Provided by: hippotat-common_1.1.7_all bug

NAME

       hippotat-setup-permissions - set up permissions for (non-root) use of hippotat

SYNOPSYS

        hippotat-setup-permissions client
        hippotat-setup-permissions server
        hippotat-setup-permissions revoke

DESCRIPTION

       Sets up (or revokes) the permissions to allow hippotat and/or hippotatd to run.

       With "server" permissions needed for the server are granted to the "_hippotat" user (or
       other user set using "USER" in "/etc/default/hippotat".)

       With "client" permissions needed for the client are granted to the "_hippotat" group (or
       other group set using "GROUP" in "/etc/default/hippotat".)

       Required permissions are determined based on the hippotat configuration in
       "/etc/hippotat".  (The "hippotat" or "hippotatd" program is run in a special mode to query
       the configuration.)

       In every run, revokes permissions granted to the configured user and/or group by previous
       invocations of this script, but which are not any longer needed according to the
       configuration and command line.  So "revoke" revokes all permissions, and "client" and
       "server" each revoke the other.  (Only permissions granted in the specific files used by
       this script will be amended or revoked.)

FILES

       "/etc/userv/ipif-access/hippotat".
           Grants to the appropriate user or group the ability to make the virtual network
           interfaces, and route traffic to them.  Created on both clients and servers.

       "/etc/authbind/byuid/"uid
           Grants the server the ability to bind to the configured ports and addresses.  The uid
           is that for the "_hippotat" user, or "USER".  Created on servers.

       "/etc/userv/services.d/ipif"
           Enables the "ipif" userv service, which is itself controlled by
           "/etc/userv/ipif-access/" etc.

           Will be made a symlink to "/etc/userv/services-available/ipif".  Created on both
           clients and servers.  Not removed during revocation, since other programs on the
           system may need it,

           Makes the symlink in .  (This is not undone by "revoke", since that might disturb
           other services which are relying on it.)

       "/etc/default/hippotat"
           Shell script fragment sourced by the init script and by hippotat-setup-permissions,
           and the hippotatd init script.  Can set "USER" and "GROUP" (and other variables that
           control the init script).