85 lines
3.1 KiB
Groff
85 lines
3.1 KiB
Groff
.TH CryptoBoxRootActions 1 "November 02006" "cryptobox" "suid script"
|
|
.SH NAME
|
|
CryptoBoxRootActions \- The CryptoBoxWebserver calls this script in order to execute various programs which require root privileges.
|
|
.SH SYNOPSIS
|
|
.B CryptoBoxRootActions
|
|
check
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
plugin \fIFEATURE_SCRIPT\fR [\fIARGS\fR]
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
hook \fIEVENT_SCRIPT\fR [\fIARGS\fR]
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
hook \fIPROG\fR [\fIARGS\fR]
|
|
.SH DESCRIPTION
|
|
CryptoBoxRootActions is a script that is called by the \fBCryptoBox\fR to execute
|
|
programs which require root privileges. You will never call this program directly. This
|
|
manpage should only be useful as a reference for developers of the CryptoBox.
|
|
.PP
|
|
To let the CryptoBox gain root permissions you need the program \fBsuper\fR.
|
|
It is configured properly if it \fI/etc/super.tab\fR contains the following line:
|
|
.RS
|
|
.PP
|
|
CryptoBoxRootActions /usr/sbin/CryptoBoxRootActions cryptobox
|
|
.RE
|
|
.PP
|
|
We assume that the CryptoBoxRootActions script is located at
|
|
\fI/usr/sbin/CryptoBoxRootActions\fR. Furthermore the user running the CryptoBox
|
|
server is assumed to be \fIcryptobox\fR.
|
|
.SH CONFIGURATION CHECK
|
|
Call the CryptoBoxRootActions script with the argument \fIcheck\fR to test if
|
|
\fBsuper\fR is configured properly. Just type the following:
|
|
.RS
|
|
.PP
|
|
super CryptoBoxRootActions check; echo $?
|
|
.RE
|
|
.PP
|
|
This should output '0' for success. Any other value indicates a problem and should
|
|
be accompanied by a descriptive error message.
|
|
.SH FEATURE SCRIPTS
|
|
The CryptoBox can be easily extended with new features. Refer to the developer
|
|
documentation of the CryptoBox for more details.
|
|
.PP
|
|
If a feature needs root privileges to accomplish its function, then you have to write
|
|
a separate python script for these actions. This script mus fulfill the following
|
|
conditions:
|
|
.TP
|
|
writable only for root
|
|
The script and all its parent directories may not be writable for anyone except root.
|
|
.TP
|
|
must be executable
|
|
The execution permission bit of the script must be set.
|
|
.TP
|
|
marking member
|
|
The script must contain a member called \fBPLUGIN_TYPE\fR with the string value
|
|
\fIcryptobox\fR. This prevents the execution of arbitrary scripts.
|
|
.SH EVENT SCRIPTS
|
|
The CryptoBox calls all scripts within a given directory whenever specific events
|
|
occour. Possible events are mounting and unmounting of disks or the bootup or shutdown
|
|
of the CryptoBox. Refer to \fI/usr/share/doc/cryptobox/event-scripts/README\fR
|
|
for further details.
|
|
.PP
|
|
An event script must fulfill the following conditions:
|
|
.TP
|
|
writable only for root
|
|
The script and all its parent directories must not be writable for anyone except root.
|
|
.TP
|
|
must be executable
|
|
The execution permission bit of the script must be set.
|
|
.TP
|
|
marked directory
|
|
The directory of the script must also contain a file called \fI_cryptobox_events_\fR to prevent the execution of arbitrary scripts.
|
|
.SH SELECTED PROGRAMS
|
|
Very few selected programs may be called via CryptoBoxRootActions. Examples
|
|
are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of CryptoBoxRootActions
|
|
for details.
|
|
.SH AUTHOR
|
|
Written by Lars Kruse
|
|
.SH "REPORTING BUGS"
|
|
Report bugs to <devel@sumpfralle.de>
|
|
.SH COPYRIGHT
|
|
Copyright \(co 02006 Lars Kruse
|
|
|