README for erni

>> OVERVIEW

erni -- run a process as a given user, with an option to chroot

erni can be used by system init scripts to run processes as 
a given user.  This is most useful when the old 

	su - <user> -c <command>

syntax won't work because <user>'s shell has been replaced, i.e.
for security reasons.


erni is heavily based on the program "runas" which is included 
in the Titan distribution.  To see the original, please visit

	http://www.fish.com/titan


>> CONFIG FILE AND COMMAND FLAGS

Values may be specified on the commandline [using flags]
or in the configuration file:

=============================================================
flag          cf file key
=============================================================

-u <user>:<group>

              user

	run process as user "<user>" and group "<group>"

	If this is a number, it will be converted to a numeric 
    uid_t value; otherwise, we will attempt a lookup of the 
	name using getpwnam().


              group

	If this is a number, it will be converted to a numeric 
	gid_t value; otherwise, we will attempt a lookup of the 
	name using getgrnam().

-------------------------------------------------------------

-m <mask>     mask [or "umask"]

	run process with umask "<mask>"

	To be somewhat forgiving, we accept both
	"mask" and "umask" in the config file.

	This flag is optional; the default value
	is somewhat restrictive (027) but should
	be suitable for most usage.

-------------------------------------------------------------

-e <command>  command
	-or-
-E <command>

	execute "<command>"

	"-e"/"<command>" works only if the command in question contains
	no quote characters [used to group words, separated
	by spaces, into a single argument].  This is because
	the command string is parsed by string2array -- which
	defines a space as an agrument separator -- to turn 
	it into a command vector for use with the exec[n]() 
	family of functions.

	If such quoting is required, we provide the flag "-E."
	This must be the last argument on the commandline, as
	all arguments thereafter will be considered part of
	the command to run.

-------------------------------------------------------------

-d
	run specified command as a daemon; that is, fork() 
	after chroot() (if it was requested) but before
	calling exec()

-------------------------------------------------------------

-c <chroot>   chroot

	perform a chroot(2) to directory "<chroot>" before execution

-------------------------------------------------------------

-h            (none)
	show this help message

-------------------------------------------------------------

EOF erni.README
