[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ next ]
There is a daemon which invokes user service programs (henceforth `services')
in response to requests by callers of a companion client program (henceforth
the `client') and according to rules set forth in system-wide and user-specific
configuration files. The companion client program is setuid root, and
negotiates with the daemon through an AF_UNIX
socket and
associated objects in a system-wide private directory set aside for the
purpose. The user who wishes the service to be performed and calls the client
is called the `calling user'; the process which calls the client is called the
`calling process'.
The daemon and the client are responsible for ensuring that information is safely carried across the security boundary between the two users, and that the processes on either side cannot interact with each other in any unexpected ways.
[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ next ]
User service daemon and client specification
1.2.0mailto:ian@davenant.greenend.org.uk