--- hurd-orig.texi Thu Sep 5 22:56:04 2002 +++ hurd.texi Fri Sep 6 00:51:54 2002 @@ -4749,12 +4749,239 @@ @menu * Auth Interface:: Auth ports implement the auth interface. +* Auth Utilities:: Utilities for changing authentication. @end menu -@section addauth, rmauth, setauth -@section su, sush, unsu -@section login, loginpr -@section auth +@node Auth Utilities +@section Auth Utilities + +Several programs are available for modifying the authentication of +running processes. By default, all of them operate on the processes +from the login collection of the current process. + +@menu +* Invoking addauth:: Raising permissions. +* Invoking rmauth:: Dropping permissions. +* Invoking setauth:: Setting permissions. +@end menu + +@node Invoking addauth +@subsection Invoking @code{addauth} + +The @code{addauth} program allows you to increase the permissions of a +set of running processes. + +The @code{addauth} program has the following synopsis: + +@example +addauth [@var{option}@dots{}] @var{user}@dots{} +@end example + +It accepts the following options: + +@table @code + +@item -a +@itemx --available +Add the ids specified by @var{user}@dots{} to the available ids. + +@item -g @var{group} +@itemx --group=@var{group} +Add @var{group} to the list of effective group ids. + +@item -G @var{group} +@itemx --avail-group=@var{group} +Add @var{group} to the list of available group ids. + +@item -e +@itemx --effective +Add the ids specified by @var{user}@dots{} to the effective ids. + +@item -L [@var{lid}] +@itemx --login[=@var{lid}] +Perform the action on the processes from the login collection +@var{lid}. The default is to operate on that of the current process. + +@item -n +@itemx --dry-run +Do nothing, but print what would be done. + +@item -p @var{pid} +@itemx --pid=@var{pid} +Operate on (i.e. add ids to) the process @var{pid}. + +@item -P @var{pgrp} +@itemx --pgrp=@var{pgrp} +Operate on (i.e. add ids to) the processes of the process group +@var{pgrp}. + +@item -S [@var{sid}] +@itemx --session[=@var{sid}] +Operate on (i.e. add ids to) the processes from the session +@var{sid}. The default is to operate on the session of the current +process. + +@item -u @var{user} +@itemx --user=@var{user} +Add @var{user} to the list of effective user ids. + +@item -U @var{user} +@itemx --avail-user=@var{user} +Add @var{user} to the list of available user ids. + +@item -v +@itemx --verbose +Print informational messages. + +@end table + +@node Invoking rmauth +@subsection Invoking @code{rmauth} + +The @code{rmauth} program allows you to lower the permissions of a set +of running processes. + +The @code{rmauth} program has the following synopsis: + +@example +rmauth [@var{option}@dots{}] @var{user}@dots{} +@end example + +It accepts the following options: + +@table @code + +@item -a +@itemx --available +Remove the ids specified by @var{user}@dots{} from the available ids. + +@item -g @var{group} +@itemx --group=@var{group} +Remove @var{group} from the list of effective group ids. + +@item -G @var{group} +@itemx --avail-group=@var{group} +Remove @var{group} from the list of available group ids. + +@item -e +@itemx --effective +Remove the ids specified by @var{user}@dots{} from the effective ids. + +@item -L [@var{lid}] +@itemx --login[=@var{lid}] +Perform the action on the processes from the login collection +@var{lid}. The default is to operate on that of the current process. + +@item -n +@itemx --dry-run +Do nothing, but print what would be done. + +@item -p @var{pid} +@itemx --pid=@var{pid} +Operate on (i.e. remove ids from) the process @var{pid}. + +@item -P @var{pgrp} +@itemx --pgrp=@var{pgrp} +Operate on (i.e. remove ids from) the processes of the process group +@var{pgrp}. + +@item -s +@itemx --save +Save removed effective ids in the available ids. + +@item -S [@var{sid}] +@itemx --session[=@var{sid}] +Operate on (i.e. remove ids from) the processes from the session +@var{sid}. The default is to operate on the session of the current +process. + +@item -u @var{user} +@itemx --user=@var{user} +Remove @var{user} from the list of effective user ids. + +@item -U @var{user} +@itemx --avail-user=@var{user} +Remove @var{user} from the list of available user ids. + +@item -v +@itemx --verbose +Print informational messages. + +@end table + +@node Invoking setauth +@subsection Invoking @code{setauth} + +The @code{setauth} program allows you to lower the permissions of a +set of running processes. + +The @code{setauth} program has the following synopsis: + +@example +setauth [@var{option}@dots{}] @var{user}@dots{} +@end example + +It accepts the following options: + +@table @code + +@item -g @var{group} +@itemx --group=@var{group} +Insert @var{group} into the list of effective group ids. + +@item -G @var{group} +@itemx --avail-group=@var{group} +Insert @var{group} into the list of available group ids. + +@item -k +@itemx --keep +Keep the old ids in addition to ther new ones. + +@item -L [@var{lid}] +@itemx --login[=@var{lid}] +Perform the action on the processes from the login collection +@var{lid}. The default is to operate on that of the current process. + +@item -n +@itemx --dry-run +Do nothing, but print what would be done. + +@item -p @var{pid} +@itemx --pid=@var{pid} +Operate on (i.e. set the ids of) the process @var{pid}. + +@item -P @var{pgrp} +@itemx --pgrp=@var{pgrp} +Operate on (i.e. set the ids of) the processes of the process group +@var{pgrp}. + +@item -s +@itemx --save +Save removed effective ids in the available ids. + +@item -S [@var{sid}] +@itemx --session[=@var{sid}] +Operate on (i.e. set the ids of) the processes from the session +@var{sid}. The default is to operate on the session of the current +process. + +@item -u @var{user} +@itemx --user=@var{user} +Insert @var{user} into the list of effective user ids. + +@item -U @var{user} +@itemx --avail-user=@var{user} +Insert @var{user} into the list of available user ids. + +@item -v +@itemx --verbose +Print informational messages. + +@end table + +@c @section su, sush, unsu +@c @section login, loginpr +@c @section auth @node Auth Interface @section Auth Interface