summaryrefslogtreecommitdiffstats
path: root/proxy/man/gssproxy.conf.5.xml
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-12-22 16:13:56 -0500
committerGünther Deschner <gdeschner@redhat.com>2014-01-14 16:07:27 +0100
commita14cb37d199fec9227f668fe107bf38f99b8b842 (patch)
tree87846966a6820a6c109e856d7185f490f81ffd01 /proxy/man/gssproxy.conf.5.xml
parent8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 (diff)
downloadgss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.gz
gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.xz
gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.zip
Add support for dropping privileges
If the 'proxy user' configuation option is set in the [gssproxy] section then GSS Proxy will drop privileges to the specified after setting up all the sockets. Care must be taken to make sure all the resources the daemon need access to (keytabs, ccache directories, etc..) are accessible as the proxy user. Implements: https://fedorahosted.org/gss-proxy/ticket/102 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/man/gssproxy.conf.5.xml')
-rw-r--r--proxy/man/gssproxy.conf.5.xml9
1 files changed, 9 insertions, 0 deletions
diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml
index b4d5add..95fdb65 100644
--- a/proxy/man/gssproxy.conf.5.xml
+++ b/proxy/man/gssproxy.conf.5.xml
@@ -254,6 +254,15 @@
</varlistentry>
<varlistentry>
+ <term>run_as_user (string)</term>
+ <listitem>
+ <para>The name of the user gssproxy will drop privileges to.</para>
+ <para>This option is only available in the global section.</para>
+ <para>Default: run_as_user = </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>selinux_context (string)</term>
<listitem>
<para>This parameter instructs the proxy to allow map a
generated by cgit (git 2.34.1) at 2024-05-30 13:24:52 +0000