| 1 | Source: userv-utils |
| 2 | Section: admin |
| 3 | Priority: extra |
| 4 | Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk> |
| 5 | Standards-Version: 3.7.0.0 |
| 6 | Build-Depends: debhelper (>= 8) |
| 7 | |
| 8 | Package: userv-ipif |
| 9 | Architecture: any |
| 10 | Depends: userv, ${shlibs:Depends}, ${misc:Depends} |
| 11 | Recommends: ssh |
| 12 | Description: VPN system (and user-mode network interface) |
| 13 | userv-ipif is a userv service to allow non-root users to create |
| 14 | network interfaces implemented in user space. |
| 15 | . |
| 16 | The default configuration does set up any users with permission to |
| 17 | create network interfaces such as VPN endpoints. |
| 18 | |
| 19 | Package: userv-dyndns |
| 20 | Architecture: all |
| 21 | Depends: userv, chiark-utils-bin, ${perl:Depends}, ${misc:Depends} |
| 22 | Recommends: bind |
| 23 | Description: dynamic DNS for shell account users |
| 24 | userv-dyndns is a userv service which allows non-root users to |
| 25 | modify individual DNS records in specified zones in a controlled way. |
| 26 | . |
| 27 | Typically, this can be used to provide a `dyndns.org'-like service |
| 28 | which is modifiable by shell account users. |
| 29 | . |
| 30 | The default configuration does not set up any users with permission |
| 31 | to modify the DNS. |
| 32 | |
| 33 | Package: userv-cgi |
| 34 | Architecture: any |
| 35 | Depends: userv, ${shlibs:Depends}, ${misc:Depends} |
| 36 | Recommends: httpd |
| 37 | Description: user-provided CGI scripts invoked by userv |
| 38 | This package contains ucgi, a userv service which allows CGI programs |
| 39 | to be provided which do not run as the webserver user, but instead |
| 40 | are owned by a particular other account. |
| 41 | . |
| 42 | Similar effects can be achieved with Apache's suexec; this package is |
| 43 | for administrators who do not trust suexec and wish to defend the |
| 44 | webserver from the CGI script providers, and vice versa, as much as |
| 45 | possible. This is achieved by using userv to do the cross-account |
| 46 | call, rather than a custom setuid helper. |
| 47 | . |
| 48 | The default configuration allows the webserver user to invoke users' |
| 49 | CGI programs from each user's ~/public-cgi, but to allow external |
| 50 | callers to do this, the webserver will also need to be configured. |
| 51 | |
| 52 | Package: userv-groupmanage |
| 53 | Architecture: all |
| 54 | Depends: userv, ${perl:Depends}, ${misc:Depends} |
| 55 | Description: user-controlled group membership |
| 56 | groupmanage is a userv service which allows individual shell users to |
| 57 | create UN*X groups, and/or to change the membership of existing |
| 58 | groups of which they are recorded as the manager. |
| 59 | . |
| 60 | The default configuration allows users to create and manage a few |
| 61 | groups, but is reasonably conservative. |
| 62 | |
| 63 | Package: userv-git-daemon |
| 64 | Architecture: all |
| 65 | Depends: userv, git-core, adduser, ${perl:Depends}, ${misc:Depends} |
| 66 | Description: per-user git daemon service |
| 67 | userv-git-daemon allows users to publish git repositories which will |
| 68 | be published via the git protocol on 9418. This is a bit like |
| 69 | git-daemon except that the actual reading of each user's repositories |
| 70 | is done as that user. |
| 71 | . |
| 72 | The default configuration does nothing: you must (a) manually copy |
| 73 | the line from /usr/share/doc/examples/userv-git-daemon.inetd into |
| 74 | /etc/inetd.conf and (b) specifically list hostnames and target |
| 75 | directories in /etc/userv/git-urlmap. |
| 76 | |
| 77 | Package: userv-misc |
| 78 | Architecture: all |
| 79 | Depends: userv |
| 80 | Recommends: ${perl:Depends}, ${misc:Depends} |
| 81 | Description: miscellaneous small userv scripts |
| 82 | This package a few small userv services. Since you must choose |
| 83 | whether to install this package or not as one lump, the default |
| 84 | configuration for each script does not give users any new abilities. |
| 85 | . |
| 86 | mailq - allow users to view the mail queue |
| 87 | ndc-reload - allow certain users to reload the nameserver |
| 88 | checkpasswd-* - allow users to run a UNIX password check |