commit 384fa7f25cb8e9d759d8aaa681aa98e57d60dfac
parent d6807910974eb20f8cab8f1d77797de2701cb475
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sat, 19 Dec 2015 20:19:38 +0000
Update doc for s6-envuidgid
Diffstat:
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/doc/s6-envuidgid.html b/doc/s6-envuidgid.html
@@ -27,7 +27,7 @@ executes into another program.
<h2> Interface </h2>
<pre>
- s6-envuidgid [ -u | -g | -B ] [ -n ] [ -i | -D <em>uid</em>:<em>gid</em> ] <em>account</em> <em>prog...</em>
+ s6-envuidgid [ -u | -g | -B ] [ -n ] [ -i | -D <em>uid</em>:<em>gid</em>:<em>gidlist</em> ] <em>account</em> <em>prog...</em>
</pre>
<ul>
@@ -52,18 +52,20 @@ group name instead of a user name; the GID environment variable will be set
to its numerical value, and the UID and GIDLIST variables will not be touched. </li>
<li> <tt>-B</tt> : both user and group. <em>account</em> will be
interpreted as <em>user<tt>:</tt>group</em>. The GIDLIST variable will not be
-touched. If <em>user</em> exists, the UID variable will be set; if
-<em>group</em> exists, the GID variable will be set. </li>
+touched. If <em>user</em> does not exist, the UID variable will be set to 0 unless
+a better default is provided with the <tt>-D</tt> option.
+if <em>group</em> does not exist, the GID variable will be set to 0 unless a
+better default is provided with the <tt>-D</tt> option. </li>
<li> <tt>-n</tt> : numerical fallback. If <em>account</em> cannot be
found in the user or group database, try to interpret the given values literally.
For instance, <tt>s6-envuidgid -B root:42</tt> will fail if there's no group
named <tt>42</tt> in the group database, but <tt>s6-envuidgid -nB root:42</tt>
-will set UID to 0 and GID to 42. This option implies <tt>-B</tt>. </li>
+will set UID to 0 and GID to 42. </li>
<li> <tt>-i</tt> : insist. If <em>account</em> is unknown, exit 1 with
an error message. This is the default. </li>
- <li> <tt>-D <em>uid</em>:<em>gid</em></tt> : if <em>account</em>
-is unknown, use <em>uid</em> and <em>gid</em> as the values for UID and GID.
-This options implies <tt>-B</tt>. </li>
+ <li> <tt>-D <em>uid</em>:<em>gid</em>:<em>gidlist/em></tt> : if <em>account</em>
+is unknown, use <em>uid</em>, <em>gid</em> and <em>gidlist</em> as the values for
+UID and GID and GIDLIST. </li>
</ul>
<h2> Notes </h2>
@@ -71,17 +73,13 @@ This options implies <tt>-B</tt>. </li>
<ul>
<li> s6-envuidgid without options behaves like
<a href="http://cr.yp.to/daemontools/envuidgid.html">envuidgid</a>, except that
-the exit code is 1 if <em>account</em> doesn't exist. </li>
+the exit code is 1 if <em>account</em> doesn't exist, and it also exports
+supplementary groups. </li>
<li> s6-envuidgid is useful when running a program that must start as root but can
drop its privileges later. Such a program can read its new uid/gid/groups info
from the UID, GID and GIDLIST environment variables. Superservers such as
<a href="http://skarnet.org/software/s6-networking/s6-tcpserver4.html">s6-tcpserver4</a>
make use of this. </li>
- <li> s6-envuidgid only sets GIDLIST when no option (or only <tt>-i</tt>) is
-given. If s6-envuidgid risks defaulting to a given numerical value for
-UID or GID, it will not interpret <em>account</em> as a complete account name
-with uid, gid and supplementary group list; instead, it interprets it as an
-arbitrary combination of user name and group name. </li>
</ul>
</body>
