/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-06 17:24:58 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080906172458-2x5wlfkn7oqckt1y
* legalnotice.xml: Copy DocBook 4.4-formatted text from
                   <http://www.gnu.org/licenses/gpl-3.0.dbk>.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugin-runner.xml
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "plugin-runner">
6
 
<!ENTITY TIMESTAMP "2008-09-04">
 
6
<!ENTITY TIMESTAMP "2008-09-06">
7
7
]>
8
8
 
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
416
416
        console.
417
417
      </para>
418
418
      <para>
 
419
        If the password is a single-line, manually entered passprase,
 
420
        a final trailing newline character should
 
421
        <emphasis>not</emphasis> be printed.
 
422
      </para>
 
423
      <para>
419
424
        The plugin will run in the initial RAM disk environment, so
420
425
        care must be taken not to depend on any files or running
421
426
        services not available there.
510
515
    </para>
511
516
  </refsect1>
512
517
  
513
 
<!--   <refsect1 id="bugs"> -->
514
 
<!--     <title>BUGS</title> -->
515
 
<!--     <para> -->
516
 
<!--     </para> -->
517
 
<!--   </refsect1> -->
 
518
  <refsect1 id="bugs">
 
519
    <title>BUGS</title>
 
520
    <para>
 
521
      The <option>--config-file</option> option is ignored when
 
522
      specified from within a configuration file.
 
523
    </para>
 
524
  </refsect1>
518
525
  
519
526
  <refsect1 id="examples">
520
527
    <title>EXAMPLE</title>
562
569
    </informalexample>
563
570
    <informalexample>
564
571
      <para>
565
 
        Run plugins from a different directory and add two
566
 
        options to the <citerefentry><refentrytitle
567
 
        >password-request</refentrytitle>
 
572
        Run plugins from a different directory, read a different
 
573
        configuration file, and add two options to the
 
574
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
568
575
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
569
576
      </para>
570
577
      <para>
571
578
 
572
579
<!-- do not wrap this line -->
573
 
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
 
580
<userinput>&COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>
574
581
 
575
582
      </para>
576
583
    </informalexample>
584
591
      non-privileged.  This user and group is then what all plugins
585
592
      will be started as.  Therefore, the only way to run a plugin as
586
593
      a privileged user is to have the set-user-ID or set-group-ID bit
587
 
      set on the plugin executable files (see <citerefentry>
 
594
      set on the plugin executable file (see <citerefentry>
588
595
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
589
596
      </citerefentry>).
590
597
    </para>
618
625
      <manvolnum>8</manvolnum></citerefentry>,
619
626
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
620
627
      <manvolnum>8mandos</manvolnum></citerefentry>,
621
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
628
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
622
629
      <manvolnum>8mandos</manvolnum></citerefentry>
623
630
    </para>
624
631
  </refsect1>