/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-07 23:39:36 UTC
  • Revision ID: teddy@recompile.se-20160307233936-mhgpxhggamde443n
Server bug fix: Include CAP_SETGID so it does not run as root

* debian/mandos.postinst (configure): If old version was 1.7.4-1 or
  1.7.4-1~bpo8+1, fix situation where clients.pickle file is owned by
  root.
* mandos (main): Print debug info about setuid() and setgid()
* mandos.service ([Service]/CapabilityBoundingSet): Add "CAP_KILL
  CAP_SETGID"; the latter is needed for setgid() to be allowed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "password-prompt">
6
 
<!ENTITY TIMESTAMP "2008-09-01">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
 
6
<!ENTITY % common SYSTEM "../common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
34
43
      <holder>Teddy Hogeborn</holder>
35
44
      <holder>Björn Påhlsson</holder>
36
45
    </copyright>
83
92
    <title>DESCRIPTION</title>
84
93
    <para>
85
94
      All <command>&COMMANDNAME;</command> does is prompt for a
86
 
      password and output any given password to standard output.  This
87
 
      is not very useful on its own.  This program is really meant to
88
 
      run as a plugin in the <application>Mandos</application>
89
 
      client-side system, where it is used as a fallback and
90
 
      alternative to retriving passwords from a <application
91
 
      >Mandos</application> server.
 
95
      password and output any given password to standard output.
 
96
    </para>
 
97
    <para>
 
98
      This program is not very useful on its own.  This program is
 
99
      really meant to run as a plugin in the <application
 
100
      >Mandos</application> client-side system, where it is used as a
 
101
      fallback and alternative to retrieving passwords from a
 
102
      <application >Mandos</application> server.
92
103
    </para>
93
104
    <para>
94
105
      This program is little more than a <citerefentry><refentrytitle
179
190
    <title>ENVIRONMENT</title>
180
191
    <variablelist>
181
192
      <varlistentry>
182
 
        <term><envar>cryptsource</envar></term>
183
 
        <term><envar>crypttarget</envar></term>
 
193
        <term><envar>CRYPTTAB_SOURCE</envar></term>
 
194
        <term><envar>CRYPTTAB_NAME</envar></term>
184
195
        <listitem>
185
196
          <para>
186
197
            If set, these environment variables will be assumed to
215
226
  
216
227
  <refsect1 id="bugs">
217
228
    <title>BUGS</title>
218
 
    <para>
219
 
      None are known at this time.
220
 
    </para>
 
229
    <xi:include href="../bugs.xml"/>
221
230
  </refsect1>
222
231
  
223
232
  <refsect1 id="example">
240
249
      <para>
241
250
        Show a prefix before the prompt; in this case, a host name.
242
251
        It might be useful to be reminded of which host needs a
243
 
        password, in case of KVM switches, etc.
 
252
        password, in case of <acronym>KVM</acronym> switches, etc.
244
253
      </para>
245
254
      <para>
246
255
 
270
279
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
271
280
      </citerefentry>, and will, when run standalone, outside, in a
272
281
      normal environment, immediately output on its standard output
273
 
      any presumably secret password it just recieved.  Therefore,
 
282
      any presumably secret password it just received.  Therefore,
274
283
      when running this program standalone (which should never
275
284
      normally be done), take care not to type in any real secret
276
285
      password by force of habit, since it would then immediately be
288
297
  <refsect1 id="see_also">
289
298
    <title>SEE ALSO</title>
290
299
    <para>
 
300
      <citerefentry><refentrytitle>intro</refentrytitle>
 
301
      <manvolnum>8mandos</manvolnum></citerefentry>
291
302
      <citerefentry><refentrytitle>crypttab</refentrytitle>
292
303
      <manvolnum>5</manvolnum></citerefentry>
293
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
304
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
294
305
      <manvolnum>8mandos</manvolnum></citerefentry>
295
306
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
296
307
      <manvolnum>8mandos</manvolnum></citerefentry>,