diff options
author | Sam Morris | 2018-03-08 16:47:40 +0100 |
---|---|---|
committer | Sam Morris | 2018-03-08 17:31:59 +0100 |
commit | 1aed71e514ccdb882b932b7ae54a3e80a10d20eb (patch) | |
tree | cd92128b6341e83529d2122fae7b80f8022c2ccb /sys-utils/setpriv.1 | |
parent | setpriv: include --init-groups in the list of options that can be specified w... (diff) | |
download | kernel-qcow2-util-linux-1aed71e514ccdb882b932b7ae54a3e80a10d20eb.tar.gz kernel-qcow2-util-linux-1aed71e514ccdb882b932b7ae54a3e80a10d20eb.tar.xz kernel-qcow2-util-linux-1aed71e514ccdb882b932b7ae54a3e80a10d20eb.zip |
setpriv: add example section
Diffstat (limited to 'sys-utils/setpriv.1')
-rw-r--r-- | sys-utils/setpriv.1 | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 index 61c3faf9b..b900f6e08 100644 --- a/sys-utils/setpriv.1 +++ b/sys-utils/setpriv.1 @@ -16,7 +16,7 @@ and .BR runuser (1), .BR setpriv (1) neither uses PAM, nor does it prompt for a password. -It is a simple, non-setuid wrapper around +It is a simple, non-set-user-ID wrapper around .BR execve (2), and can be used to drop privileges in the same way as .BR setuidgid (8) @@ -175,6 +175,20 @@ Be careful with this tool \-\- it may have unexpected security consequences. For example, setting no_new_privs and then execing a program that is SELinux\-confined (as this tool would do) may prevent the SELinux restrictions from taking effect. +.SH EXAMPLE +If you're looking for behaviour similar to +.BR su (1)/ runuser "(1), or " sudo (8) +(without the +.B -g +option), try something like: +.sp +.B " setpriv \-\-reuid=1000 \-\-regid=1000 \-\-init\-groups" +.PP +If you want to mimic daemontools' +.BR setuid (8), +try: +.sp +.B " setpriv \-\-reuid=1000 \-\-regid=1000 \-\-clear\-groups" .SH SEE ALSO .BR runuser (1), .BR su (1), |