You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.4 KiB
94 lines
3.4 KiB
.TH CryptoBoxRootActions 8 "March 02007" "CryptoBox" "CryptoBox-Server manual" |
|
.SH NAME |
|
CryptoBoxRootActions \- The CryptoBoxWebserver calls this script in order to |
|
execute various programs which require root privileges. |
|
.SH SYNOPSIS |
|
.B CryptoBoxRootActions |
|
check |
|
.br |
|
.B CryptoBoxRootActions |
|
plugin \fIFEATURE_SCRIPT\fR [\fIARGS\fR] |
|
.br |
|
.B CryptoBoxRootActions |
|
hook \fIEVENT_SCRIPT\fR [\fIARGS\fR] |
|
.br |
|
.B CryptoBoxRootActions |
|
\fIPROG\fR [\fIARGS\fR] |
|
.SH DESCRIPTION |
|
CryptoBoxRootActions is a script that is called by the |
|
\fBCryptoBox\fR-Server to execute programs which require root privileges. You |
|
will never call this program directly. This manpage should only be useful as a |
|
reference for developers of the CryptoBox. |
|
.PP |
|
To let the CryptoBox-Server gain root permissions you need the program |
|
\fBsuper\fR. It is configured properly if \fI/etc/super.tab\fR contains the |
|
following line: |
|
.RS |
|
.PP |
|
CryptoBoxRootActions /usr/sbin/CryptoBoxRootActions cryptobox |
|
.RE |
|
.PP |
|
We assume that the CryptoBoxRootActions script is located at |
|
\fI/usr/sbin/CryptoBoxRootActions\fR. Furthermore the user running the |
|
CryptoBox-Server is assumed to be \fIcryptobox\fR. |
|
.SH CONFIGURATION CHECK |
|
Call the CryptoBoxRootActions script with the argument \fIcheck\fR to test if |
|
\fBsuper\fR is configured properly. Just type the following: |
|
.RS |
|
.PP |
|
super CryptoBoxRootActions check; echo $? |
|
.RE |
|
.PP |
|
This should output '0' for success. Any other value indicates a problem and |
|
should be accompanied by a descriptive error message. |
|
.SH FEATURE SCRIPTS |
|
The CryptoBox can be easily extended with new features. Refer to the developer |
|
documentation of the CryptoBox for more details. |
|
.PP |
|
If a feature needs root privileges to accomplish its function, then you have to |
|
write a separate python script for these actions. This script must fulfill the |
|
following conditions: |
|
.TP |
|
writable only for root |
|
The script and all its parent directories may not be writable for anyone except |
|
root. |
|
.TP |
|
must be executable |
|
The execution permission bit of the script must be set. |
|
.TP |
|
required member |
|
The script must contain a member called \fBPLUGIN_TYPE\fR with the string value |
|
\fIcryptobox\fR. This prevents the execution of arbitrary scripts. |
|
.SH EVENT SCRIPTS |
|
The CryptoBox-Server calls all scripts within a given directory whenever |
|
specific events occour. Possible events are mounting and unmounting of disks or |
|
the bootup or shutdown of the CryptoBox-Server. Refer to |
|
\fI/usr/share/doc/cryptobox-server/event-scripts/README\fR for further details. |
|
.PP |
|
An event script must fulfill the following conditions: |
|
.TP |
|
writable only for root |
|
The script and all its parent directories must not be writable for anyone |
|
except root. |
|
.TP |
|
must be executable |
|
The execution permission bit of the script must be set. |
|
.TP |
|
directory must be marked |
|
The directory of the script must also contain a file called |
|
\fI_cryptobox_events_\fR to prevent the execution of arbitrary scripts. |
|
.SH SELECTED PROGRAMS |
|
Very few selected programs may be called via CryptoBoxRootActions. Examples |
|
are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of |
|
CryptoBoxRootActions for details. |
|
.SH AUTHOR |
|
Written by Lars Kruse |
|
.SH REPORTING BUGS |
|
Report bugs to <devel@sumpfralle.de> |
|
.SH COPYRIGHT |
|
Copyright \(co 02006-02007 Lars Kruse |
|
.br |
|
This is free software. You may redistribute copies of it under the terms of the |
|
GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO |
|
WARRANTY, to the extent permitted by law. |
|
|
|
|