Provided by: ikiwiki-hosting-web_0.20180719-1build1_amd64 bug


       ikisite-wrapper - suid wrapper for ikisite


       ikisite-wrapper subcommand options


       ikisite-wrapper  is  a wrapper around ikisite. It is designed to be safely made suid root,
       though it is not currently suid by default.

       A few ikisite subcommands can be run using the wrapper without any authorisation  at  all.
       These include: create, branch, list, sitelookup, checklock, updatecustomersite, enabledns,
       and enable. So making the wrapper suid allows any user to create a site.

       Other ikisite subcommands can only be run using the wrapper by users who specify  a  nonce
       in  the  IKISITE_NONCE  environment variable. These include: delete, changesetup, domains,
       and deletenonce.

       A site's current nonces are stored in its .ikisite-nonce file. A nonce can be generated by
       root  or  the site's user via using the createnonce subcommand, but it's usually generated
       by passing --createnonce to the create or branch subcommands. This allows anyone to create
       or  branch  a site and then use the nonce to allow further configuration of it (and delete
       it if something goes wrong).

       Subcommands that can be called by the wrapper either without or with  a  nonce  should  be
       sure to fully validate their inputs.




       Joey Hess <>