| 1 | Source: userv-utils |
| 2 | Section: admin |
| 3 | Priority: extra |
| 4 | Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk> |
| 5 | Standards-Version: 2.1.1.0 |
| 6 | |
| 7 | Package: userv-ipif |
| 8 | Architecture: any |
| 9 | Depends: userv |
| 10 | Recommends: ssh |
| 11 | Description: VPN system (and user-mode network interface) |
| 12 | userv-ipif is a userv service to allow non-root users to create |
| 13 | network interfaces implemented in user space. No kernel patches are |
| 14 | required (the kernel's built-in SLIP driver is used). |
| 15 | . |
| 16 | Based on this, udptunnel is a a simple but flexible VPN program which |
| 17 | uses ssh for authentication and key exchange but sends the packets |
| 18 | over UDP. (Other VPN-over-ssh programs typically do PPP-over-TCP, |
| 19 | which yields poor perfoormance.) Note that udptunnel is not IPSEC. |
| 20 | . |
| 21 | The default configuration does set up any users with permission to |
| 22 | create network interfaces such as VPN endpoints. |
| 23 | |
| 24 | Package: userv-dyndns |
| 25 | Architecture: all |
| 26 | Depends: userv, chiark-utils-bin |
| 27 | Recommends: bind |
| 28 | Description: dynamic DNS for shell account users |
| 29 | userv-dyndns is a userv service which allows non-root users to |
| 30 | modify individual DNS records in specified zones in a controlled way. |
| 31 | . |
| 32 | Typically, this can be used to provide a `dyndns.org'-like service |
| 33 | which is modifiable by shell account users. |
| 34 | . |
| 35 | The default configuration does not set up any users with permission |
| 36 | to modify the DNS. |
| 37 | |
| 38 | Package: userv-cgi |
| 39 | Architecture: any |
| 40 | Depends: userv |
| 41 | Recommends: httpd |
| 42 | Description: user-provided CGI scripts invoked by userv |
| 43 | This package contains ucgi, a userv service which allows CGI programs |
| 44 | to be provided which do not run as the webserver user, but instead |
| 45 | are owned by a particular other account. |
| 46 | . |
| 47 | Similar effects can be achieved with Apache's suexec; this package is |
| 48 | for administrators who do not trust suexec and wish to defend the |
| 49 | webserver from the CGI script providers, and vice versa, as much as |
| 50 | possible. This is achieved by using userv to do the cross-account |
| 51 | call, rather than a custom setuid helper. |
| 52 | . |
| 53 | The default configuration allows the webserver user to invoke users' |
| 54 | CGI programs from each user's ~/public-GI, but to allow external |
| 55 | callers to do this, the webserver will also need to be configured. |
| 56 | |
| 57 | Package: userv-groupmanage |
| 58 | Architecture: all |
| 59 | Depends: userv |
| 60 | Description: user-controlled group membership |
| 61 | groupmanage is a userv service which allows individual shell users to |
| 62 | create UN*X groups, and/or to change the membership of existing |
| 63 | groups of which they are recorded as the manager. |
| 64 | . |
| 65 | The default configuration allows users to create and manage a few |
| 66 | groups, but is reasonably conservative. |
| 67 | |
| 68 | Package: userv-git-daemon |
| 69 | Architecture: all |
| 70 | Depends: userv, git-core |
| 71 | Description: per-user git daemon service |
| 72 | userv-git-daemon allows users to publish git repositories which will |
| 73 | be published via the git protocol on 9418. This is a bit like |
| 74 | git-daemon except that the actual reading of each user's repositories |
| 75 | is done as that user. |
| 76 | . |
| 77 | The default configuration does nothing: you must (a) manually copy |
| 78 | the line from /usr/share/doc/examples/userv-git-daemon.inetd into |
| 79 | /etc/inetd.conf and (b) specifically list hostnames and target |
| 80 | directories in /etc/userv/git-urlmap. |
| 81 | |
| 82 | Package: userv-misc |
| 83 | Architecture: all |
| 84 | Depends: userv |
| 85 | Description: miscellaneous small userv scripts |
| 86 | This package a few small userv services. Since you must choose |
| 87 | whether to install this package or not as one lump, the default |
| 88 | configuration for each script does not give users any new abilities. |
| 89 | . |
| 90 | mailq - allow users to view the mail queue |
| 91 | ndc-reload - allow certain users to reload the nameserver |
| 92 | checkpasswd-* - allow users to run a UNIX password check |