(the)s
+2020(service.)s 0 4750(\213)m 480(F)s 3(a)k 716(tal)s
+1009(sig)s 1281(nals)s 1717(and)s 2121(sys)s 2418(tem)s
+2836(call)s 3235(f)s 2(ail)k 3545(ures)s 3994(e)s 3(x)k
+4212(pe)s 4434(ri)s 4573(enced)s 5189(by)s 5483(the)s
+5831(client)s 6421(will)s 6847(re)s 7028(sult)s 7433(in)s
+7676(the)s 8024(dis)s 8294(con)s 8637(nec)s 8962(-)s
+480 4510(tion)m 909(of)s 1180(the)s 1528(ser)s 1806(vice)s
+2260(from)s 2784(the)s 3132(client)s 3722(and)s 4126(pos)s
+4450(si)s 4603(bly)s 4963(some)s 5524(of)s 5795(the)s
+6143(com)s 6555(mu)s 6856(ni)s 7036(ca)s 7248(tion)s
+7677(\207le)s 8038(de)s 8260(scrip)s 8717(tors)s 480 4270(de)m
+702(scribed)s 1450(abo)s 3(v)k 3(e;)k 2128(if)s
+gsave
+2345 4324 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(disconnect\211hup)m
+grestore
+3806(is)s 4016(set)s 4341(then)s
+4810(the)s 5158(ser)s 5436(vice)s 5890(will)s 6316(also)s
+6754(be)s 7036(sent)s 7481(a)s gsave
+7647 4324 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(SIGHUP)m
+
+grestore
+8247(.)s 0 3834(\213)m 480(The)s 908(v)s 6(alue)k
+1476(of)s 1747(the)s gsave
+2095 3888 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(LOGNAME)m
+grestore
+2855(\(or)s
+gsave
+3193 3888 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USER)m
+grestore
+3593(\))s 3721(en)s 9(vironment)k
+4981(v)s 6(ariable)k 5800(as)s 6050(passed)s 6746(to)s
+6985(the)s 7333(client)s 7923(will)s 8349(be)s 480 3594(used)m
+977(as)s 1227(the)s 1575(login)s 2124(name)s 2698(of)s
+2969(the)s 3317(calling)s 4020(user)s 4478(if)s 4695(the)s
+5043(uid)s 5407(of)s 5678(the)s 6026(calling)s 6729(process)s
+7497(matches)s 8331(the)s 8679(uid)s 480 3354(corresponding)m 1902(to)s
+2141(that)s 2559(login)s 3108(name.)s 3730(Otherwise)s 4768(the)s
+5116(calling)s 5819(uid')s 13(s)k 6335(passw)s 2(ord)k
+7295(entry)s 7840(will)s 8266(be)s 8548(used)s 480 3114(to)m
+719(determine)s 1730(the)s 2078(calling)s 2781(user')s 13(s)k
+3389(login)s 3938(name.)s 480 2706(This)m 956(login)s 1505(name)s
+2079(and)s 2483(the)s 2831(calling)s 3534(uid)s 3898(are)s
+4245(a)s 4(v)k 6(ailable)k 5153(in)s 5396(the)s
+5744(con\207guration)s 7077(language)s 7997(in)s 8240(the)s gsave
+480 2520 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(calling\211user)m
+grestore
+1741 2466(parameter)m 2755(and)s 3159(are)s 3506(passed)s
+4202(to)s 4441(the)s 4789(service)s 5521(program)s 6391(in)s
+6634(en)s 9(vironment)k 7894(v)s 6(ariables)k gsave
+480 2280 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(USERV_USER)m
+grestore
+1541 2226(and)m gsave
+1945 2280 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_UID)m
+grestore
+2846(.)s
+480 1818(The)m 901(shell)s 1400(corresponding)s 2815(to)s 3047(that)s
+3458(login)s 4000(name)s 4567(\(according)s 5635(to)s 5867(the)s
+6208(passw)s 2(ord)k 7161(entry\))s 7773(is)s 7976(a)s 4(v)k 6(ailable)k
+8876(as)s 480 1578(in)m 723(the)s 1071(con\207guration)s 2404(language')s 13(s)k
+gsave
+3478 1632 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(calling\211user\211shell)m
+grestore
+5340(parameter)s 13(.)k 480 1170(If)m
+710(no)s 1003(rele)s 6(v)k 6(ant)k 1820(passw)s 2(ord)k
+2780(entry)s 3325(can)s 3714(be)s 3996(found)s 4613(then)s
+5082(no)s 5375(service)s 6107(will)s 6533(be)s 6815(in)s 9(v)k 4(ok)k 2(ed.)k
+0 715(\213)m 480(The)s 908(numeric)s 1744(v)s 6(alues)k
+2400(and)s 2804(te)s 3(xtual)k 3506(names)s 4168(for)s
+4506(calling)s 5209(gid)s 5573(and)s 5977(supplementary)s 7439(group)s
+8051(list)s 8402(are)s 0 52(0.61.1)m 4809(User)s 5320(service)s
+6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 19 19
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8832 13842(19)m 240 fnt82 480 13251(a)m 4(v)k 6(ailable)k
+1380(in)s 1615(the)s 1955(con\207guration)s 3280(language)s 4192(in)s
+4427(the)s gsave
+4766 13305 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(calling\211group)m
+grestore
+6119(parameter)s 7125(and)s
+7521(are)s 7860(passed)s 8548(to)s 8778(the)s 480 13011(service)m
+1212(in)s 1455(en)s 9(vironment)k 2715(v)s 6(ariables.)k
+480 12603(If)m 710(no)s 1003(name)s 1577(can)s 1966(be)s
+2248(found)s 2865(for)s 3203(a)s 3369(numeric)s 4205(group)s
+4817(to)s 5056(which)s 5698(the)s 6046(calling)s 6749(process)s
+7517(belongs)s 8313(then)s 8782(no)s 480 12363(service)m 1212(will)s
+1638(be)s 1920(in)s 9(v)k 4(ok)k 2(ed.)k
+0 11957(\213)m 480(The)s 908(name)s 1482(of)s 1753(the)s
+2101(current)s 2837(w)s 2(orking)k 3686(directory)s 4602(in)s
+4845(which)s 5487(the)s 5835(client)s 6425(w)s 2(as)k
+6846(in)s 9(v)k 4(ok)k 2(ed)k 7661(is)s
+7871(passed,)s 8616(if)s 480 11717(a)m 4(v)k 6(ailable)k
+1388(and)s 1792(not)s 2158(hidden)s 2867(using)s gsave
+3439 11771 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(\211\211hidecwd)m
+grestore
+4340(,)s 4447(to)s 4686(the)s 5034(service)s
+5766(program)s 6636(in)s 6879(the)s gsave
+7227 11771 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(USERV_CWD)m
+
+grestore
+8188(v)s 6(ariable.)k 480 11477(This)m 946(grants)s 1570(no)s
+1852(special)s 2560(access)s 3210(to)s 3438(that)s 3846(directory)s
+4751(unless)s 5389(it)s 5571(is)s 5770(a)s 5925(subdirectory)s
+7164(of)s 7424(a)s 7579(directory)s 8484(which)s 480 11237(is)m
+690(e)s 3(x)k 3(ecutable)k 1762(\(searchable\))s 2977(b)s 4(ut)k
+3339(not)s 3705(readable)s 4570(by)s 4864(the)s 5212(service)s
+5944(user)s 13(.)k 0 10780(\213)m 480(Settings)s 1301(speci\207ed)s
+2209(by)s 2503(the)s 2851(caller)s 3440(using)s 4012(the)s
+gsave
+4360 10834 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(\211\211defvar)m gsave
+1295 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+2023(=)s
+gsave
+2167 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(value)m
+grestore
+
+grestore
+6432(option)s 7101(to)s 7340(the)s
+7688(client)s 8278(are)s 480 10540(a)m 4(v)k 6(ailable)k
+1388(in)s 1631(the)s 1979(con\207guration)s 3312(language)s 4232(as)s
+4482(the)s 4830(corresponding)s gsave
+6252 10594 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(u\211)m gsave
+288 0 translate
+1.4219 1.0000 scale
+240 fnt83
+0 -52(name)m
+grestore
+
+grestore
+7018(parameters)s 8116(and)s 8520(are)s 480 10300(passed)m
+1176(to)s 1415(the)s 1763(service)s 2495(program)s 3365(in)s
+3608(en)s 9(vironment)k 4868(v)s 6(ariables)k gsave
+5775 10354 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(USERV_U_)m gsave
+1152 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(name)m
+grestore
+
+grestore
+7082(.)s 0 9845(\213)m
+480(If)s 710(the)s 1058(calling)s 1761(user)s 2219(is)s
+2429(root)s 2874(or)s 3133(the)s 3481(same)s 4028(as)s
+4278(the)s 4626(service)s 5358(user)s 5816(then)s 6285(options)s
+7041(may)s 7507(be)s 7789(gi)s 6(v)k 3(en)k
+8369(to)s 8608(the)s 480 9605(client)m 1070(which)s 1712(bypass)s
+2415(the)s 2763(usual)s 3323(security)s 4133(features;)s 5000(in)s
+5243(this)s 5639(case)s 6106(other)s 6657(information)s 7842(may)s
+8308(pass)s 480 9365(between)m 1334(the)s 1682(caller)s 2271(and)s
+2675(the)s 3023(service.)s 0 52(User)m 511(service)s 1243(daemon)s
+2058(and)s 2462(client)s 3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 20 20
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(20)m gsave
+0 12727 translate
+240 fnt82 9066 687 0 687 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.2 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+340 fnt84 0 69(6.)m 412(A)s 8(pplications)k
+2309(and)s 2935(notes)s 3765(on)s 4204(use)s
+grestore
+gsave
+0 11649 translate
+240 fnt82 9066 670 0 670 240 240 60 LoutGraphic
+gsave
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84
+0 66(6.1.)m 628(Standard)s 1977(ser)s 3(vices)k 3110(and)s
+3697(dir)s 5(ectory)k 5025(management)s
+grestore
+240 fnt82 0 11187(In)m
+250(later)s 726(v)s 3(ersions)k 1565(of)s 1829(this)s
+2219(speci\207cation)s 3477(standard)s 4339(service)s 5064(names)s 5720(and)s
+6117(interf)s 2(aces)k 7087(for)s 7418(common)s 8306(services)s
+0 10947(such)m 496(as)s 746(mail)s 1225(deli)s 6(v)k 3(ery)k
+2053(and)s 2457(WWW)s 3193(CGI)s 3661(scripts)s 4335(will)s
+4761(be)s 5043(speci\207ed.)s gsave
+0 10593 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+500 10539(-us)m
+783(ing)s 1142(ap)s 1361(pli)s 1607(ca)s 1819(tions)s
+2335(and)s 2739(sys)s 3036(tem)s 3454(ser)s 3732(vices)s
+4274(which)s 4916(hide)s gsave
+5384 10593 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+5944(be)s
+6166(hind)s 6650(wrap)s 7121(per)s 7486(scripts)s 8160(may)s
+0 10299(need)m 510(to)s 749(store)s 1269(in)s 1452(for)s
+1730(ma)s 2022(tion)s 2451(in)s 2694(the)s 3042(user')s 13(s)k
+3650(\207lespace)s 4542(to)s 4781(pre)s 5082(serv)s 3(e)k
+5639(the)s 5987(cor)s 6292(rect)s 6709(place)s 7209(ment)s
+7747(of)s 8018(the)s 8366(se)s 8561(-)s 0 10059(cu)m
+221(ri)s 360(ty)s 600(perim)s 1157(iters.)s 1671(Such)s
+2207(ap)s 2426(pli)s 2672(ca)s 2884(tions)s 3400(should)s
+4097(usu)s 4425(al)s 4592(ly)s 4832(do)s 5125(so)s
+5391(in)s 5634(a)s 5800(di)s 5980(rec)s 6264(to)s
+6443(ry)s 6696(\(cre)s 7062(at)s 7234(ed)s 7518(by)s
+7812(them\))s gsave
+0 9873 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(~/.userv/.servdata/)m gsave
+2736 0 translate
+1.4219 1.0000 scale
+240 fnt83 0 -52(service)m
+
+grestore
+
+grestore
+2563 9819(,)m 2670(where)s 240 fnt83 3310 9821(ser)m 3607(vice)s
+240 fnt82 4044 9819(is)m 4254(the)s 4602(ser)s 4880(vice)s
+5334(name)s 5908(or)s 6167(ap)s 6386(pli)s 6632(ca)s
+6844(tion)s 7273(in)s 7516(ques)s 7946(tion.)s 0 9411(The)m
+428(use)s 803(of)s 1074(a)s 1240(dot-directory)s 2541(inside)s
+gsave
+3168 9465 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(~/.userv)m
+grestore
+4029(will)s 4455(hopefully)s 5426(a)s 4(v)k 4(oid)k
+6008(the)s 6356(user)s 6814(becoming)s 7811(confused)s 0 9171(by)m
+294(\207nding)s 1026(parts)s 1541(of)s 1812(a)s 1978(semi-pri)s 6(vile)k 3(ged)k
+3526(application')s 13(s)k 4798(internal)s 5582(state)s 6075(in)s
+6318(their)s 6815(\207lespace,)s 7758(and)s 8162(or)s 0 8931(discourage)m
+1092(them)s 1630(from)s 2154(\207ddling)s 2952(with)s 3434(and)s
+3838(thus)s 4288(corrupting)s 5337(it.)s 5573(\(Note)s 6173(that)s
+6591(such)s 7087(applications)s 8293(should)s 0 8691(of)m 271(course)s
+951(not)s 1317(rely)s 1742(for)s 2080(their)s 2577(global)s
+3230(inte)s 3(grity)k 4090(on)s 4387(the)s 4735(inte)s 3(grity)k
+5595(of)s 5866(the)s 6214(data)s 6672(on)s 6969(the)s
+7317(user')s 13(s)k 7925(side)s 8366(of)s 8637(the)s
+0 8451(security)m 810(boundary)s 15(.\))k 9066 670 0 670 240 240 60 0 7427 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(6.2.)m
+628(Reducing)s 1997(the)s 2497(number)s 3655(of)s 4018(absolutely)s
+5474(pri)s 3(vileged)k 6908(subsystems)s
+grestore
+0 6965(Currently)m 970(most)s
+1495(Unix)s 2029(systems)s 2837(ha)s 4(v)k 3(e)k
+3338(man)s 3(y)k 3921(components)s 5129(which)s 5771(need)s
+6281(to)s 6520(run)s 6896(as)s 7146(root,)s 7638(e)s 6(v)k 3(en)k
+8138(though)s 0 6725(most)m 525(of)s 796(their)s 1293(acti)s 6(vity)k
+2057(does)s 2547(not)s 2913(strictly)s 3629(require)s 4361(it.)s
+4597(This)s 5073(gi)s 6(v)k 3(es)k 5620(rise)s
+6020(to)s 6259(a)s 6425(lar)s 4(ge)k 6954(and)s
+7358(comple)s 3(x)k 8234(body)s 8768(of)s 0 6485(code)m
+508(which)s 1150(must)s 1675(be)s 1957(trusted)s 2665(with)s
+3147(the)s 3495(security)s 4305(of)s 4576(the)s 4924(system.)s
+0 6077(Using)m gsave
+625 6131 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+1185(man)s 3(y)k
+1768(of)s 2039(these)s 2586(subsystems)s 3727(no)s 4020(longer)s
+4691(need)s 5201(an)s 3(y)k 5598(unusual)s 6398(pri)s 6(vile)k 3(ge.)k
+gsave
+0 5723 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cron)m
+grestore
+455 5669(and)m gsave
+853 5723 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(at)m
+
+grestore
+1053(,)s gsave
+1154 5723 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lpr)m
+grestore
+1509(and)s 1907(the)s
+2249(system')s 13(s)k 3117(mail)s 3591(transfer)s 4373(agent)s
+4945(\()s gsave
+5018 5723 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(sendmail)m
+grestore
+5819(,)s gsave
+5921 5723 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(smail)m
+grestore
+6421(,)s gsave
+6522 5723 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(exim)m
+grestore
+6976(or)s
+7229(the)s 7572(lik)s 2(e\))k 8050(all)s 8337(f)s 2(all)k
+8701(into)s 0 5429(this)m 396(cate)s 3(gory)k 15(.)k
+9066 670 0 670 240 240 60 0 4405 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(6.3.)m 628(Do)s 1092(not)s 1615(gi)s 3(v)k 3(e)k
+2234(away)s 3019(excessi)s 3(v)k 3(e)k 4312(pri)s 3(vilege)k
+5571(to)s gsave
+5910 139 translate
+0.6953 1.0000 scale
+320 fnt31 0 -70(userv)m
+grestore
+6577(-using)s 7484(facilities)s
+
+grestore
+0 3943(There)m 613(is)s 823(a)s 989(danger)s 1700(that)s
+2118(people)s 2812(reimplementing)s 4378(the)s 4726(f)s 2(acilities)k
+5595(I)s 5730(mention)s 6571(abo)s 3(v)k 3(e)k
+7193(using)s gsave
+7765 3997 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+8325(will)s 0 3703(discard)m
+731(much)s 1303(of)s 1557(the)s 1888(security)s 2680(bene\207t)s
+3374(by)s 3651(using)s 4206(a)s 4355(nai)s 6(v)k 3(e)k
+4902(implementation)s 6442(technique.)s 7459(This)s 7918(will)s 8326(become)s
+0 3463(clearer)m 708(with)s 1190(an)s 1473(e)s 3(xample:)k
+0 3055(Consider)m 924(the)s gsave
+1272 3109 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lpr)m
+grestore
+1632(program.)s
+2546(In)s 2802(current)s 3538(systems)s 4346(this)s 4742(needs)s
+5338(to)s 5577(ha)s 4(v)k 3(e)k 6078(an)s
+6361(absolutely)s 7398(pri)s 6(vile)k 3(ged)k 0 2815(component)m
+1124(in)s 1367(order)s 1931(to)s 2170(support)s 2948(delayed)s
+3750(printing)s 4560(without)s 5351(cop)s 2(ying:)k 6227(when)s
+6803(the)s 7151(user)s 7609(queues)s 8325(a)s 8491(\207le)s
+0 2575(to)m 239(be)s 521(printed)s 1256(the)s 1604(\207lename)s
+2483(is)s 2693(stored)s 3335(in)s 3578(the)s 3926(print)s
+4437(queue,)s 5116(rather)s 5732(than)s 6201(a)s 6367(cop)s 2(y)k
+6885(of)s 7156(it,)s 7395(and)s 7799(the)s 8147(printer)s
+0 2335(daemon)m 813(accesses)s 1671(the)s 2016(\207le)s 2375(directly)s
+3155(when)s 3729(it)s 3918(is)s 4126(ready)s 4708(to)s
+4945(print)s 5453(the)s 5799(job)s 9(.)k 6197(In)s
+6451(order)s 7012(that)s 7428(the)s 7773(user)s 8229(can)s
+8615(print)s 0 2095(\207les)m 449(which)s 1091(are)s 1438(not)s
+1804(w)s 2(orld-readable)k 3304(the)s 3652(daemon)s 4467(is)s
+4677(gi)s 6(v)k 3(en)k 5257(root)s 5702(pri)s 6(vile)k 3(ge)k
+6598(so)s 6864(that)s 7282(it)s 7474(can)s 7863(open)s
+8386(the)s 8734(\207le)s 0 1855(in)m 243(the)s 591(conte)s 3(xt)k
+1352(of)s 1623(the)s 1971(user)s 9(,)k 2467(rather)s
+3083(than)s 3552(its)s 3828(o)s 6(wn.)k 0 1447(A)m
+212(simple-minded)s 1686(approach)s 2602(to)s 2823(con)s 9(v)k 3(erting)k
+3868(this)s 4246(scheme)s 5001(to)s 5222(use)s gsave
+5579 1501 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(userv)m
+grestore
+6120(might)s 6720(in)s 9(v)k 4(olv)k 3(e)k
+7460(gi)s 6(ving)k 8101(the)s 8430(printer)s 0 1207(daemon)m
+811(\(the)s gsave
+1233 1261 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lp)m
+grestore
+1489(user\))s 2010(the)s
+2354(ability)s 3013(to)s 3248(read)s 3712(the)s 4055(\207le)s
+4412(by)s 4701(allo)s 6(wing)k 5581(them)s 6114(to)s
+6349(run)s gsave
+6720 1261 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cat)m
+grestore
+7076(\(or)s 7409(a)s
+7570(special-purpose)s 0 967(\207le-reading)m 1140(program\))s 2063(as)s 2299(an)s 3(y)k
+2681(user)s 13(.)k 3155(The)s gsave
+3569 1021 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lpr)m
+
+grestore
+3914(program)s 4769(w)s 2(ould)k 5410(use)s 5770(a)s
+gsave
+5922 1021 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+6467(service)s 7184(to)s 7409(store)s
+7914(the)s 8247(\207lename)s 0 727(in)m 243(the)s 591(printer)s
+1287(daemon')s 13(s)k 2255(queues,)s 3027(and)s 3431(the)s
+3779(daemon)s 4594(w)s 2(ould)k 5249(read)s 5718(the)s
+6066(\207le)s 6427(later)s 6910(when)s 7486(it)s 7678(felt)s
+8055(lik)s 2(e)k 8467(it.)s 0 52(0.61.1)m 4809(User)s
+5320(service)s 6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
+
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 21 21
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+%%+ font Times-Italic
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+1 LoutMargSet
+grestore
+240 fnt84 8839 13842(21)m 240 fnt82 0 13254(Ho)m 6(we)k 6(v)k 3(er)k 9(,)k
+960(this)s 1356(w)s 2(ould)k 2011(allo)s 6(w)k
+2590(the)s 2938(printer)s 3634(daemon)s 4449(to)s 4688(read)s
+5157(an)s 3(y)k 5554(\207le)s 5915(on)s 6212(the)s
+6560(system,)s 7331(whether)s 8161(or)s 8420(not)s 0 13014(someone)m
+907(had)s 1311(ask)s 2(ed)k 1912(for)s 2250(it)s
+2442(to)s 2681(be)s 2963(printed.)s 3744(Since)s 4331(man)s 3(y)k
+4914(\207les)s 5363(will)s 5789(contain)s 6550(passw)s 2(ords)k
+7596(and)s 8000(other)s 0 12774(security-critical)m 1551(information)s 2736(this)s
+3132(is)s 3342(nearly)s 3993(as)s 4243(bad)s 4647(as)s
+4897(gi)s 6(ving)k 5556(the)s 5904(daemon)s 6719(root)s
+7164(access)s 7825(in)s 8068(the)s 8416(\207rst)s 0 12534(place.)m
+608(An)s 3(y)k 1072(security)s 1882(holes)s 2438(in)s
+2681(the)s 3029(print)s 3540(serv)s 3(er)k 4180(which)s
+4822(allo)s 6(w)k 5401(a)s 5567(user)s 6025(to)s
+6264(e)s 3(x)k 3(ecute)k 7044(commands)s 8132(as)s
+8382(the)s gsave
+8730 12588 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lp)m
+grestore
+0 12294(user)m 458(will)s
+884(gi)s 6(v)k 3(e)k 1343(the)s 1691(user)s
+2149(the)s 2497(ability)s 3161(to)s 3400(read)s 3869(an)s 3(y)k
+4266(\207le)s 4627(on)s 4924(the)s 5272(system.)s 0 11886(Instead,)m
+790(it)s 975(is)s 1178(necessary)s 2153(to)s 2385(k)s 2(eep)k
+2881(a)s 3040(record)s 3700(of)s 3964(which)s 4599(\207les)s
+5040(the)s 5381(daemon)s 6189(has)s 6552(been)s 7053(ask)s 2(ed)k
+7647(to)s 7879(print)s 240 fnt83 8382 11888(outside)m 240 fnt82
+0 11646(the)m 348(control)s 1080(of)s 1351(the)s 1699(print)s
+2210(daemon.)s 3072(This)s 3548(record)s 4216(could)s 4806(be)s
+5088(k)s 2(ept)k 5558(by)s 5852(a)s 6018(ne)s 6(w)k
+6465(root-pri)s 6(vile)k 3(ged)k 7947(component,)s 0 11406(b)m 4(ut)k
+352(this)s 737(is)s 936(not)s 1291(necessary:)s 2315(the)s
+2652(record)s 3309(of)s 3569(which)s 4200(\207les)s 4638(a)s
+4794(user)s 5241(has)s 5600(ask)s 2(ed)k 6190(to)s
+6418(be)s 6689(printed)s 7413(can)s 7791(be)s 8062(k)s 2(ept)k
+8521(under)s 0 11166(the)m 348(control)s 1080(of)s 1351(the)s
+1699(user)s 2157(in)s 2400(question.)s 3315(The)s 3743(submission)s
+4877(program)s gsave
+5747 11220 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(lpr)m
+grestore
+6107(will)s 6533(mak)s 2(e)k
+7105(a)s 7271(record)s 7939(in)s 8182(an)s 8465(area)s
+0 10926(under)m 605(the)s 953(user')s 13(s)k 1561(control)s
+2293(before)s 2959(communicating)s 4500(with)s 4982(the)s 5330(print)s
+5841(serv)s 3(er)k 9(,)k 6519(and)s 6923(the)s
+7271(print)s 7782(serv)s 3(er)k 8422(w)s 2(ould)k
+0 10686(be)m 279(gi)s 6(v)k 3(en)k 855(the)s
+1199(ability)s 1859(to)s 2094(run)s 2466(a)s 2628(special)s
+3342(\207le-reading)s 4493(program)s 5359(which)s 5997(w)s 2(ould)k
+6648(only)s 7124(allo)s 6(w)k 7699(\207les)s 8144(to)s
+8379(be)s 8657(read)s 0 10446(which)m 642(were)s 1162(listed)s
+1737(in)s 1980(the)s 2328(user')s 13(s)k 2936(\207le)s
+3297(of)s 3568(things)s 4204(the)s 3(y')k 12(d)k
+4858(ask)s 2(ed)k 5459(to)s 5698(print.)s 0 10038(No)m 6(w)k
+502(security)s 1300(holes)s 1844(in)s 2075(most)s 2588(of)s
+2846(the)s 3182(printing)s 3980(system)s 4692(do)s 4973(not)s
+5327(critically)s 6215(af)s 6(fect)k 6799(the)s 7135(security)s
+7933(of)s 8192(the)s 8527(entire)s 0 9798(system:)m 770(the)s 3(y)k
+1233(only)s 1713(allo)s 6(w)k 2292(the)s 2640(attack)s 2(er)k
+3453(to)s 3692(read)s 4161(and)s 4565(interfere)s 5428(with)s
+5910(print)s 6421(jobs.)s 6924(Bugs)s 7468(in)s 7711(the)s
+8059(programs)s 0 9558(run)m 373(by)s 664(the)s 1009(print)s
+1517(serv)s 3(er)k 2154(to)s 2390(read)s 2856(users')s
+3456(\207les)s 3902(\(and)s 4382(to)s 4618(remo)s 3(v)k 3(e)k
+5382(entries)s 6066(from)s 6587(the)s 6932(list)s 7280(of)s
+7548(\207les)s 7994(when)s 8567(it)s 8756(has)s 0 9318(done)m
+522(with)s 1004(them\))s 1610(will)s 2036(still)s 2448(be)s
+2730(serious,)s 3514(b)s 4(ut)k 3876(this)s 4272(program)s
+5142(can)s 5531(be)s 5813(quite)s 6347(simple.)s 0 8910(Similar)m
+762(considerations)s 2194(apply)s 2780(to)s 3019(man)s 3(y)k
+gsave
+3602 8964 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+4102(-based)s 4784(v)s 3(ersions)k
+5629(of)s 5900(f)s 2(acilities)k 6769(which)s 7411(currently)s
+8327(run)s 0 8670(as)m 250(root.)s 0 8262(It)m 198(is)s
+401(debatable)s 1366(whether)s 2189(the)s 2530(user)s 4(-controlled)k
+4023(state)s 4509(should)s 5199(be)s 5474(k)s 2(ept)k
+5937(in)s 6173(the)s 6514(user')s 13(s)k 7115(\207lespace)s
+8000(\(in)s 8315(dot\207les,)s 0 8022(say\))m 440(or)s 692(k)s 2(ept)k
+1155(in)s 1391(a)s 1550(separate)s 2381(area)s 2831(set)s
+3149(aside)s 3688(for)s 4019(the)s 4360(purpose;)s 5223(ho)s 6(we)k 6(v)k 3(er)k 9(,)k
+6123(using)s 6688(the)s 7029(user')s 13(s)k 7630(home)s
+8210(directory)s 0 7782(\(and)m 468(probably)s 1357(creating)s 2164(a)s
+2314(separate)s 3137(subdirectory)s 4370(of)s 4626(it)s 4802(as)s
+5037(a)s 5187(dot\207le)s 5839(to)s 6062(contain)s 6808(man)s 3(y)k
+7375(subsystems')s 8561(state\))s 0 7542(has)m 370(fe)s 6(wer)k
+967(implications)s 2199(for)s 2537(the)s 2885(rest)s 3289(of)s
+3560(the)s 3908(system)s 4632(and)s 5036(mak)s 2(es)k
+5696(it)s 5888(entirely)s 6671(clear)s 7194(where)s 7834(the)s
+8182(security)s 0 7302(boundaries)m 1101(lie.)s 9066 670 0 670 240 240 60 0 6278 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(6.4.)m
+gsave
+628 139 translate
+0.6953 1.0000 scale
+320 fnt31 0 -70(userv)m
+grestore
+1375(is)s 1659(not)s 2182(a)s
+2419(r)s 5(eplacement)k 4178(f)s 8(or)k gsave
+4655 139 translate
+0.6953 1.0000 scale
+320 fnt31
+0 -70(really)m
+grestore
+5536(and)s gsave
+6123 139 translate
+0.6953 1.0000 scale
+320 fnt31 0 -70(sudo)m
+grestore
+
+grestore
+gsave
+0 5870 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(userv)m
+grestore
+560 5816(is)m 770(not)s 1136(intended)s 2018(as)s
+2268(a)s 2434(general-purpose)s 4030(system)s 4754(administration)s 6191(tool)s
+6618(with)s 7100(which)s 7742(system)s 0 5576(administrators)m 1398(can)s
+1767(e)s 3(x)k 3(ecute)k 2528(pri)s 6(vile)k 3(ged)k
+3526(programs)s 4461(when)s 5017(the)s 3(y)k 5461(need)s
+5951(to.)s 6222(It)s 6407(is)s 6598(unsuitable)s 7617(for)s
+7936(this)s 8312(purpose)s 0 5336(precisely)m 916(because)s 1729(it)s
+1921(enforces)s 2781(a)s 2947(strong)s 3598(separation)s 4637(between)s
+5491(the)s 5839(calling)s 6542(and)s 6946(the)s 7294(called)s
+7922(program,)s 0 5096(which)m 642(is)s 852(undesirable)s 2010(in)s
+2253(this)s 2649(conte)s 3(xt.)k 0 4688(Its)m 289(f)s 2(acilities)k
+1158(for)s 1496(restricting)s 2516(acti)s 6(vities)k 3422(to)s
+3661(running)s 4459(certain)s 5165(programs)s 6119(may)s 6585(at)s
+6817(\207rst)s 7248(glance)s 7928(seem)s 8479(to)s 0 4420(pro)m 3(vide)k
+769(similar)s 1476(functionality)s 2736(to)s gsave
+2960 4474 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(sudo)m
+
+grestore
+153 fnt82 3360 4509(1)m 240 fnt82 3420 4420(.)m 3509(Ho)s 6(we)k 6(v)k 3(er)k 9(,)k
+4454(the)s 4787(separation)s 5811(mentioned)s 6864(abo)s 3(v)k 3(e)k
+7471(is)s 7666(a)s 7817(problem)s 8659(here)s 0 4180(too,)m
+413(particular)s 1387(for)s 1725(interaction)s 2803(-)s 2931(it)s
+3123(can)s 3512(be)s 3794(hard)s 4277(for)s 4615(a)s
+gsave
+4781 4234 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(userv)m
+grestore
+5341(service)s 6073(program)s 6943(to)s
+7182(interact)s 7957(with)s 8439(its)s 8714(real)s 0 3940(caller)m
+589(or)s 848(the)s 1196(user)s 1654(in)s 1897(question.)s
+9066 670 0 670 240 240 60 0 2916 LoutGr2
+newpath 0 ysize 0.3 ft sub moveto
+xsize 0 rlineto
+0 0.1 ft rlineto
+xsize neg 0 rlineto
+closepath fill
+grestore
+320 fnt84 0 66(6.5.)m 628(Don't)s 1488(gi)s 3(v)k 3(e)k
+2107(access)s 3013(to)s 3352(general-pur)s 3(pose)k 5640(utilities)s
+
+grestore
+0 2454(Do)m 346(not)s 712(specify)s 1456(general)s 2214(purpose)s
+3028(programs)s 3982(lik)s 2(e)k gsave
+4394 2508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(mv)m
+
+grestore
+4654(or)s gsave
+4913 2508 translate
+0.6953 1.0000 scale
+240 fnt31 0 -52(cat)m
+grestore
+5273(in)s gsave
+5516 2508 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(execute\211)m
+grestore
+6377(directi)s 6(v)k 3(es)k 7347(without)s
+8138(careful)s 0 2214(thought)m 792(about)s 1384(their)s 1881(ar)s 4(guments,)k
+2980(and)s 3384(certainly)s 4273(not)s 4639(if)s gsave
+4856 2268 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(no\211suppress\211args)m
+grestore
+6518(is)s 6728(speci\207ed.)s 7682(If)s 7912(you)s
+8327(do)s 8620(so)s 8886(it)s 0 1974(will)m 426(gi)s 6(v)k 3(e)k
+885(the)s 1233(caller)s 1822(much)s 2411(more)s 2958(pri)s 6(vilige)k
+3817(than)s 4286(you)s 4701(probably)s 5606(intend.)s 0 1566(It)m
+205(is)s 415(a)s 581(shame)s 1248(that)s 1666(I)s
+1801(ha)s 4(v)k 3(e)k 2302(to)s 2541(say)s
+2914(this)s 3310(here,)s 3828(b)s 4(ut)k 4190(ine)s 3(xperienced)k
+5586(administrators)s 7003(ha)s 4(v)k 3(e)k 7504(made)s
+8078(similar)s 1134 0 0 0 240 240 60 0 1178 LoutGr2
+0 0 moveto xsize 0 lineto stroke
+grestore
+
+grestore
+122 fnt82 0 983(1)m gsave
+58 956 translate
+0.6953 1.0000 scale
+192 fnt31 0 -42(sudo)m
+
+grestore
+192 fnt82 425 913(is)m 593(a)s 726(program)s 1422(which)s
+1936(allo)s 4(ws)k 2472(users)s 2905(to)s 3097(e)s 2(x)k 2(ecute)k
+3723(certain)s 4289(programs)s 5052(as)s 5252(root,)s 5646(according)s
+6444(to)s 6636(con\207guration)s 7703(\207les)s 8062(speci\207ed)s 8789(by)s
+0 683(the)m 279(system)s 858(administrator)s 10(.)k 240 fnt82
+0 52(User)m 511(service)s 1243(daemon)s 2058(and)s 2462(client)s
+3052(speci\207cation)s 8491(0.61.1)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Page: 22 22
+%%BeginPageSetup
+%%PageResources: font Times-Roman
+%%+ font Times-Bold
+%%+ font Courier-Bold
+/pgsave save def
+0.0500 dup scale 10 setlinewidth
+%%EndPageSetup
+gsave
+0 0 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 11900 16840 0 16840 240 240 60 LoutGraphic
+gsave
+LoutPageSet
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+
+grestore
+
+grestore
+gsave
+0 16840 translate
+0.0000 rotate
+gsave
+1417 -15423 translate
+240 fnt82 0.0 0.0 0.0 setrgbcolor 9066 14006 0 14006 240 240 60 LoutGraphic
+gsave
+0 LoutMargSet
+grestore
+240 fnt84 0 13842(22)m 240 fnt82 0 13254(mistak)m 2(es)k
+885(with)s 1367(programs)s 2321(lik)s 2(e)k gsave
+2733 13308 translate
+0.6953 1.0000 scale
+240 fnt31
+0 -52(sudo)m
+grestore
+3133(.)s 0 52(0.61.1)m 4809(User)s 5320(service)s
+6052(daemon)s 6867(and)s 7271(client)s 7861(speci\207cation)s
+grestore
+
+grestore
+
+pgsave restore
+showpage
+
+%%Trailer
+%%DocumentNeededResources: font Courier-Bold
+%%+ font Times-Roman
+%%+ font Times-Italic
+%%+ font Times-Bold
+%%DocumentSuppliedResources: procset LoutStartUp
+%%+ procset LoutMarginNotes
+%%+ encoding vec2
+%%Pages: 22
+%%EOF
--- /dev/null
+<!doctype debiandoc system>
+
+<book>
+<title>User service daemon and client specification
+<author>Ian Jackson <email>ian@davenant.greenend.org.uk
+<version>0.61.1</version>
+
+<abstract>
+This is a specification for a Unix system facility to allow one
+program to invoke another when only limited trust exists
+between them.
+
+<copyright>
+<prgn/userv/ is Copyright 1996-1999 Ian Jackson.
+<p>
+
+<prgn/userv/ is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+<p>
+
+This program is distributed in the hope that it will be useful, but
+<em/without any warranty/; without even the implied warranty of
+<em/merchantability/ or <em/fitness for a particular purpose/. See
+the GNU General Public License for more details.
+<p>
+
+You should have received a copy of the GNU General Public License
+along with <prgn/userv/; if not, write to the Free Software
+Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+<toc sect>
+
+<chapt id="intro">Introduction
+<p>
+There is a daemon which invokes user service programs (henceforth
+`services') in response to requests by callers of a companion client
+program (henceforth the `client') and according to rules set forth in
+system-wide and user-specific configuration files. The companion
+client program is setuid root, and negotiates with the daemon through
+an <prgn/AF_UNIX/ socket and associated objects in a system-wide
+private directory set aside for the purpose. The user who wishes the
+service to be performed and calls the client is called the `calling
+user'; the process which calls the client is called the `calling
+process'.
+
+<p>
+The daemon and the client are responsible for ensuring that
+information is safely carried across the security boundary between the
+two users, and that the processes on either side cannot interact with
+each other in any unexpected ways.
+
+<chapt id="client">Client program usage
+
+<p>
+<example>
+userv <var/options/ [--] <var/service-user/ <var/service-name/ [<var/argument/ ...]
+userv <var/options/ -B|--builtin [--] <var/builtin-service/ [<var/info-argument/ ...]
+</example>
+<p>
+
+<var/service-user/ specifies which user is to provide the service.
+The user may be a login name or a numeric uid, or <tt/-/ to indicate
+that the service user is to be the same as the calling user.
+<p>
+
+The service name is interpreted by the userv<footnote><prgn/userv/ is
+short for `user services', and is pronounced `you-serve'.</footnote>
+daemon on behalf of the service user. It will often be the name of a
+program.
+
+<sect>Options
+<p>
+
+Single-letter options may be combined as is usual with Unix programs,
+and the value for such an option may appear in the same argument or in
+the next.
+
+<taglist>
+<tag/<tt/-B//
+<tag/<tt/--builtin//
+<item>
+Requests that a builtin service be provided. This is equivalent to
+using the <prgn/--override/ option to specify a string consisting of
+<prgn/execute-builtin/ followed by the <var/builtin-service/
+requested, and requesting a service user of <tt/-/ (indicating the
+calling user).
+<p>
+
+If the builtin service being requested requires a
+<var/service-argument/ then this must be supplied to the client in the
+same argument as the <var/builtin-service/. See <ref
+id="dirs-execution"> for details of the builtin services available,
+and <ref id="optoverride"> for details of the <prgn/--override/
+options.
+<p>
+
+The actual service name passed will be the <var/builtin-service/; note
+that this actual service name (as opposed to the override data) and
+the <var/info-argument/s supplied will be ignored by most builtin
+services; the override mechanism and <prgn/execute-builtin/ will be
+used to ensure that the right builtin service is called with the right
+<var/service-argument/s.
+
+<tag/<tt/-f<var/fd/[<var/modifiers/]=<var/filename///
+<tag/<tt/--file <var/fd/[<var/modifiers/]=<var/filename///
+<item>
+Requests that data be copied in and out of the service using pipes.
+For each file or descriptor this will be done by creating a pipe, one
+end of which is passed to the service program and the other end of
+which is passed to a copy of <prgn/cat/ invoked by the client; the
+other file descriptor passed to <prgn/cat/ will be one inherited by
+the client program from the caller or one opened by the client program
+on behalf of the caller.
+<p>
+
+The descriptor in the service program that should be connected must be
+specified as <var/fd/, either as a decimal number or as one of the
+strings <tt/stdin/, <tt/stdout/ or <tt/stderr/. The next argument is
+a filename which will be opened by the client with the privileges of
+the calling user.
+
+<p>
+<var/modifiers/ is used to specify whether the file or descriptor is
+to be read from or written to. It consists of a series of words
+separated by commas. A comma may separate the <var/modifiers/ from
+the <var/fd/ and is required if <var/fd/ is not numeric.
+
+<p>
+The modifier words are:
+<taglist compact>
+<tag/<tt/read//
+<item>
+<tt/O_RDONLY/: Allow reading and not writing. May not be used with
+<tt/write/ or things that imply it.
+
+<tag/<tt/write//
+<item>
+<tt/O_WRONLY/: Allow writing and not reading. <em/Doesn't truncate or
+create/ without <tt/truncate/ or <tt/create/. <tt/write/ or things
+that imply it may not be used with <tt/read/.
+
+<tag/<tt/overwrite//
+<item>
+Equivalent to <tt/write,create,truncate/.
+
+<tag/<tt/create//
+<tag/<tt/creat//
+<item>
+<tt/O_CREAT/: Creates the file if necessary. Implies <tt/write/.
+
+<tag/<tt/exclusive//
+<tag/<tt/excl//
+<item>
+<tt/O_EXCL/: Fails if the file already exists. Implies <tt/write/ and
+<tt/create/. May not be used with <tt/truncate/.
+
+<tag/<tt/truncate//
+<tag/<tt/trunc//
+<item>
+<tt/O_TRUNC/: Truncate any existing file. Implies <tt/write/.
+May not be used with <tt/exclusive/.
+
+<tag/<tt/append//
+<item>
+<tt/O_APPEND/: All writes will append to the file. Implies <tt/write/
+(but not <tt/create/).
+
+<tag/<tt/sync//
+<item>
+<tt/O_SYNC/: Do writes synchronously. Implies <tt/write/.
+
+<tag/<tt/wait//
+<tag/<tt/nowait//
+<tag/<tt/close//
+<item>
+
+These modifiers control the behaviour of the client, with respect to
+the pipes carrying data to and from the service, when the service
+terminates. See below.
+
+<tag/<tt/fd//
+<item>
+The <var/filename/ is not a filename but a numeric file descriptor.
+One or both of <tt/read/ and <tt/write/ must be specified, and no
+other words are allowed. The <var/filename/ may also be <tt/stdin/,
+<tt/stdout/ or <tt/stderr/ for file descriptor 0, 1 or 2 respectively.
+
+</taglist>
+<p>
+
+If no <var/modifiers/ which imply <tt/read/ or <tt/write/ are used it
+is as if <tt/write/ had been specified, except that if the
+filedescriptor 0 of the service is being opened (either specified
+numerically or with <tt/stdin/) it is as if <tt/overwrite/ had been
+specified (or <tt/write/ if only <tt/fd/ was specified).
+<p>
+
+The client will also use <tt/O_NOCTTY/ when opening files specified by
+the caller, to avoid changing its controlling terminal.
+<p>
+
+By default stdin, stdout and stderr of the service will be connected
+to the corresponding descriptors on the client. Diagnostics from
+the client and daemon will also appear on stderr.
+<p>
+
+If <tt/wait/ is specified, the client will wait for the pipe to be
+closed, and only exit after this has happened. This means that either
+the receiving end of the pipe connection was closed while data was
+still available at the sending end, or that the end of file was
+reached on the reading file descriptor. Errors encountered reading or
+writing in the client at this stage will be considered a system error
+and cause the client to exit with status 255, but will not cause
+disconnection at the service side since the service has already
+exited.
+<p>
+
+If <tt/close/ is specified the client will immediately close the pipe
+connection by killing the relevant copy of <prgn/cat/. If the service
+uses the descriptor it will get <prgn/SIGPIPE/ (or <prgn/EPIPE/) for a
+writing descriptor or end of file for a reading one; the descriptor
+opened by or passed to the client will also be closed.
+<p>
+
+If <tt/nowait/ is specified then the client will not wait and the
+connection will remain open after the client terminates. Data may
+continue to be passed between the inheritors of the relevant
+descriptor on the service side and the corresponding file or
+descriptor on the client side until either side closes their
+descriptor. This should not usually be specified for stderr (or
+stdout if <tt/--signals stdout/ is used) since diagnostics from
+the service side may arrive after the client has exited and be
+confused with expected output.
+<p>
+
+The default is <tt/wait/ for writing file descriptors and <tt/close/
+for reading ones.
+
+<tag/<tt/-w<var/fd/=<var/action///
+<tag/<tt/--fdwait<var/fd/=<var/action///
+<item>
+Sets the action on termination of the service for the specified file
+descriptor; <var/action/ must be <tt/wait/, <tt/nowait/ or <tt/close/
+as described above. The file descriptor must be specified as open
+when this option is encountered; this option is overridden by any
+later <prgn/--file/ or <prgn/--fdwait/ option - even by a
+<prgn/--file/ which does not specify an action on termination (in this
+case the default will be used, as described above).
+
+<tag/<tt/-D<var/name/=<var/value///
+<tag/<tt/--defvar <var/name/=<var/value///
+<item>
+Set a user-defined variable <var/name/ to <var/value/. These
+user-defined variables are made available in the configuration
+language as the parameters <tt/u-<var/name// and are passed to the
+service in environment variables <tt/USERV_U_<var/name//. <var/name/
+may contain only alphanumerics and underscores, and must start with a
+letter. If several definitions are given for the same <var/name/ then
+only the last is effective.
+
+<tag/<tt/-t <var/seconds///
+<tag/<tt/--timeout <var/seconds///
+<item>
+Time out the service if it takes longer than <var/seconds/ seconds (a
+positive integer, in decimal). Timeout will produce a diagnostic on
+stderr and an exit status of 255. If <var/seconds/ is zero then no
+timeout will be implemented (this is the default).
+
+<tag/<tt/-S/ <var/method//
+<tag/<tt/--signals/ <var/method//
+<item>
+Affects the handling of the exit status when the service terminates
+due to a signal. (The client will always finish by calling
+<prgn/_exit/, so that only numbers from 0 to 255 can be returned and
+not the full range of numbers and signal indications which can be
+returned by the <prgn/wait/ family of system calls.)
+<p>
+
+The <var/method/ may be one of the following:
+<taglist compact>
+<tag/<var/status/
+<item>
+The client's exit status will be <var/status/. This will not be
+distinguishable from the service really having exited with code
+<var/status/. This method is the default, with a <var/status/ of 254.
+
+<tag/<tt/number//
+<tag/<tt/number-nocore//
+<item>
+The client's exit status will be the number of the signal which caused
+the termination of the service. If <tt/number/ is used rather than
+<tt/number-nocore/ then 128 will be added if the service dumped core.
+<tt/number/ is very like the exit code mangling done by the Bourne
+shell.
+
+<tag/<tt/highbit//
+<item>The client's exit status will be the number of the signal with
+128 added. If the service exits normally with an exit code of greater
+than 127 then 127 will be returned.
+
+<tag/<tt/stdout//
+<item>
+The service's numeric wait status as two decimal numbers (high byte
+first) and a textual description of its meaning will be printed to the
+client's standard output. It will be preceded by a newline and
+followed by an extra newline, and the numbers are separated from each
+other and from the textual description by single spaces. The exit
+status of the client will be zero, unless a system error occurs in
+which case no exit status and description will be printed to stdout,
+and an error message will be printed to stderr as usual.
+</taglist>
+
+<p>
+Problems such as client usage errors, the service not being found or
+permission being denied or failure of a system call are system errors.
+An error message describing the problem will be printed on the
+client's stderr, and the client's exit status will be 255. If the
+client dies due to a signal this should be treated as a serious system
+error.
+
+<tag/<tt/-H//
+<tag/<tt/--hidecwd//
+<item>
+Prevents the calling process's current directory name from being
+passed to the service; the null string will be passed instead.
+
+<tag/<tt/-P//
+<tag/<tt/--sigpipe//
+<item>
+If the service program is terminated due to a <prgn/SIGPIPE/ the exit
+status of the client will be zero, even if it would have been
+something else according to the exit status method specified. This
+option has no effect on the code and description printed if the exit
+status method <tt/stdout/ is in use.
+
+<tag/<tt/-h//
+<tag/<tt/--help//
+<tag/<tt/--copyright//
+<item>
+<tt/-h/ or <tt/--help/ prints the client's usage message;
+<tt/--copyright/ prints the copyright and lack of warranty notice.
+
+</taglist>
+
+<sect id="optoverride">Security-overriding options
+<p>
+
+There are also some options which are available for debugging and to
+allow the system administrator to override a user's policy. These
+options are available only if the client is called by root or if the
+calling user is the same as the service user.
+
+<taglist>
+
+<tag/<tt/--override <var/configuration-data///
+<tag/<tt/--override-file <var/filename///
+<item>
+Do not read the usual configuration files. Instead, the client sends
+<var/configuration-data/ (followed by a newline) or the contents of
+<var/filename/ (which is opened in the context of the client) to the
+daemon and the daemon uses that data instead. The
+<var/configuration-data/ must all be in one argument. It will have a
+single newline appended so that a single directive can easily be
+given, but if more than one directive is required it will have to
+contain one or more real newlines.
+
+<tag/<tt/--spoof-user <var/user///
+<item>
+Pretend to the service that it is being called by <var/user/ (which
+may be a username or a uid). This will also affect the group and
+supplementary groups supplied to the service; they will be the
+standard group and supplementary groups for <var/user/. The
+<tt/--spoof-user/ option will <em/not/ affect which user is chosen if
+the service user is specified as just <tt/-/; in this case the service
+user will be the real calling user.
+
+</taglist>
+
+
+<chapt id="envir">Execution environment of the service program
+<p>
+
+The daemon which is handling the service user side of things will read
+configuration files to decide what to do. If it decides to allow the
+service to be provided it will fork a subprocess to execute the
+service.
+<p>
+
+The service will have no controlling terminal, but it will be a
+process group leader.
+<p>
+
+If the client is killed or times out or a file or descriptor being
+read or written by the client process gets an error then the service
+will be disconnected from the client. The client will return an exit
+status of 255 and some the service's pipes may be closed at the other
+end. The service will become a child of <prgn/init/. The service may
+well not notice the disconnection, though writing to a pipe after this
+may produce a <prgn/SIGPIPE/ and the facility exists to have a
+<prgn/SIGHUP/ sent to the service on disconnection.
+
+<sect>File descriptors
+<p>
+
+The service program's standard filedescriptors, and possibly other
+file descriptors, will be connected to pipes or to
+<prgn>/dev/null</>. The <prgn/userv/ client/daemon pair will arrange
+that data is copied between the files or file descriptors specified to
+to the client by the caller and these these pipes.
+<p>
+
+Pipes which may be written to will be closed if a write error occurs
+on the corresponding client-side file or descriptor, which may result
+in a <prgn/SIGPIPE/ in the service program; pipes open for reading
+will get <prgn/EOF/ if the client-side file descriptor gets <prgn/EOF/
+or an error.
+<p>
+
+If the service closes one of its reading file descriptors the writing
+end of the corresponding pipe will generate a <prgn/SIGPIPE/ when
+attempts are made by the client/daemon pair to write to it. This will
+not be considered an error; rather, the relevant pipe will be
+discarded and the corresponding file or file descriptor held by the
+client will be closed.
+<p>
+
+Likewise, if one of the file descriptors held by the client for
+writing by the service is a pipe whose other end is closed by the
+caller then the client/daemon pair will see an error when trying to
+copy data provided by the service. This too will not be considered an
+error; rather, the pipe correspondong to that descriptor will be
+closed and any further writes will cause the service to get a
+<prgn/SIGPIPE/.
+<p>
+
+Note that not all write errors or broken pipes on file descriptors may
+be visible to the service, since buffered data may be discarded by the
+operating system and there will be a finite interval between the error
+happening and the service being disconnected from the client or the
+next write causing a <prgn/SIGPIPE/.
+<p>
+
+Read errors on file descriptors (and disconnection) will only be
+visible to the service and distinguishable from normal end of file if
+<prgn/disconnect-hup/ is in effect.
+<p>
+
+Read and write errors (other than broken pipes, as described above)
+will always be visible to the caller; they are system errors, and will
+therefore cause the client to print an error message to stderr and
+return with an exit status of 255.
+<p>
+
+If the main service program process exits while it still has running
+children any file descriptors held by those children can remain open,
+depending on the use of <tt/wait/, <tt/nowait/ or <tt/close/ for the
+relevant file descriptor in the client's arguments. By default
+writing filedescriptors remain open and the client will wait for them
+to be closed at the service end, and reading file descriptors are
+closed immediately. These leftover child processes will not get a any
+<prgn/SIGHUP/ even if a read or write error occurs or the client
+disconnects before then.
+
+<sect>Environment
+<p>
+
+The service will have some information in environment variables:
+<taglist compact>
+<tag/<tt/USERV_USER//
+<item>
+The login name of the calling user. If the <prgn/LOGNAME/ variable is
+set (or, if that is unset, if the <prgn/USER/ variable is set) in the
+environment passed to the client by the caller then the password entry
+for that login name will be looked up; if that password entry's uid is
+the same as that of the calling process then that login name will be
+used, otherwise (or if neither <prgn/LOGNAME/ nor <prgn/USER/ is set)
+the calling process's uid will be looked up to determine their login
+name (and if this lookup fails then the service will not be invoked).
+
+<tag/<tt/USERV_UID//
+<item>
+The uid of the calling process.
+
+<tag/<tt/USERV_GID//
+<item>
+The gid and supplementary group list of the calling process: first the
+group in gid and then those in the supplementary group list, in
+decimal, separated by spaces.
+
+<tag/<tt/USERV_GROUP//
+<item>
+The group names of the calling process, listed in the same way as the
+ids are in <prgn/USERV_GID/. If no name can be found for any of the
+calling process's group(s) then the service will not be invoked.
+
+<tag/<tt/USERV_CWD//
+<item>
+The client's current working directory name (this directory may not be
+accessible to the service). If it could not be determined or the
+<prgn/--hidecwd/ flag was used then this variable will be set to an
+empty string (this is not considered an error).
+
+<tag/<tt/USERV_SERVICE//
+<item>
+The service name requested by the caller.
+
+<tag/<tt/USERV_U_<var/name///
+<item>
+The value supplied to the client by the caller using -D<var/name/.
+
+</taglist>
+
+<prgn/HOME/, <prgn/PATH/, <prgn/SHELL/, <prgn/LOGNAME/ and <prgn/USER/
+will be set appropriately (according to the details of the service
+user).
+
+
+<chapt id="config">Service-side configuration
+<p>
+
+Which services may be run by whom and under what conditions is
+controlled by configuration files.
+<p>
+
+The daemon will read these files in order. Certain directives in the
+files modify the daemon's execution settings for invoking the service,
+for example allowing certain file descriptors to be specified by the
+client or specifying which program to execute to provide the service.
+<p>
+
+The <em/last/ instance of each such setting will take effect. The
+directives which specify which program to execute will not stop the
+configuration file from being read; they will be remembered and will
+only take effect if they are not overridden by a later directive.
+<p>
+
+The daemon will first read <tt>/etc/userv/system.default</>. Then, by
+default (this behaviour may be modified), it will read a per-user file
+<tt>~/.userv/rc</>, if it exists and the service user's shell is in
+<tt>/etc/shells</>. Finally it will read
+<tt>/etc/userv/system.override</>.
+<p>
+
+When it has read all of these files it will act according to the
+currently values of of the execution settings.
+
+<sect>Configuration file syntax
+<p>
+
+The configuration file is a series of directives, usually one per
+line. The portion of a line following a hash character <tt/#/ is
+taken as a comment and ignored. Each directive consists of a series
+of tokens separated by linear whitespace (spaces and tabs); tokens may
+be words consisting of non-space characters, or, where a string is
+required, a string in double quotes. Double-quoted strings may
+contain the following backslash escapes:
+
+<taglist compact>
+<tag/<tt/\n//<item>newline
+<tag/<tt/\t//<item>tab
+<tag/<tt/\r//<item>carriage return
+<tag/<tt/\<var/OOO///<item>character whose octal code is <var/OOO/
+<tag/<tt/\x<var/XX///<item>character whose hex code is <var/XX/
+<tag/<tt/\<var/punctuation///<item>literal punctuation character (eg <tt/\\/, <tt/\"/)
+<tag/<tt/\<var/newline// (ie, backslash at end of line)/
+<item>string continues on next line
+</taglist>
+<p>
+
+Relative pathnames in directives are relative to the service program's
+current directory (usually the service user's home directory).
+Pathnames starting with the two characters <tt>~/</> are taken to be
+relative to the service user's home directory.
+
+<sect id="directives">Configuration file directives
+<p>
+
+<sect1 id="dirs-immediate">Immediate directives
+<p>
+
+The following directives take effect immediately:
+
+<taglist>
+<tag/<tt/cd <var/pathname///
+<item>
+Change directory in the service program. <prgn/cd/ is cumulative. It
+is an error if the directory cannot be changed to.
+<p>
+
+<prgn/cd/ should not be used between <prgn/execute-from-directory/ and
+the invocation of the service program, as the test for the
+availability of the service program would be done with the old current
+directory and the actual execution with the new (probably causing an
+error).
+
+<tag/<tt/eof//
+<item>
+Stop reading the configuration file in question, as if end of file had
+been reached. Any control constructs (<prgn/if/, <prgn/catch-quit/ or
+<prgn/errors-push/) which were started in that file will be considered
+finished. Parsing will continue in the file which caused the file
+containing the <prgn/eof/ to be read.
+
+<tag/<tt/quit//
+<item>
+Stop reading configuration files and act immediately on the current
+settings. The behaviour of <prgn/quit/ is subject to the
+<prgn/catch-quit/ control construct.
+
+<tag/<tt/include <var/filename///
+<tag/<tt/include-ifexist <var/filename///
+<item>
+Read the configuration file <var/filename/, and then return to this
+file and continue parsing it with the next directive. It is an error
+if the file cannot be opened and read, unless <prgn/include-ifexist/
+is used and the file does not exist, in which case the directive is
+silently ignored.
+
+<tag/<tt/include-lookup <var/parameter/ <var/directory///
+<tag/<tt/include-lookup-all <var/parameter/ <var/directory///
+<item>
+Read the configuration file in <var/directory/ whose name is the value
+of <var/parameter/ (see the description of <prgn/if/, <ref
+id="dirs-control">). If <var/parameter/ has several values they will
+be tried in order; with <prgn/include-lookup/ this search will stop
+when one is found, but with <prgn/include-lookup-all/ the search will
+continue and any files appropriate to other values will be read too.
+<p>
+
+If none of the parameter's values had a corresponding file then the
+file <tt/:default/ will be read, if it exists. If <var/parameter/'s
+list of values was empty then the file <tt/:none/ will be tried first
+and read if it exists, otherwise <tt/:default/ will be tried.
+<p>
+
+It is not an error for any of the files (including <tt/:default/) not
+to exist, but it is an error if a file exists and cannot be read or if
+the directory cannot be accessed.
+
+<p>
+A translation will be applied to values before they are used to
+construct a filename, so that the lookup cannot access dotfiles or
+files in other directories: values starting with full stops will have
+a colon prepended (making <tt/:./), colons will be doubled, and each
+slash will be replaced with a colon followed by a hyphen <tt>:-</>. A
+parameter value which is the empty string will be replaced with
+<tt/:empty/ (note that this is different from a parameter not having
+any values).
+
+<tag/<tt/include-directory <var/directory///
+<item>
+Read configuration from all files in directory <var/directory/ which
+are plain files whose names consist only of alphanumerics and hyphens
+and start with an alphanumeric. They will be read in lexical order.
+It is an error for the directory not to exist or for it or any of the
+files found not to be read successfully, or for anything with an
+appropriate name not to be a plain file or a symbolic link to a plain
+file.
+
+<tag/<tt/error <var/text ...///
+<item>
+Causes an error whose message includes the descriptive string
+<var/text/. <var/text/ may consist of several tokens with intervening
+whitespace. The whitespace will be included in the message as found
+in the configuration file: all the characters until the end of the
+line will be included verbatim, unless they are part of a
+double-quoted string, in which case the usual meaning of the string
+(i.e., after backslash escape processing) will be used. Comments and
+linear whitespace at the end of the line (or just before the comment)
+will still be ignored.
+
+<tag/<tt/message <var/text ...///
+<item>
+Causes a message including the descriptive string <var/text/ to be
+delivered as if it were an error message, but does not actually cause
+an error.
+</taglist>
+
+<sect1 id="dirs-delayed">Directives with delayed effect
+<p>
+
+The following directives have no immediate effect, but are remembered
+and have an effect on later processing of the configuration files.
+
+<taglist>
+<tag/<tt/user-rcfile <var/filename///
+<item>
+Specifies that the file <var/filename/ should be read instead of the
+user's <tt>~/.userv/rc</>. This does <em/not/ happen immediately;
+instead, the setting is remembered and used after the
+<prgn/system.default/ configuration file has been read. This
+directive has no effect in a user's configuration file or in the
+<prgn/system.override/ file, as the user's configuration file has
+already been found and read by then and will not be re-read.
+
+<tag/<tt/errors-to-stderr//
+<item>
+Causes error messages to be delivered to the client's stderr.
+
+<tag/<tt/errors-to-file/ <var/filename//
+<item>
+Error messages will be written to <var/filename/, which will be opened
+in the context of and with the privileges of the service user.
+
+<tag/<tt/errors-to-syslog/ [<var/facility/ [<var/level/]]/
+<item>
+Error messages will be delivered using <prgn/syslog/. The default
+<var/facility/ is <tt/user/; the default <var/level/ is <tt/error/.
+</taglist>
+
+<sect1 id="dirs-control">Control structure directives
+<p>
+
+The following directives are used to create control structures. If
+the end of the file is encountered before the end of any control
+structure which was started inside it then that control structure is
+considered finished. This is not an error.
+
+<taglist>
+<tag/<tt/if <var/condition///
+<tag/<tt/elif <var/condition///
+<tag/<tt/else//
+<tag/<tt/fi//
+<item>
+Lines following <prgn/if/ are interpreted only if the condition is
+true. Many conditions are properties of parameter values. Most
+parameters have a single string as a value; however, some may yield
+zero or several strings, in which case the condition is true if it is
+true of any of the strings individually. Parameters are described
+below.
+<p>
+
+The conditions are:
+
+<taglist compact>
+<tag/<tt/glob <var/parameter/ <var/glob-pattern/ ...//
+<item>
+The value of the parameter whose name is given matches one of the glob
+patterns (anchored at both ends; backslashes can be used to escape
+metacharacters).
+
+<tag/<tt/range <var/parameter/ <var/min/ <var/max///
+<item>
+The value of the parameter is a nonnegative integer and lies within
+the range specified. <var/min/ or <var/max/ may be <tt/$/ to indicate
+no lower or upper limit, respectively.
+
+<tag/<tt/grep <var/parameter/ <var/filename///
+<item>
+The <var/filename/ refers to a file one of whose lines is the value of
+the parameter (leading or trailing whitespace on each line and empty
+lines in the file are ignored). It is an error for the file not to be
+opened and read.
+
+<tag/<tt/! <var/condition///
+<item>
+The <var/condition/ is <em/not/ true.
+
+<tag/Conjunctions: <tt/&/ and <tt/|//
+<item>
+<example>
+( <var/condition/
+& <var/condition/
+& <var/condition/
+...
+)
+</example>
+is true if all the listed conditions are true; where <tt/|/ is used it
+is true if any of them is true. Newlines must be used to separate one
+condition from the next, as shown, and the parentheses are mandatory.
+These conjunctions do not do lazy evaluation.
+</taglist>
+<p>
+
+The parameters are:
+
+<taglist compact>
+<tag/<tt/service//
+<item>
+The service name specified when the client was called.
+
+<tag/<tt/calling-user//
+<item>
+Two strings: the login name of the calling user (determined as for
+<prgn/USERV_USER/, above) and the calling uid (represented in
+decimal).
+
+<tag/<tt/calling-group//
+<item>
+Several strings: the primary and supplementary group names and gids
+(in decimal) of the calling process. All the group names come first,
+and then the gids. If the first supplementary group is the same as
+the primary group then it is elided.
+
+<tag/<tt/calling-user-shell//
+<item>
+The calling user's shell, as listed in the password entry for the
+calling login name (as determined for <prgn/USERV_USER/, above).
+
+<tag/<tt/service-user//
+<item>
+Two strings: the name of the service user (as specified to the client)
+and their uid (represented in decimal).
+
+<tag/<tt/service-group//
+<item>
+Several strings: the primary and supplementary group names and gids
+(in decimal) of the service user.
+
+<tag/<tt/service-user-shell//
+<item>
+The service user's shell, as listed in their password entry.
+
+<tag/<tt/u-<var/name///
+<item>
+The value of the user-defined variable <var/name/ passed by the caller
+using the <prgn/--defvar/ command-line option to the client. If the
+variable was not defined then this parameter is an empty list of
+strings; in this case any condition which tests it will be false, and
+<tt/include-lookup/ on it will read the <tt/:none/ file, or
+<tt/:default/ if <tt/:none/ is not found.
+
+</taglist>
+
+<tag/<tt/errors-push/ <var/filename//
+<tag/<tt/srorre//
+<item>
+Stacks the error handling behaviour currently in effect. Any changes
+to error handling will take effect only between <prgn/errors-push/ and
+<prgn/srorre/.
+
+<tag/<tt/catch-quit//
+<tag/<tt/hctac//
+<item>
+Any use of <prgn/quit/ inside <prgn/catch-quit/ will merely cause the
+parsing to continue at <prgn/hctac/ instead. Any control constructs
+started since the <prgn/catch-quit/ will be considered finished if a
+<prgn/quit/ is found.
+<p>
+
+If an error occurs inside <prgn/catch-quit/ the execution settings
+will be reset (as if by the <prgn/reset/ directive) and parsing will
+likewise continue at <prgn/hctac/.
+<p>
+
+If a lexical or syntax error is detected in the same configuration
+file as the <prgn/catch-quit/, while looking for the <prgn/hctac/
+after an error or <prgn/quit/, that new error will not be caught.
+
+</taglist>
+
+<sect1 id="dirs-execution">Directives for changing execution settings
+<p>
+
+The following directives modify the execution settings; the server
+will remember the fact that the directive was encountered and act on
+it only after all the configuration has been parsed. The <em/last/
+directive which modifies any particuar setting will take effect.
+
+<taglist>
+<tag/<tt/reject//
+<item>
+Reject the request. <prgn/execute/, <prgn/execute-from-directory/ and
+<prgn/execute-from-path/ will change this setting.
+
+<tag/<tt/execute <var/program/ [<var/argument/ ...]//
+<item>
+Execute the program <var/program/, with the arguments as specified,
+followed by any arguments given to the client if
+<prgn/no-suppress-args/ is in effect. It is an error for the
+execution to fail when it is attempted (after all the configuration
+has been parsed). If <var/program/ does not contain a slash it will
+be searched for on the service user's path.
+
+<tag/<tt/execute-from-directory <var/pathname/ [<var/argument/ ...]//
+<item>
+Take all the characters after the last slash of the service name
+specified when the client was called, and execute that program in the
+directory named by <var/pathname/ as if it had been specified for
+<var/execute/. The part of the service name used may contain only
+alphanumerics and hyphens and must start with an alphanumeric (and it
+must be non-empty), otherwise it is an error.
+<p>
+
+This directive is ignored if the relevant program does not exist in
+the directory specified; in this case the program to execute is left
+at its previous setting (or unset, if it was not set before).
+<p>
+
+It is an error for the test for the existence of the program to fail
+other than with a `no such file or directory' indication. It is also
+an error for the execution to fail if and when it is attempted (after
+all the configuration has been parsed).
+
+<tag/<tt/execute-from-path//
+<item>
+<var/service/ is interpreted as a program on the default <prgn/PATH/
+(or as a pathname of an executable, if it contains a <tt>/</>). This
+directive is <em/very dangerous/, and is only provided to make the
+<prgn/--override/ options effective. It should not normally be used.
+It is an error for the execution to fail when it is attempted (after
+all the configuration has been parsed).
+
+<tag/<tt/execute-builtin <var/service-name/ <var/service-arguments//
+<item>
+Executes the builtin service <var/service-name/. These builtin
+services display information about the server and/or the request, and
+ignore any arguments passed from the service side except possibly to
+print them as part of their output. They write their results to their
+standard output (i.e., wherever file descriptor 1 is directed). The
+builtin services are:
+
+<taglist compact>
+<tag/<tt/execute//
+<item>
+Displays the execution settings, defined variables,
+arguments, etc. with which the builtin service was invoked.
+
+<tag/<tt/environment//
+<item>
+Displays the environment variable settings with which the builtin
+service was invoked.
+
+<tag/<tt/parameter <var/parameter///
+<item>
+Displays the values of the service configuration language parameter
+specified.
+
+<tag/<tt/version//
+<item>
+Displays the version string and compilation details of the uservd
+server program.
+
+<tag/<tt/reset//
+<item>
+Displays the default reset configuration (evaluated when <prgn/reset/
+is found in a configuration file, or when an error is caught by
+<prgn/catch-quit/).
+
+<tag/<tt/toplevel//
+<item>
+Displays the top-level default configuration (the configuration data,
+evaluated by the server, which calls all the other configuration
+files).
+
+<tag/<tt/override//
+<item>
+Displays the top-level override configuration (the configuration data,
+evaluated by the server, which causes all the other configuration data
+to be parsed).
+
+<tag/<tt/help//
+<item>
+Displays a list of the understood builtin service names and arguments.
+</taglist>
+
+In the future other builtin services may be defined which do more than
+just print information.
+
+<tag/<tt/set-environment//
+<tag/<tt/no-set-environment//
+<item>
+Runs <tt>/etc/environment</> to set the service user's environment.
+This adds the overhead of invoking a shell, but doesn't cause any
+shell (de)mangling of the service's arguments. This is achieved by
+invoking
+<example>
+.../program arg arg arg ...
+</example>
+as
+<example>
+/bin/sh -c '. /etc/environment; exec "$@"' - .../program arg arg arg ...
+</example>
+<prgn/no-set-environment/ cancels the effect of
+<prgn/set-environment/.
+
+<tag/<tt/no-suppress-args//
+<tag/<tt/suppress-args//
+<item>
+Include any arguments given to the client as arguments to the program
+invoked as a result of an <prgn/execute/,
+<prgn/execute-from-directory/ or <prgn/execute-from-path/ directive.
+<prgn/suppress-args/ undoes the effect of <prgn/no-suppress-args/.
+
+<tag/<tt/require-fd <var/fd-range/ read|write//
+<item>
+Insist that the filedescriptor(s) be opened for reading resp. writing.
+It is an error if any descriptor marked as required when the service
+is about to be invoked (after the configuration has been parsed) was
+not specified when the client was invoked. Each file descriptor has a
+separate setting, and the last one of <prgn/require-fd/,
+<prgn/allow-fd/, <prgn/ignore-fd/, <prgn/null-fd/ or <prgn/reject-fd/
+which affected a particular file descriptor will take effect.
+<p>
+
+<var/fd-range/ may be a single number, two numbers separated by a
+hyphen, or one number followed by a hyphen (indicating all descriptors
+from that number onwards). It may also be one of the words
+<tt/stdin/, <tt/stdout/ or <tt/stderr/. Open-ended file descriptor
+rangers are allowed only with <prgn/reject-fd/ and <prgn/ignore-fd/,
+as otherwise the service program would find itself with a very large
+number of file descriptors open.
+<p>
+
+When the configuration has been parsed, and before the service is
+about to be executed, stderr (fd 2) must be required or allowed
+(<prgn/require-fd/ or <prgn/allow-fd/) for writing; this is so that
+the error message printed by the server's child process if it cannot
+<prgn/exec/ the service program is not lost.
+
+<tag/<tt/allow-fd <var/fd-range/ [read|write]//
+<item>
+Allow the descriptor(s) to be opened for reading resp. writing, or
+either if neither <tt/read/ nor <tt/write/ is specified. If a
+particular descriptor not specified by the client then it will be open
+onto <tt>/dev/null</> (for reading, writing, or both, depending on
+whether <tt/read/, <tt/write/ or neither was specified).
+
+<tag/<tt/null-fd <var/fd-range/ [read|write]//
+<item>
+Specify that the descriptor(s) be opened onto <prgn>/dev/null</> for
+reading resp. writing, or both if neither <tt/read/ nor <tt/write/
+is specified. Any specification of these file descriptors by the
+client will be silently ignored; the client will see its ends of the
+descriptors being closed immediately.
+
+<tag/<tt/reject-fd <var/fd-range///
+<item>
+Do not allow the descriptor(s) to be specified by the client. It is
+an error if any descriptor(s) marked for rejection are specified when
+the service is about to be invoked (after the configuration has been
+parsed).
+
+<tag/<tt/ignore-fd <var/fd-range///
+<item>
+Silently ignore any specification by the client of those
+descriptor(s). The pipes corresponding to these descriptors will be
+closed just before the service is invoked.
+
+<tag/<tt/disconnect-hup//
+<tag/<tt/no-disconnect-hup//
+<item>
+Causes the service's process group to get a <prgn/SIGHUP/ if the
+client disconnects before the main service process terminates.
+<prgn/no-disconnect-hup/ cancels <prgn/disconnect-hup/.
+<p>
+
+If one of the reading descriptors specified when the client is called
+gets a read error, or if the service is disconnected for some other
+reason, then the <prgn/SIGHUP/ will be delivered <em/before/ the
+writing end(s) of the service's reading pipe(s) are closed, so that
+the client can distinguish disconnection from reading EOF on a pipe.
+
+<tag/<tt/reset//
+<item>
+Resets the execution settings to the default. This is equivalent to:
+<example>
+cd ~/
+reject
+no-set-environment
+suppress-args
+allow-fd 0 read
+allow-fd 1-2 write
+reject-fd 3-
+disconnect-hup
+</example>
+
+</taglist>
+
+If no <prgn/execute/, <prgn/execute-from-path/,
+<prgn/execute-from-directory/ or <prgn/builtin/ is interpreted before
+all the files are read then the request is rejected.
+
+
+<sect id="configerrors">Errors in the configuration file
+<p>
+
+If a syntax error or other problem occurs when processing a
+configuration file then a diagnostic will be issued, to wherever the
+error messages are currently being sent (see the <prgn/errors-/ family
+of directives, above).
+<p>
+
+The error will cause processing of the configuration files to cease at
+that point, unless the error was inside a <prgn/catch-quit/ construct.
+In this case the settings controlling the program's execution will be
+reset to the defaults as if a <prgn/reset/ directive had been issued,
+and parsing continues after <prgn/hctac/.
+
+
+<sect id="defaults">Defaults
+<p>
+
+The default configuration processing is as if the daemon were parsing
+an overall configuration file whose contents were as follows:
+
+<example>
+reset
+user-rcfile ~/.userv/rc
+errors-to-stderr
+include /etc/userv/system.default
+if grep service-user-shell /etc/shells
+ errors-push
+ catch-quit
+ include-ifexist <var/file specified by most recent user-rcfile directive/
+ hctac
+ srorre
+fi
+include /etc/userv/system.override
+quit
+</example>
+<p>
+
+If one of the <prgn/--override/ options to the client is used then it
+will instead be as if the daemon were parsing an overall configuration
+as follows:
+
+<example>
+reset
+errors-to-stderr
+include <var/file containing configuration data sent by client/
+quit
+</example>
+
+
+<chapt id="ipass">Information passed through the client/daemon combination
+<p>
+
+The information described below is the only information which passes
+between the caller and the service.
+
+<list>
+<item>
+The service name supplied by the caller is available in the
+configuration language for deciding whether and which service program
+to invoke, in the <prgn/service/ parameter, and is used by the
+<prgn/execute-from-directory/ and <prgn/execute-from-path/
+configuration directives. It is usually used to select which service
+program to invoke. It is also passed to the service program in the
+<prgn/USERV_SERVICE/ environment variable.
+
+<item>
+File descriptors specified by the client and allowed according to the
+configuration language will be connected. Each file descriptor is
+opened for reading or writing. Communication is via pipes, one end of
+each pipe being open on the appropriate file descriptor in the service
+program (when it is invoked) and the other end being held by the
+client process, which will read and write files it opens on behalf of
+its caller or file descriptors it is passed by its caller.
+<p>
+
+Data may be passed into the service through reading pipes and out of
+it through writing pipes. These pipes can remain open only until the
+service and client have terminated, or can be made to stay open after
+the client has terminated and (if the service program forks) the main
+service process has exited; the behaviour is controlled by options
+passed to the client by its caller.
+<p>
+
+The caller can arrange that a writing pipe be connected to a pipe or
+similar object and cause attempts to write to that descriptor by the
+service to generate a <prgn/SIGPIPE/ (or <prgn/EPIPE/ if
+<prgn/SIGPIPE/ is caught or ignored) in the service.
+<p>
+
+Likewise, the service can close filedescriptors specified for reading,
+which will cause the corresponding filedescriptors passed by the
+caller to be closed, so that if these are pipes processes which write
+to them will receive <prgn/SIGPIPE/ or <prgn/EPIPE/.
+
+<item>
+If <prgn/no-suppress-args/ is set then arguments passed to the client
+by its caller will be passed on, verbatim, to the service.
+
+<item>
+Fatal signals and system call failures experienced by the client will
+result in the disconnection of the service from the client and
+possibly some of the communication file descriptors described above;
+if <prgn/disconnect-hup/ is set then the service will also be sent a
+<prgn/SIGHUP/.
+
+<item>
+The value of the <prgn/LOGNAME/ (or <prgn/USER/) environment variable
+as passed to the client will be used as the login name of the calling
+user if the uid of the calling process matches the uid corresponding
+to that login name. Otherwise the calling uid's password entry will
+be used to determine the calling user's login name.
+<p>
+
+This login name and the calling uid are available in the configuration
+language in the <prgn/calling-user/ parameter and are passed to the
+service program in environment variables <prgn/USERV_USER/ and
+<prgn/USERV_UID/.
+<p>
+
+The shell corresponding to that login name (according to the password
+entry) is available as in the configuration language's
+<prgn/calling-user-shell/ parameter.
+<p>
+
+If no relevant password entry can be found then no service will be
+invoked.
+
+<item>
+The numeric values and textual names for calling gid and supplementary
+group list are available in the configuration language in the
+<prgn/calling-group/ parameter and are passed to the service in
+environment variables.
+<p>
+
+If no name can be found for a numeric group to which the calling
+process belongs then no service will be invoked.
+
+<item>
+The name of the current working directory in which the client was
+invoked is passed, if available and not hidden using <prgn/--hidecwd/,
+to the service program in the <prgn/USERV_CWD/ variable. This grants no
+special access to that directory unless it is a subdirectory of a
+directory which is executable (searchable) but not readable by the
+service user.
+
+<item>
+Settings specified by the caller using the <tt/--defvar
+<var/name/=<var/value// option to the client are available in the
+configuration language as the corresponding <tt/u-<var/name//
+parameters and are passed to the service program in environment
+variables <tt/USERV_U_<var/name//.
+
+<item>
+If the calling user is root or the same as the service user then
+options may be given to the client which bypass the usual security
+features; in this case other information may pass between the caller
+and the service.
+
+</list>
+
+<chapt id="notes">Applications and notes on use
+<p>
+
+<sect id="standards">Standard services and directory management
+<p>
+
+In later versions of this specification standard service names and
+interfaces for common services such as mail delivery and WWW CGI
+scripts will be specified.
+<p>
+
+<prgn/userv/-using applications and system services which hide
+<prgn/userv/ behind wrapper scripts may need to store information in
+the user's filespace to preserve the correct placement of the security
+perimiters. Such applications should usually do so in a directory
+(created by them) <tt>~/.userv/.servdata/<var/service/</>, where
+<var/service/ is the service name or application in question.
+<p>
+
+The use of a dot-directory inside <tt>~/.userv</> will hopefully avoid
+the user becoming confused by finding parts of a semi-privileged
+application's internal state in their filespace, and or discourage
+them from fiddling with and thus corrupting it. (Note that such
+applications should of course not rely for their global integrity on
+the integrity of the data on the user's side of the security
+boundary.)
+
+<sect id="reducepriv">Reducing the number of absolutely privileged subsystems
+<p>
+
+Currently most Unix systems have many components which need to run as
+root, even though most of their activity does not strictly require
+it. This gives rise to a large and complex body of code which must be
+trusted with the security of the system.
+<p>
+
+Using <prgn/userv/ many of these subsystems no longer need any unusual
+privilege.
+<p>
+
+<prgn/cron/ and <prgn/at/, <prgn/lpr/ and the system's mail transfer
+agent (<prgn/sendmail/, <prgn/smail/, <prgn/exim/ or the like) all
+fall into this category.
+
+<sect id="noexcess">Do not give away excessive privilege to <prgn/userv/-using facilities
+<p>
+
+There is a danger that people reimplementing the facilities I mention
+above using <prgn/userv/ will discard much of the security benefit by
+using a naive implementation technique. This will become clearer with
+an example:
+<p>
+
+Consider the <prgn/lpr/ program. In current systems this needs to
+have an absolutely privileged component in order to support delayed
+printing without copying: when the user queues a file to be printed
+the filename is stored in the print queue, rather than a copy of it,
+and the printer daemon accesses the file directly when it is ready to
+print the job. In order that the user can print files which are not
+world-readable the daemon is given root privilege so that it can open
+the file in the context of the user, rather than its own.
+<p>
+
+A simple-minded approach to converting this scheme to use <prgn/userv/
+might involve giving the printer daemon (the <prgn/lp/ user) the
+ability to read the file by allowing them to run <prgn/cat/ (or a
+special-purpose file-reading program) as any user. The <prgn/lpr/
+program would use a <prgn/userv/ service to store the filename in the
+printer daemon's queues, and the daemon would read the file later when
+it felt like it.
+<p>
+
+However, this would allow the printer daemon to read any file on the
+system, whether or not someone had asked for it to be printed. Since
+many files will contain passwords and other security-critical
+information this is nearly as bad as giving the daemon root access in
+the first place. Any security holes in the print server which allow a
+user to execute commands as the <prgn/lp/ user will give the user the
+ability to read any file on the system.
+<p>
+
+Instead, it is necessary to keep a record of which files the daemon
+has been asked to print <em/outside/ the control of the print daemon.
+This record could be kept by a new root-privileged component, but this
+is not necessary: the record of which files a user has asked to be
+printed can be kept under the control of the user in question. The
+submission program <prgn/lpr/ will make a record in an area under the
+user's control before communicating with the print server, and the
+print server would be given the ability to run a special file-reading
+program which would only allow files to be read which were listed in
+the user's file of things they'd asked to print.
+<p>
+
+Now security holes in most of the printing system do not critically
+affect the security of the entire system: they only allow the attacker
+to read and interfere with print jobs. Bugs in the programs run by the
+print server to read users' files (and to remove entries from the list
+of files when it has done with them) will still be serious, but this
+program can be quite simple.
+<p>
+
+Similar considerations apply to many <prgn/userv/-based versions of
+facilities which currently run as root.
+<p>
+
+It is debatable whether the user-controlled state should be kept in
+the user's filespace (in dotfiles, say) or kept in a separate area set
+aside for the purpose; however, using the user's home directory (and
+probably creating a separate subdirectory of it as a dotfile to
+contain many subsystems' state) has fewer implications for the rest of
+the system and makes it entirely clear where the security boundaries
+lie.
+
+<sect id="notreally"><prgn/userv/ is not a replacement for <prgn/really/ and <prgn/sudo/
+<p>
+
+<prgn/userv/ is not intended as a general-purpose system
+administration tool with which system administrators can execute
+privileged programs when they need to. It is unsuitable for this
+purpose precisely because it enforces a strong separation between the
+calling and the called program, which is undesirable in this context.
+<p>
+
+Its facilities for restricting activities to running certain programs
+may at first glance seem to provide similar functionality to
+<prgn/sudo/<footnote><prgn/sudo/ is a program which allows users to
+execute certain programs as root, according to configuration files
+specified by the system administrator.</footnote>. However, the
+separation mentioned above is a problem here too, particular for
+interaction - it can be hard for a <prgn/userv/ service program to
+interact with its real caller or the user in question.
+
+<sect id="nogeneral">Don't give access to general-purpose utilities
+<p>
+
+Do not specify general purpose programs like <prgn/mv/ or <prgn/cat/
+in <prgn/execute-/ directives without careful thought about their
+arguments, and certainly not if <prgn/no-suppress-args/ is specified.
+If you do so it will give the caller much more privilige than you
+probably intend.
+<p>
+
+It is a shame that I have to say this here, but inexperienced
+administrators have made similar mistakes with programs like
+<prgn/sudo/.
+
+</book>
--- /dev/null
+/*
+ * Copyright (C)1996-1997,1999 Ian Jackson
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv; if not, write to the Free Software
+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+
+
+
+
+
+#ifndef TOKENS_H
+#define TOKENS_H
+
+enum tokens {
+ tokm_instance= 0x000000ff,
+ tokm_repres= 0x00000f00,
+ tokm_type= 0xfffff000,
+ tokr_nonstring= 0x00000100,
+ tokr_word= 0x00000200,
+ tokr_punct= 0x00000300,
+ tokr_string= 0x00000400,
+ tokt_directive= 0x00001000,
+ tokt_controlstart= 0x00002000,
+ tokt_controlend= 0x00004000,
+ tokt_exception= 0x00008000,
+ tokt_parmcondition= 0x00010000,
+ tokt_condop= 0x00020000,
+ tokt_parameter= 0x00040000,
+ tokt_number= 0x00080000,
+ tokt_fdrange= 0x00100000,
+ tokt_logfacility= 0x00200000,
+ tokt_loglevel= 0x00400000,
+ tokt_readwrite= 0x00800000,
+ tokt_string= 0x01000000,
+ tokt_execmode= 0x02000000,
+ tokt_ehandlemode= 0x04000000,
+ tokt_builtinservice= 0x08000000,
+ tokt_misc= 0x10000000,
+ tokt_internal= 0x20000000,
+
+ toki_word_reject= 0x00000001,
+ toki_word_executefromdirectory= 0x00000002,
+ toki_word_executefrompath= 0x00000003,
+ toki_word_executebuiltin= 0x00000004,
+ toki_word_errorstostderr= 0x00000005,
+ toki_word_errorstosyslog= 0x00000006,
+ toki_word_errorstofile= 0x00000007,
+ toki_word_requirefd= 0x00000008,
+ toki_word_allowfd= 0x00000009,
+ toki_word_nullfd= 0x0000000a,
+ toki_word_rejectfd= 0x0000000b,
+ toki_word_ignorefd= 0x0000000c,
+ toki_word_setenvironment= 0x0000000d,
+ toki_word_nosetenvironment= 0x0000000e,
+ toki_word_suppressargs= 0x0000000f,
+ toki_word_nosuppressargs= 0x00000010,
+ toki_word_disconnecthup= 0x00000011,
+ toki_word_nodisconnecthup= 0x00000012,
+ toki_word_cd= 0x00000013,
+ toki_word_userrcfile= 0x00000014,
+ toki_word_include= 0x00000015,
+ toki_word_includeifexist= 0x00000016,
+ toki_word_includelookup= 0x00000017,
+ toki_word_includelookupall= 0x00000018,
+ toki_word_includedirectory= 0x00000019,
+ toki_word_message= 0x0000001a,
+ toki_word_includesysconfig= 0x0000001b,
+ toki_word_includeuserrcfile= 0x0000001c,
+ toki_word_includeclientconfig= 0x0000001d,
+ toki_word_quit= 0x0000001e,
+ toki_word_eof= 0x0000001f,
+ toki_word_if= 0x00000020,
+ toki_word_catchquit= 0x00000021,
+ toki_word_errorspush= 0x00000022,
+ toki_word_elif= 0x00000023,
+ toki_word_else= 0x00000024,
+ toki_word_fi= 0x00000025,
+ toki_word_hctac= 0x00000026,
+ toki_word_srorre= 0x00000027,
+ toki_word_glob= 0x00000028,
+ toki_word_range= 0x00000029,
+ toki_word_grep= 0x0000002a,
+ toki_word_environment= 0x0000002b,
+ toki_word_parameter= 0x0000002c,
+ toki_word_version= 0x0000002d,
+ toki_word_toplevel= 0x0000002e,
+ toki_word_override= 0x0000002f,
+ toki_word_reset= 0x00000030,
+ toki_word_execute= 0x00000031,
+ toki_word_help= 0x00000032,
+ toki_word_service= 0x00000033,
+ toki_word_callinguser= 0x00000034,
+ toki_word_callinggroup= 0x00000035,
+ toki_word_callingusershell= 0x00000036,
+ toki_word_serviceuser= 0x00000037,
+ toki_word_servicegroup= 0x00000038,
+ toki_word_serviceusershell= 0x00000039,
+ toki_syslog_debug= 0x0000003a,
+ toki_syslog_info= 0x0000003b,
+ toki_syslog_notice= 0x0000003c,
+ toki_syslog_warning= 0x0000003d,
+ toki_syslog_err= 0x0000003e,
+ toki_syslog_crit= 0x0000003f,
+ toki_syslog_alert= 0x00000040,
+ toki_syslog_emerg= 0x00000041,
+ toki_syslog_authpriv= 0x00000042,
+ toki_syslog_cron= 0x00000043,
+ toki_syslog_daemon= 0x00000044,
+ toki_syslog_kern= 0x00000045,
+ toki_syslog_lpr= 0x00000046,
+ toki_syslog_mail= 0x00000047,
+ toki_syslog_news= 0x00000048,
+ toki_syslog_syslog= 0x00000049,
+ toki_syslog_user= 0x0000004a,
+ toki_syslog_uucp= 0x0000004b,
+ toki_syslog_local0= 0x0000004c,
+ toki_syslog_local1= 0x0000004d,
+ toki_syslog_local2= 0x0000004e,
+ toki_syslog_local3= 0x0000004f,
+ toki_syslog_local4= 0x00000050,
+ toki_syslog_local5= 0x00000051,
+ toki_syslog_local6= 0x00000052,
+ toki_syslog_local7= 0x00000053,
+ toki_word_read= 0x00000054,
+ toki_word_write= 0x00000055,
+ toki_ordinal= 0x00000056,
+ toki_fdrange= 0x00000057,
+ toki_fdstoend= 0x00000058,
+ toki_dollar= 0x00000059,
+ toki_lwsp= 0x0000005a,
+ toki_newline= 0x0000005b,
+ toki_barestring= 0x0000005c,
+ toki_quotedstring= 0x0000005d,
+ toki_eof= 0x0000005e,
+ toki_quit= 0x0000005f,
+ toki_error= 0x00000060,
+ toki_openparen= 0x00000061,
+ toki_closeparen= 0x00000062,
+ toki_not= 0x00000063,
+ toki_and= 0x00000064,
+ toki_or= 0x00000065,
+ toki_word_error= 0x00000066,
+
+ tokv_word_reject= tokt_directive|tokt_execmode|tokr_word|toki_word_reject,
+ tokv_word_executefromdirectory=tokt_directive|tokt_execmode|tokr_word|toki_word_executefromdirectory,
+ tokv_word_executefrompath= tokt_directive|tokt_execmode|tokr_word|toki_word_executefrompath,
+ tokv_word_executebuiltin= tokt_directive|tokt_execmode|tokr_word|toki_word_executebuiltin,
+ tokv_word_errorstostderr= tokt_directive|tokt_ehandlemode|tokr_word|toki_word_errorstostderr,
+ tokv_word_errorstosyslog= tokt_directive|tokt_ehandlemode|tokr_word|toki_word_errorstosyslog,
+ tokv_word_errorstofile= tokt_directive|tokt_ehandlemode|tokr_word|toki_word_errorstofile,
+ tokv_word_requirefd= tokt_directive|tokr_word|toki_word_requirefd,
+ tokv_word_allowfd= tokt_directive|tokr_word|toki_word_allowfd,
+ tokv_word_nullfd= tokt_directive|tokr_word|toki_word_nullfd,
+ tokv_word_rejectfd= tokt_directive|tokr_word|toki_word_rejectfd,
+ tokv_word_ignorefd= tokt_directive|tokr_word|toki_word_ignorefd,
+ tokv_word_setenvironment= tokt_directive|tokr_word|toki_word_setenvironment,
+ tokv_word_nosetenvironment= tokt_directive|tokr_word|toki_word_nosetenvironment,
+ tokv_word_suppressargs= tokt_directive|tokr_word|toki_word_suppressargs,
+ tokv_word_nosuppressargs= tokt_directive|tokr_word|toki_word_nosuppressargs,
+ tokv_word_disconnecthup= tokt_directive|tokr_word|toki_word_disconnecthup,
+ tokv_word_nodisconnecthup= tokt_directive|tokr_word|toki_word_nodisconnecthup,
+ tokv_word_cd= tokt_directive|tokr_word|toki_word_cd,
+ tokv_word_userrcfile= tokt_directive|tokr_word|toki_word_userrcfile,
+ tokv_word_include= tokt_directive|tokr_word|toki_word_include,
+ tokv_word_includeifexist= tokt_directive|tokr_word|toki_word_includeifexist,
+ tokv_word_includelookup= tokt_directive|tokr_word|toki_word_includelookup,
+ tokv_word_includelookupall= tokt_directive|tokr_word|toki_word_includelookupall,
+ tokv_word_includedirectory= tokt_directive|tokr_word|toki_word_includedirectory,
+ tokv_word_message= tokt_directive|tokr_word|toki_word_message,
+ tokv_word_includesysconfig= tokt_directive|tokt_internal|tokr_word|toki_word_includesysconfig,
+ tokv_word_includeuserrcfile= tokt_directive|tokt_internal|tokr_word|toki_word_includeuserrcfile,
+ tokv_word_includeclientconfig=tokt_directive|tokt_internal|tokr_word|toki_word_includeclientconfig,
+ tokv_word_quit= tokt_directive|tokr_word|toki_word_quit,
+ tokv_word_eof= tokt_directive|tokr_word|toki_word_eof,
+ tokv_word_if= tokt_directive|tokt_controlstart|tokr_word|toki_word_if,
+ tokv_word_catchquit= tokt_directive|tokt_controlstart|tokr_word|toki_word_catchquit,
+ tokv_word_errorspush= tokt_directive|tokt_controlstart|tokr_word|toki_word_errorspush,
+ tokv_word_elif= tokt_controlend|tokt_controlstart|tokr_word|toki_word_elif,
+ tokv_word_else= tokt_controlend|tokt_controlstart|tokr_word|toki_word_else,
+ tokv_word_fi= tokt_controlend|tokr_word|toki_word_fi,
+ tokv_word_hctac= tokt_controlend|tokr_word|toki_word_hctac,
+ tokv_word_srorre= tokt_controlend|tokr_word|toki_word_srorre,
+ tokv_word_glob= tokt_parmcondition|tokr_word|toki_word_glob,
+ tokv_word_range= tokt_parmcondition|tokr_word|toki_word_range,
+ tokv_word_grep= tokt_parmcondition|tokr_word|toki_word_grep,
+ tokv_word_environment= tokt_builtinservice|tokr_word|toki_word_environment,
+ tokv_word_parameter= tokt_builtinservice|tokr_word|toki_word_parameter,
+ tokv_word_version= tokt_builtinservice|tokr_word|toki_word_version,
+ tokv_word_toplevel= tokt_builtinservice|tokr_word|toki_word_toplevel,
+ tokv_word_override= tokt_builtinservice|tokr_word|toki_word_override,
+ tokv_word_reset= tokt_builtinservice|tokt_directive|tokr_word|toki_word_reset,
+ tokv_word_execute= tokt_builtinservice|tokt_directive|tokt_execmode|tokr_word|toki_word_execute,
+ tokv_word_help= tokt_builtinservice|tokr_word|toki_word_help,
+ tokv_word_service= tokt_parameter|tokr_word|toki_word_service,
+ tokv_word_callinguser= tokt_parameter|tokr_word|toki_word_callinguser,
+ tokv_word_callinggroup= tokt_parameter|tokr_word|toki_word_callinggroup,
+ tokv_word_callingusershell= tokt_parameter|tokr_word|toki_word_callingusershell,
+ tokv_word_serviceuser= tokt_parameter|tokr_word|toki_word_serviceuser,
+ tokv_word_servicegroup= tokt_parameter|tokr_word|toki_word_servicegroup,
+ tokv_word_serviceusershell= tokt_parameter|tokr_word|toki_word_serviceusershell,
+ tokv_syslog_debug= tokt_loglevel|tokr_word|toki_syslog_debug,
+ tokv_syslog_info= tokt_loglevel|tokr_word|toki_syslog_info,
+ tokv_syslog_notice= tokt_loglevel|tokr_word|toki_syslog_notice,
+ tokv_syslog_warning= tokt_loglevel|tokr_word|toki_syslog_warning,
+ tokv_syslog_err= tokt_loglevel|tokr_word|toki_syslog_err,
+ tokv_syslog_crit= tokt_loglevel|tokr_word|toki_syslog_crit,
+ tokv_syslog_alert= tokt_loglevel|tokr_word|toki_syslog_alert,
+ tokv_syslog_emerg= tokt_loglevel|tokr_word|toki_syslog_emerg,
+ tokv_syslog_authpriv= tokt_logfacility|tokr_word|toki_syslog_authpriv,
+ tokv_syslog_cron= tokt_logfacility|tokr_word|toki_syslog_cron,
+ tokv_syslog_daemon= tokt_logfacility|tokr_word|toki_syslog_daemon,
+ tokv_syslog_kern= tokt_logfacility|tokr_word|toki_syslog_kern,
+ tokv_syslog_lpr= tokt_logfacility|tokr_word|toki_syslog_lpr,
+ tokv_syslog_mail= tokt_logfacility|tokr_word|toki_syslog_mail,
+ tokv_syslog_news= tokt_logfacility|tokr_word|toki_syslog_news,
+ tokv_syslog_syslog= tokt_logfacility|tokr_word|toki_syslog_syslog,
+ tokv_syslog_user= tokt_logfacility|tokr_word|toki_syslog_user,
+ tokv_syslog_uucp= tokt_logfacility|tokr_word|toki_syslog_uucp,
+ tokv_syslog_local0= tokt_logfacility|tokr_word|toki_syslog_local0,
+ tokv_syslog_local1= tokt_logfacility|tokr_word|toki_syslog_local1,
+ tokv_syslog_local2= tokt_logfacility|tokr_word|toki_syslog_local2,
+ tokv_syslog_local3= tokt_logfacility|tokr_word|toki_syslog_local3,
+ tokv_syslog_local4= tokt_logfacility|tokr_word|toki_syslog_local4,
+ tokv_syslog_local5= tokt_logfacility|tokr_word|toki_syslog_local5,
+ tokv_syslog_local6= tokt_logfacility|tokr_word|toki_syslog_local6,
+ tokv_syslog_local7= tokt_logfacility|tokr_word|toki_syslog_local7,
+ tokv_word_read= tokt_readwrite|tokr_word|toki_word_read,
+ tokv_word_write= tokt_readwrite|tokr_word|toki_word_write,
+ tokv_ordinal= tokt_number|tokt_fdrange|tokr_word|toki_ordinal,
+ tokv_fdrange= tokt_fdrange|tokr_punct|toki_fdrange,
+ tokv_fdstoend= tokt_fdrange|tokr_punct|toki_fdstoend,
+ tokv_dollar= tokt_misc|tokr_punct|toki_dollar,
+ tokv_lwsp= tokt_misc|tokr_nonstring|toki_lwsp,
+ tokv_newline= tokt_misc|tokr_nonstring|toki_newline,
+ tokv_barestring= tokt_string|tokr_string|toki_barestring,
+ tokv_quotedstring= tokt_string|tokr_string|toki_quotedstring,
+ tokv_eof= tokt_exception|tokr_nonstring|toki_eof,
+ tokv_quit= tokt_exception|tokr_nonstring|toki_quit,
+ tokv_error= tokt_exception|tokr_nonstring|toki_error,
+ tokv_openparen= tokt_condop|tokr_punct|toki_openparen,
+ tokv_closeparen= tokt_condop|tokr_punct|toki_closeparen,
+ tokv_not= tokt_condop|tokr_punct|toki_not,
+ tokv_and= tokt_condop|tokr_punct|toki_and,
+ tokv_or= tokt_condop|tokr_punct|toki_or,
+ tokv_word_error= tokt_directive|tokt_loglevel|tokr_word|toki_word_error,
+
+};
+
+#endif
+