Document the SUSER_RUID flag.
Reminded by: pjd
This commit is contained in:
cperciva
parent
4c108fff2d
commit
ddcdcc894f
@ -62,8 +62,9 @@ circumstances dictate otherwise.
|
|||||||
The
|
The
|
||||||
.Fn suser_cred
|
.Fn suser_cred
|
||||||
function should be used when the credentials to be checked are
|
function should be used when the credentials to be checked are
|
||||||
not the thread's own, when there is no thread, or when superuser
|
not the thread's own, when there is no thread, when superuser
|
||||||
powers should be extended to imprisoned roots.
|
powers should be extended to imprisoned roots, or when the credential
|
||||||
|
to be checked is the real user rather than the effective user.
|
||||||
.Pp
|
.Pp
|
||||||
By default, a process does not command superuser powers if it has
|
By default, a process does not command superuser powers if it has
|
||||||
been imprisoned by the
|
been imprisoned by the
|
||||||
@ -85,6 +86,17 @@ implicit in the
|
|||||||
.Xr jail 2
|
.Xr jail 2
|
||||||
call should such powers be granted.
|
call should such powers be granted.
|
||||||
.Pp
|
.Pp
|
||||||
|
By default, the credential checked is the effective user. There are cases
|
||||||
|
where it is instead necessary to check the real user (for example, when
|
||||||
|
determining if resource limits should be applied), and this can be done
|
||||||
|
by passing the
|
||||||
|
.Dv SUSER_RUID
|
||||||
|
flag in the
|
||||||
|
.Fa flag
|
||||||
|
argument to the
|
||||||
|
.Fn suser_cred
|
||||||
|
function.
|
||||||
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn suser
|
.Fn suser
|
||||||
and
|
and
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user