Provided by: sfs-common_0.8-0+pre20060720.1-1.1_i386
 

NAME

        newaid - Run processes with different sfsagents
 

SYNOPSIS

        newaid [-l] [-{u|U} uid] [-G | -g gid] [-C dir] [program arg ...]
 

DESCRIPTION

        The newaid command allows root-owned processes to access SFS file sys‐
        tems using the sfsagent of a non-root user.  Additionally, if a system
        is configured to allow this, newaid permits non-root users to run mul‐
        tiple sfsagent processes, so that different processes owned by that
        user access the SFS file system with different agents.  (When used in
        The latter mode, newaid is similar in function to the AFS program
        pagsh.)
 
        SFS maps file system requests to particular sfsagent processes using
        the notion of agent ID, or aid.  Every process has a 64-bit aid associ‐
        ated with it.  Ordinarily, a process’s aid is simply its 32-bit user
        ID.  Thus, when a user runs sfsagent, both the agent and all of the
        users’ processes have the same aid.
 
        To allow different processes owned by the same user to have different
        agents, a system administrator can reserve a range of group IDs for the
        purpose of flagging different aids.  See the ResvGids directive
        described in the sfs_config man page for a description of how to do
        this.  (Note that after changing ResvGids, you must kill and restart
        sfscd for things to work properly.)  If the range of reserved group IDs
        is min...max, and the first element of a process’s grouplist, g0, is at
        least min and not more than max, then a process’s aid is computed as
        ((g0 - min + 1) << 32) | uid).  The newaid command therefore lets peo‐
        ple insert any of the reserved group IDs at the start of a process’s
        group list.
 
        For root-owned processes, it is also possible for processes to be asso‐
        ciated with a non-root agent.  In this case, the reserved sfs-group (as
        a marker) and target user’s uid are actually placed in the process’s
        grouplist, as well as any reserved group ID to select amongst multiple
        agents of the same user.
 
        After making appropriate changes to its user ID and/or grouplists,
        newaid executes the program specified on the command line.  If no pro‐
        gram is specified, the program specified by the environment variable
        SHELL is used by default.
 

OPTIONS

        -l  Run the command as a login shell.  This argument simply prepends a
            - character to argv[0] when executing program.  Command shells
            interpret this to mean that they are being being run as login
            shells, and usually exhibit slightly different behavior.  (For
            example csh will execute the commands in a user’s .login file.)
 
        -u uid
            For root-owned process, specifies that the program should be run as
            root, but should be associated with the non-root agent of user uid.
 
        -U uid
            When newaid is invoked by a root-owned processes, this option sets
            the real uid to uid to run program, instead of running it with uid
            0.  This is in itself is not sufficient to ‘‘drop privileges.’’  In
            particular, newaid still does not make any changes to the process
            gid or grouplist, beyond manipulating aid-specific groups.  Since
            many root-owned processes also have privileged groups in their
            grouplist, it is in general insecure to use -U unless you set both
            the gid and the whole grouplist to something sensible (i.e., appro‐
            priately unprivileged) before invoking newaid.
 
            This option is mostly of use for login-like programs that wish to
            create a session with a new aid, and do not wish to make the setuid
            system call themselves.  As an example, the rexd daemon has the
            server’s private key, yet must spawn the proxy program as an
            unprivileged user.  If it dropped privileges before executing
            proxy, unprivileged users could send it signals, risking core
            dumps.  Moreover, attackers might be able to exploit weaknesses in
            the operating system’s ptrace system call or /proc file system to
            learn the private key.  rexd therefore runs proxy through newaid,
            giving it the -U option.
 
        -g gid
        -G  By default newaid simply picks the first aid under which no agent
            is yet running.  The -g option explicitly specifies that gid should
            be added to the start of the process’s group list (and any previous
            reserved gid should be removed).  -G says to remove any reserved
            gid, so that the aid of the resulting process will just be the
            user’s uid.
 
        -C dir
            Changes directory to dir before running program.
        dirsearch(1), rex(1), sfsagent(1), sfskey(1), ssu(1), sfs_config(5),
        sfs_hosts(5), sfs_srp_params(5), sfs_users(5), sfsauthd_config(5),
        sfscd_config(5), sfsrosd_config(5), sfsrwsd_config(5), sfssd_config(5),
        sfs_environ(7), funmount(8), nfsmounter(8), sfsauthd(8), sfscd(8), sfs‐
        rosd(8), sfsrwcd(8), sfsrwsd(8), sfssd(8), vidb(8)
 
        The full documentation for SFS is maintained as a Texinfo manual.  If
        the info and SFS programs are properly installed at your site, the com‐
        mand info SFS should give you access to the complete manual.
 
        For updates, documentation, and software distribution, please see the
        SFS website at http://www.fs.net/.
 

AUTHOR

        sfsdev@redlab.lcs.mit.edu