1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
Source: userv-utils
Section: admin
Priority: extra
Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk>
Standards-Version: 3.7.0.0
Build-Depends: debhelper (>= 8)
Package: userv-utils
Architecture: any
Depends: userv
Recommends: ${perl:Depends}, ${misc:Depends}
Description: privsep utilities collection
Several small userv services, which allow certain system configuration
actions to be delegated. In each case the service is disabled unless
enabled by symlink /etc/userv/services.d/* -> ../services-available/*.
.
ipif - allow non-root users to create network interfaces
mailq - allow users to view the mail queue
ndc-reload - allow certain users to reload the nameserver
checkpasswd-* - allow users to run a UNIX password check
Package: userv-dyndns
Architecture: all
Depends: userv, chiark-utils-bin, ${perl:Depends}, ${misc:Depends}
Recommends: bind
Description: dynamic DNS for shell account users
userv-dyndns is a userv service which allows non-root users to
modify individual DNS records in specified zones in a controlled way.
.
Typically, this can be used to provide a `dyndns.org'-like service
which is modifiable by shell account users.
.
The default configuration does not set up any users with permission
to modify the DNS.
Package: userv-cgi
Architecture: any
Depends: userv, ${shlibs:Depends}, ${misc:Depends}
Recommends: httpd
Description: user-provided CGI scripts invoked by userv
This package contains ucgi, a userv service which allows CGI programs
to be provided which do not run as the webserver user, but instead
are owned by a particular other account.
.
Similar effects can be achieved with Apache's suexec; this package is
for administrators who do not trust suexec and wish to defend the
webserver from the CGI script providers, and vice versa, as much as
possible. This is achieved by using userv to do the cross-account
call, rather than a custom setuid helper.
.
The default configuration allows the webserver user to invoke users'
CGI programs from each user's ~/public-cgi, but to allow external
callers to do this, the webserver will also need to be configured.
Package: userv-groupmanage
Architecture: all
Depends: userv, ${perl:Depends}, ${misc:Depends}
Description: user-controlled group membership
groupmanage is a userv service which allows individual shell users to
create UN*X groups, and/or to change the membership of existing
groups of which they are recorded as the manager.
.
The default configuration allows users to create and manage a few
groups, but is reasonably conservative.
Package: userv-git-daemon
Architecture: all
Depends: userv, git-core, adduser, ${perl:Depends}, ${misc:Depends}
Description: per-user git daemon service
userv-git-daemon allows users to publish git repositories which will
be published via the git protocol on 9418. This is a bit like
git-daemon except that the actual reading of each user's repositories
is done as that user.
.
The default configuration does nothing: you must (a) manually copy
the line from /usr/share/doc/examples/userv-git-daemon.inetd into
/etc/inetd.conf and (b) specifically list hostnames and target
directories in /etc/userv/git-urlmap.
|