94 lines
3.4 KiB
Groff
94 lines
3.4 KiB
Groff
.TH CryptoBoxRootActions 8 "March 02007" "CryptoBox" "CryptoBox-Server manual"
|
|
.SH NAME
|
|
CryptoBoxRootActions \- The CryptoBoxWebserver calls this script in order to
|
|
execute various programs which require root privileges.
|
|
.SH SYNOPSIS
|
|
.B CryptoBoxRootActions
|
|
check
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
plugin \fIFEATURE_SCRIPT\fR [\fIARGS\fR]
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
hook \fIEVENT_SCRIPT\fR [\fIARGS\fR]
|
|
.br
|
|
.B CryptoBoxRootActions
|
|
\fIPROG\fR [\fIARGS\fR]
|
|
.SH DESCRIPTION
|
|
CryptoBoxRootActions is a script that is called by the
|
|
\fBCryptoBox\fR-Server to execute programs which require root privileges. You
|
|
will never call this program directly. This manpage should only be useful as a
|
|
reference for developers of the CryptoBox.
|
|
.PP
|
|
To let the CryptoBox-Server gain root permissions you need the program
|
|
\fBsuper\fR. It is configured properly if \fI/etc/super.tab\fR contains the
|
|
following line:
|
|
.RS
|
|
.PP
|
|
CryptoBoxRootActions /usr/sbin/CryptoBoxRootActions cryptobox
|
|
.RE
|
|
.PP
|
|
We assume that the CryptoBoxRootActions script is located at
|
|
\fI/usr/sbin/CryptoBoxRootActions\fR. Furthermore the user running the
|
|
CryptoBox-Server is assumed to be \fIcryptobox\fR.
|
|
.SH CONFIGURATION CHECK
|
|
Call the CryptoBoxRootActions script with the argument \fIcheck\fR to test if
|
|
\fBsuper\fR is configured properly. Just type the following:
|
|
.RS
|
|
.PP
|
|
super CryptoBoxRootActions check; echo $?
|
|
.RE
|
|
.PP
|
|
This should output '0' for success. Any other value indicates a problem and
|
|
should be accompanied by a descriptive error message.
|
|
.SH FEATURE SCRIPTS
|
|
The CryptoBox can be easily extended with new features. Refer to the developer
|
|
documentation of the CryptoBox for more details.
|
|
.PP
|
|
If a feature needs root privileges to accomplish its function, then you have to
|
|
write a separate python script for these actions. This script must fulfill the
|
|
following conditions:
|
|
.TP
|
|
writable only for root
|
|
The script and all its parent directories may not be writable for anyone except
|
|
root.
|
|
.TP
|
|
must be executable
|
|
The execution permission bit of the script must be set.
|
|
.TP
|
|
required member
|
|
The script must contain a member called \fBPLUGIN_TYPE\fR with the string value
|
|
\fIcryptobox\fR. This prevents the execution of arbitrary scripts.
|
|
.SH EVENT SCRIPTS
|
|
The CryptoBox-Server calls all scripts within a given directory whenever
|
|
specific events occour. Possible events are mounting and unmounting of disks or
|
|
the bootup or shutdown of the CryptoBox-Server. Refer to
|
|
\fI/usr/share/doc/cryptobox-server/event-scripts/README\fR for further details.
|
|
.PP
|
|
An event script must fulfill the following conditions:
|
|
.TP
|
|
writable only for root
|
|
The script and all its parent directories must not be writable for anyone
|
|
except root.
|
|
.TP
|
|
must be executable
|
|
The execution permission bit of the script must be set.
|
|
.TP
|
|
directory must be marked
|
|
The directory of the script must also contain a file called
|
|
\fI_cryptobox_events_\fR to prevent the execution of arbitrary scripts.
|
|
.SH SELECTED PROGRAMS
|
|
Very few selected programs may be called via CryptoBoxRootActions. Examples
|
|
are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of
|
|
CryptoBoxRootActions for details.
|
|
.SH AUTHOR
|
|
Written by Lars Kruse
|
|
.SH REPORTING BUGS
|
|
Report bugs to <devel@sumpfralle.de>
|
|
.SH COPYRIGHT
|
|
Copyright \(co 02006-02007 Lars Kruse
|
|
.br
|
|
This is free software. You may redistribute copies of it under the terms of the
|
|
GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO
|
|
WARRANTY, to the extent permitted by law.
|
|
|