s6-svperms.html (5633B)
1 <html> 2 <head> 3 <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 5 <meta http-equiv="Content-Language" content="en" /> 6 <title>s6: the s6-svperms program</title> 7 <meta name="Description" content="s6: the s6-svperms program" /> 8 <meta name="Keywords" content="s6 command s6-svperms service control permission unix rights events process supervision s6-supervise" /> 9 <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> 10 </head> 11 <body> 12 13 <p> 14 <a href="index.html">s6</a><br /> 15 <a href="//skarnet.org/software/">Software</a><br /> 16 <a href="//skarnet.org/">skarnet.org</a> 17 </p> 18 19 <h1> The <tt>s6-svperms</tt> program </h1> 20 21 <p> 22 <tt>s6-svperms</tt> allows the user to see, or modify, for a given 23 list of services: who can read their states, who can send them 24 control commands, and who can subscribe to up/down events for those 25 services. 26 </p> 27 28 <h2> Interface </h2> 29 30 <pre> 31 s6-svperms [ -v ] [ -u | -g <em>group</em> | -G <em>group</em> | -o | -O <em>group</em> ] [ -e | -E <em>group</em> ] <em>servicedirs...</em> 32 </pre> 33 34 <p> 35 Without options, or with only the <tt>-v</tt> option, 36 <tt>s6-svperms</tt> prints 3 lines to stdout for every service directory 37 listed in <em>servicedirs</em>. Every line contains the name 38 of the service directory, then the following information: 39 </p> 40 41 <ul> 42 <li> <tt>status:</tt> - indicates who is allowed to read status 43 information on the service, with commands such as 44 <a href="s6-svstat.html">s6-svstat</a> or 45 <a href="s6-svdt.html">s6-svdt</a>. The values can be <tt>owner</tt>, 46 for only the owner of the service; <tt>group: <em>name</em></tt>, for 47 the owner and members of group <em>name</em>; or <tt>public</tt>, 48 for all users. </li> 49 <li> <tt>control:</tt> - indicates who is allowed to send control 50 commands to the service, with commands such as 51 <a href="s6-svc.html">s6-svc</a>. The values can be <tt>owner</tt>, 52 for only the owner of the service; or <tt>group: <em>name</em></tt>, 53 for the owner and members of group <em>name</em>. </li> 54 <li> <tt>events:</tt> - indicates who is allowed to subscribed to 55 events sent by <a href="s6-supervise.html">s6-supervise</a> for this 56 service, with commands such as <a href="s6-svwait.html">s6-svwait</a> 57 or <a href="s6-svlisten1.html">s6-svlisten1</a>. The values can be 58 <tt>group: <em>name</em></tt>, for the owner and members of group 59 <em>name</em>, or <tt>public</tt>, for all users. 60 </ul> 61 62 <p> 63 If something goes wrong while reading a part of the configuration of 64 a service directory, <tt>s6-svperms</tt> does not print the corresponding 65 line to stdout; instead, it prints a warning message to stderr. 66 </p> 67 68 <p> 69 When invoked with other options, <tt>s6-svperms</tt> modifies the 70 permissions of the service directories listed in <em>servicedirs...</em> as 71 specified by the options. The same permissions will be applied to all 72 the services listed in <em>servicedirs...</em>. 73 </p> 74 75 <h2> Options </h2> 76 77 <ul> 78 <li> <tt>-v</tt> : re-read the permissions after writing them, and 79 print them to stdout. 80 <li> <tt>-u</tt> : restrict the <tt>status:</tt> and <tt>control:</tt> 81 permissions to <tt>owner</tt>: only the owner of a service directory will 82 be able to read its state or control the service. This is the default when 83 <a href="s6-supervise.html">s6-supervise</a> starts a service for the first 84 time. </li> 85 <li> <tt>-g <em>group</em></tt> : allow members of group 86 <em>group</em> to read the status of the service, but not to control it - 87 control will be restricted to the owner. </li> 88 <li> <tt>-G <em>group</em></tt> : allow members of group 89 <em>group</em> to read <em>and</em> control the service. </li> 90 <li> <tt>-o</tt> : allow everyone to read the status of the service, 91 but restrict <tt>control:</tt> to the owner. </li> 92 <li> <tt>-O <em>group</em></tt> : allow everyone to read the 93 status, and allow members of group <em>group</em> to control the 94 service. </li> 95 <li> <tt>-e</tt> : allow everyone to subscribe to events. </li> 96 <li> <tt>-E <em>group</em></tt> : only allow members of group 97 <em>group</em> to subscribe to events. This is the default when 98 <a href="s6-supervise.html">s6-supervise</a> starts a service for the first 99 time, with <em>group</em> being the primary group of the s6-supervise 100 process (most likely <tt>root</tt>). </li> 101 </ul> 102 103 <p> 104 <em>group</em> is normally a group name that will be searched in the group 105 database. But if it starts with a colon (<tt>:</tt>), the rest of <em>group</em> 106 will be interpreted as a numerical gid, and the group database will not be read. 107 </p> 108 109 <h2> Exit codes </h2> 110 111 <ul> 112 <li> 0: success </li> 113 <li> 1: something went wrong when reading permissions in one of the service directories </li> 114 <li> 100: wrong usage </li> 115 <li> 111: system call failed </li> 116 </ul> 117 118 <h2> Notes </h2> 119 120 <ul> 121 <li> The default (restrictive) permissions are safe. </li> 122 <li> Unless operation of a service is restricted information, it is also 123 safe to make <tt>status:</tt> more permissive. </li> 124 <li> Opening <tt>control:</tt> to a group can be useful for instance in a 125 shared administration situation when individual administrators are not given 126 full root powers. </li> 127 <li> Making <tt>events:</tt> public bears a small risk of a local DoS attack 128 preventing more subscriptions to events, so it is not recommended for 129 supervision trees where such subscriptions are critical to operations - such 130 as a set of root services managed by 131 <a href="//skarnet.org/software/s6-rc/">s6-rc</a>. </li> 132 </ul> 133 134 </body> 135 </html>