NAME¶
ikisite-wrapper - suid wrapper for ikisite
SYNOPSIS¶
ikisite-wrapper subcommand options
DESCRIPTION¶
ikisite-wrapper is a wrapper around ikisite. It is designed to be safely made
suid root, though it is not currently suid by default.
A few ikisite subcommands can be run using the wrapper without any authorisation
at all. These include: create, branch, list, sitelookup, checklock,
updatecustomersite, and enabledns. So making the wrapper suid allows any user
to create a site.
Other ikisite subcommands can only be run using the wrapper by users who specify
a nonce in the IKISITE_NONCE environment variable. These include: delete,
changesetup, domains, and deletenonce.
A site's current nonces are stored in its .ikisite-nonce file. A nonce can be
generated by root or the site's user via using the createnonce subcommand, but
it's usually generated by passing --createnonce to the create or branch
subcommands. This allows anyone to create or branch a site and then use the
nonce to allow further configuration of it (and delete it if something goes
wrong).
Subcommands that can be called by the wrapper either without or with a nonce
should be sure to fully validate their inputs.
SEE ALSO¶
- ikisite(1)
AUTHOR¶
Joey Hess <joey@ikiwiki.info>