diff options
Diffstat (limited to 'stap-server.8.in')
| -rw-r--r-- | stap-server.8.in | 43 |
1 files changed, 22 insertions, 21 deletions
diff --git a/stap-server.8.in b/stap-server.8.in index bab8d82a..2ec00c24 100644 --- a/stap-server.8.in +++ b/stap-server.8.in @@ -18,7 +18,7 @@ stap-server \- systemtap server and related utilities .B stap\-stop\-server .I PID .br -.B stap\-add\-server\-cert \fICERTFILE\fR \fIDIRNAME\fR +.B stap\-authorize\-server\-cert \fICERTFILE\fR [ \fIDIRNAME\fR ] .br .B stap\-client [ @@ -66,13 +66,13 @@ using .IR stap\-find\-servers . If a compatible server is found, .I stap\-find\-or\-start\-server -echoes \[aq]0\[aq] to stdout and the exit code is 0. Otherwise +echoes \[aq]0\[aq] to stdout. Otherwise .I stap\-find\-or\-start\-server attempts to start a server on the local network using .IR stap\-start\-server . -If successful, the process id of the new server is echoed to stdout and the -exit code is 0. If no server can be found or started, \[aq]-1\[aq] is echoed -to stdout and the exit code is 1. +If successful, the process id of the new server is echoed to stdout. +If no server can be found or started, \[aq]-1\[aq] is echoed +to stdout. The exit code is 0 in all cases. .PP The @@ -86,7 +86,7 @@ does not verify that the server actually shuts down. .PP The -.I stap\-add\-server\-cert +.I stap\-authorize\-server\-cert program adds the given server certificate to the given client\-side certificate database, making that server a trusted server for clients using that database. @@ -168,19 +168,23 @@ program requires a process id argument which identifies the server to be stopped .PP The -.I stap\-add\-server\-cert +.I stap\-authorize\-server\-cert program accepts two arguments: .TP .B CERTFILE This is the name of the file containing the certificate of the new trusted -server. This is the file named \fIstap-server.cert\fR which can be found in the +server. This is the file named \fIstap.cert\fR which can be found in the server\[aq]s certificate database. .TP .B DIRNAME -This is the name of the directory containing the client\-side certificate database to which -the certificate is to be added. +This optional argument is the name of the directory containing the client\-side +certificate database to which the certificate is to be added. If not specified, the +default, for non\-root users,is +.I $HOME/.systemtap/ssl/server\fP. +For root users (EUID=0), the default is +.I $sysconfdir/systemtap/ssl/server\fP. .PP The @@ -218,7 +222,7 @@ For root users (EUID=0), it will be created in .I $sysconfdir/systemtap/ssl/server\fP. .IP \(bu 4 -At this time the +At this time, the server will also create a local client\-side certificate database and add the server\[aq]s certificate to it. For non\-root users, this database will be created in @@ -249,9 +253,9 @@ will be considered to be trusted for that invocation of the client. .IP \(bu 4 A user may add the certificate of a new trusted server to his own local client\-side certificate database using -\[aq]\fBstap-add-server-cert \fICERTFILE\fR \fIDIRNAME\fR\[aq] +\[aq]\fBstap\-authorize\-server\-cert \fICERTFILE\fR\[aq] (see above), where \fICERTFILE\fP is the server\[aq]s certificate file -(\fIstap\-server.cert\fP) from the servers certificate database directory and +(\fIstap.cert\fP) from the server\[aq]s certificate database directory and \fIDIRNAME\fP is the directory containing the user\[aq]s client\-side certificate database. @@ -312,11 +316,11 @@ simple example .PP To permanently trust a given server for your own use .PP -.B \& $ stap\-add\-server\-cert \fICERTFILE\fP $HOME/.systemtap/ssl/client +.B \& $ stap\-authorize\-server\-cert \fICERTFILE\fP .PP As root, to permanently trust a given server for all users on your host .PP -.B \& $ stap\-add\-server\-cert \fICERTFILE\fP $sysconfdir/systemtap/ssl/client +.B \& $ stap\-authorize\-server\-cert \fICERTFILE\fP .PP If a process id was echoed by .I stap\-start\-server @@ -337,11 +341,9 @@ manual page for additional information on safety and security. .PP The systemtap server and its related utilities use the Secure Socket Layer (SSL) as implemented by Network Security Services (NSS) -for network security and the NSS tools +for network security. The NSS tool .I certutil -and -.I signtool -for the generation of certificates and for signing respectively. The related +is used for the generation of certificates. The related certificate databases must be protected in order to maintain the security of the system. Use of the utilities provided will help to ensure that the proper protection @@ -355,8 +357,7 @@ access permissions before making use of any certificate database. .IR stapfuncs (3stap), .IR stapex (3stap), .IR NSS , -.IR certutil , -.IR signtool +.IR certutil .SH BUGS Use the Bugzilla link off of the project web page or our mailing list. |