s6-envuidgid.html (3841B)
1 <html> 2 <head> 3 <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 5 <meta http-equiv="Content-Language" content="en" /> 6 <title>s6: the s6-envuidgid program</title> 7 <meta name="Description" content="s6: the s6-envuidgid program" /> 8 <meta name="Keywords" content="s6 command s6-envuidgid uid gid environment modification" /> 9 <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> 10 </head> 11 <body> 12 13 <p> 14 <a href="index.html">s6</a><br /> 15 <a href="//skarnet.org/software/">Software</a><br /> 16 <a href="//skarnet.org/">skarnet.org</a> 17 </p> 18 19 <h1> The s6-envuidgid program </h1> 20 21 <p> 22 s6-envuidgid potentially sets the UID, GID and GIDLIST environment 23 variables according to the options and arguments it is given; then it 24 executes into another program. 25 </p> 26 27 <h2> Interface </h2> 28 29 <pre> 30 s6-envuidgid [ -u | -g | -B ] [ -n ] [ -i | -D <em>uid</em>:<em>gid</em>:<em>gidlist</em> ] <em>account</em> <em>prog...</em> 31 </pre> 32 33 <ul> 34 <li> s6-envuidgid looks <em>account</em> up by name in the account database. </li> 35 <li> It sets the UID environment variable to <em>account</em>'s uid, and the GID 36 environment variable to <em>account</em>'s gid. </li> 37 <li> It also sets the GIDLIST environment variable to a comma-separated list of 38 supplementary group ids <em>account</em> is a member of according to the 39 group database. (If <em>account</em> doesn't belong to any other group than its 40 primary group, GIDLIST is still set, but empty.) </li> 41 <li> Then it executes into <em>prog...</em>. </li> 42 </ul> 43 44 <h2> Options </h2> 45 46 <ul> 47 <li> <tt>-u</tt> : user. <em>account</em> will be interpreted as a 48 user name; the UID environment variable will be set to its numerical 49 value, and the GID and GIDLIST variables will not be touched. </li> 50 <li> <tt>-g</tt> : group. <em>account</em> will be interpreted as a 51 group name instead of a user name; the GID environment variable will be set 52 to its numerical value, and the UID and GIDLIST variables will not be touched. </li> 53 <li> <tt>-B</tt> : both user and group. <em>account</em> will be 54 interpreted as <em>user<tt>:</tt>group</em>. The GIDLIST variable will not be 55 touched. If <em>user</em> does not exist, the UID variable will be set to 0 unless 56 a better default is provided with the <tt>-D</tt> option. 57 If <em>group</em> does not exist, the GID variable will be set to 0 unless a 58 better default is provided with the <tt>-D</tt> option. </li> 59 <li> <tt>-n</tt> : numerical fallback. If <em>account</em> cannot be 60 found in the user or group database, try to interpret the given values literally. 61 For instance, <tt>s6-envuidgid -B root:42</tt> will fail if there's no group 62 named <tt>42</tt> in the group database, but <tt>s6-envuidgid -nB root:42</tt> 63 will set UID to 0 and GID to 42. </li> 64 <li> <tt>-i</tt> : insist. If <em>account</em> is unknown, exit 1 with 65 an error message. This is the default. </li> 66 <li> <tt>-D <em>uid</em>:<em>gid</em>:<em>gidlist</em></tt> : if <em>account</em> 67 is unknown, use <em>uid</em>, <em>gid</em> and <em>gidlist</em> as the values for 68 UID, GID and GIDLIST. </li> 69 </ul> 70 71 <h2> Notes </h2> 72 73 <ul> 74 <li> s6-envuidgid without options behaves like 75 <a href="https://cr.yp.to/daemontools/envuidgid.html">envuidgid</a>, except that 76 the exit code is 1 if <em>account</em> doesn't exist, and it also exports 77 supplementary groups. </li> 78 <li> s6-envuidgid is useful when running a program that must start as root but can 79 drop its privileges later. Such a program can read its new uid/gid/groups info 80 from the UID, GID and GIDLIST environment variables. Super-servers such as 81 <a href="//skarnet.org/software/s6-networking/s6-tcpserver.html">s6-tcpserver</a> 82 make use of this. </li> 83 </ul> 84 85 </body> 86 </html>