| 1 | Source: userv-utils |
| 2 | Section: admin |
| 3 | Priority: extra |
| 4 | Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk> |
| 5 | Standards-Version: 3.7.0.0 |
| 6 | Build-Depends: debhelper (>= 8) |
| 7 | |
| 8 | Package: userv-utils |
| 9 | Architecture: any |
| 10 | Depends: userv |
| 11 | Recommends: ${perl:Depends}, ${misc:Depends} |
| 12 | Description: privsep utilities collection |
| 13 | Several small userv services, which allow certain system configuration |
| 14 | actions to be delegated. In each case the service is disabled unless |
| 15 | enabled by symlink /etc/userv/services.d/* -> ../services-available/*. |
| 16 | . |
| 17 | ipif - allow non-root users to create network interfaces |
| 18 | mailq - allow users to view the mail queue |
| 19 | ndc-reload - allow certain users to reload the nameserver |
| 20 | checkpasswd-* - allow users to run a UNIX password check |
| 21 | |
| 22 | Package: userv-dyndns |
| 23 | Architecture: all |
| 24 | Depends: userv, chiark-utils-bin, ${perl:Depends}, ${misc:Depends} |
| 25 | Recommends: bind |
| 26 | Description: dynamic DNS for shell account users |
| 27 | userv-dyndns is a userv service which allows non-root users to |
| 28 | modify individual DNS records in specified zones in a controlled way. |
| 29 | . |
| 30 | Typically, this can be used to provide a `dyndns.org'-like service |
| 31 | which is modifiable by shell account users. |
| 32 | . |
| 33 | The default configuration creates the infrastructure (including a |
| 34 | service user) but does not allow any users to modify the DNS. |
| 35 | |
| 36 | Package: userv-cgi |
| 37 | Architecture: any |
| 38 | Depends: userv, ${shlibs:Depends}, ${misc:Depends} |
| 39 | Recommends: httpd |
| 40 | Description: user-provided CGI scripts invoked by userv |
| 41 | This package contains ucgi, a userv service which allows CGI programs |
| 42 | to be provided which do not run as the webserver user, but instead |
| 43 | are owned by a particular other account. |
| 44 | . |
| 45 | Similar effects can be achieved with Apache's suexec; this package is |
| 46 | for administrators who do not trust suexec and wish to defend the |
| 47 | webserver from the CGI script providers, and vice versa, as much as |
| 48 | possible. This is achieved by using userv to do the cross-account |
| 49 | call, rather than a custom setuid helper. |
| 50 | . |
| 51 | The default configuration allows the webserver user to invoke users' |
| 52 | CGI programs from each user's ~/public-cgi, but to allow external |
| 53 | callers to do this, the webserver will also need to be configured. |
| 54 | |
| 55 | Package: userv-groupmanage |
| 56 | Architecture: all |
| 57 | Depends: userv, ${perl:Depends}, ${misc:Depends} |
| 58 | Description: user-controlled group membership |
| 59 | groupmanage is a userv service which allows individual shell users to |
| 60 | create UN*X groups, and/or to change the membership of existing |
| 61 | groups of which they are recorded as the manager. |
| 62 | . |
| 63 | The default configuration allows users to create and manage a few |
| 64 | groups, but is reasonably conservative. |
| 65 | |
| 66 | Package: userv-git-daemon |
| 67 | Architecture: all |
| 68 | Depends: userv, git-core, adduser, ${perl:Depends}, ${misc:Depends} |
| 69 | Description: per-user git daemon service |
| 70 | userv-git-daemon allows users to publish git repositories which will |
| 71 | be published via the git protocol on 9418. This is a bit like |
| 72 | git-daemon except that the actual reading of each user's repositories |
| 73 | is done as that user. |
| 74 | . |
| 75 | The default configuration does nothing: you must (a) manually copy |
| 76 | the line from /usr/share/doc/examples/userv-git-daemon.inetd into |
| 77 | /etc/inetd.conf and (b) specifically list hostnames and target |
| 78 | directories in /etc/userv/git-urlmap. |