diff options
author | Simo Sorce <simo@redhat.com> | 2013-12-22 16:13:56 -0500 |
---|---|---|
committer | Günther Deschner <gdeschner@redhat.com> | 2014-01-14 16:07:27 +0100 |
commit | a14cb37d199fec9227f668fe107bf38f99b8b842 (patch) | |
tree | 87846966a6820a6c109e856d7185f490f81ffd01 /proxy/man/gssproxy.conf.5.xml | |
parent | 8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 (diff) | |
download | gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.gz gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.xz gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.zip |
Add support for dropping privileges
If the 'proxy user' configuation option is set in the [gssproxy] section then
GSS Proxy will drop privileges to the specified after setting up all the
sockets.
Care must be taken to make sure all the resources the daemon need access to
(keytabs, ccache directories, etc..) are accessible as the proxy user.
Implements: https://fedorahosted.org/gss-proxy/ticket/102
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/man/gssproxy.conf.5.xml')
-rw-r--r-- | proxy/man/gssproxy.conf.5.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index b4d5add..95fdb65 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -254,6 +254,15 @@ </varlistentry> <varlistentry> + <term>run_as_user (string)</term> + <listitem> + <para>The name of the user gssproxy will drop privileges to.</para> + <para>This option is only available in the global section.</para> + <para>Default: run_as_user = </para> + </listitem> + </varlistentry> + + <varlistentry> <term>selinux_context (string)</term> <listitem> <para>This parameter instructs the proxy to allow map a |