Provided by: sfs-common_0.8-0+pre20060720.1-1.1_i386 bug

NAME

       newaid - Run processes with different sfsagents

SYNOPSIS

       newaid [-l] [-{u|U} uid] [-G | -g gid] [-C dir] [program arg ...]

DESCRIPTION

       The newaid command allows root-owned processes to access SFS file
       systems using the sfsagent of a non-root user.  Additionally, if a
       system is configured to allow this, newaid permits non-root users to
       run multiple sfsagent processes, so that different processes owned by
       that user access the SFS file system with different agents.  (When used
       in The latter mode, newaid is similar in function to the AFS program
       pagsh.)

       SFS maps file system requests to particular sfsagent processes using
       the notion of agent ID, or aid.  Every process has a 64-bit aid
       associated with it.  Ordinarily, a process’s aid is simply its 32-bit
       user ID.  Thus, when a user runs sfsagent, both the agent and all of
       the users’ processes have the same aid.

       To allow different processes owned by the same user to have different
       agents, a system administrator can reserve a range of group IDs for the
       purpose of flagging different aids.  See the ResvGids directive
       described in the sfs_config man page for a description of how to do
       this.  (Note that after changing ResvGids, you must kill and restart
       sfscd for things to work properly.)  If the range of reserved group IDs
       is min...max, and the first element of a process’s grouplist, g0, is at
       least min and not more than max, then a process’s aid is computed as
       ((g0 - min + 1) << 32) | uid).  The newaid command therefore lets
       people insert any of the reserved group IDs at the start of a process’s
       group list.

       For root-owned processes, it is also possible for processes to be
       associated with a non-root agent.  In this case, the reserved sfs-group
       (as a marker) and target user’s uid are actually placed in the
       process’s grouplist, as well as any reserved group ID to select amongst
       multiple agents of the same user.

       After making appropriate changes to its user ID and/or grouplists,
       newaid executes the program specified on the command line.  If no
       program is specified, the program specified by the environment variable
       SHELL is used by default.

OPTIONS

       -l  Run the command as a login shell.  This argument simply prepends a
           - character to argv[0] when executing program.  Command shells
           interpret this to mean that they are being being run as login
           shells, and usually exhibit slightly different behavior.  (For
           example csh will execute the commands in a user’s .login file.)

       -u uid
           For root-owned process, specifies that the program should be run as
           root, but should be associated with the non-root agent of user uid.

       -U uid
           When newaid is invoked by a root-owned processes, this option sets
           the real uid to uid to run program, instead of running it with uid
           0.  This is in itself is not sufficient to ‘‘drop privileges.’’  In
           particular, newaid still does not make any changes to the process
           gid or grouplist, beyond manipulating aid-specific groups.  Since
           many root-owned processes also have privileged groups in their
           grouplist, it is in general insecure to use -U unless you set both
           the gid and the whole grouplist to something sensible (i.e.,
           appropriately unprivileged) before invoking newaid.

           This option is mostly of use for login-like programs that wish to
           create a session with a new aid, and do not wish to make the setuid
           system call themselves.  As an example, the rexd daemon has the
           server’s private key, yet must spawn the proxy program as an
           unprivileged user.  If it dropped privileges before executing
           proxy, unprivileged users could send it signals, risking core
           dumps.  Moreover, attackers might be able to exploit weaknesses in
           the operating system’s ptrace system call or /proc file system to
           learn the private key.  rexd therefore runs proxy through newaid,
           giving it the -U option.

       -g gid
       -G  By default newaid simply picks the first aid under which no agent
           is yet running.  The -g option explicitly specifies that gid should
           be added to the start of the process’s group list (and any previous
           reserved gid should be removed).  -G says to remove any reserved
           gid, so that the aid of the resulting process will just be the
           user’s uid.

       -C dir
           Changes directory to dir before running program.

SEE ALSO

       dirsearch(1), rex(1), sfsagent(1), sfskey(1), ssu(1), sfs_config(5),
       sfs_hosts(5), sfs_srp_params(5), sfs_users(5), sfsauthd_config(5),
       sfscd_config(5), sfsrosd_config(5), sfsrwsd_config(5), sfssd_config(5),
       sfs_environ(7), funmount(8), nfsmounter(8), sfsauthd(8), sfscd(8),
       sfsrosd(8), sfsrwcd(8), sfsrwsd(8), sfssd(8), vidb(8)

       The full documentation for SFS is maintained as a Texinfo manual.  If
       the info and SFS programs are properly installed at your site, the
       command info SFS should give you access to the complete manual.

       For updates, documentation, and software distribution, please see the
       SFS website at http://www.fs.net/.

AUTHOR

       sfsdev@redlab.lcs.mit.edu