NAME

       plainbox-trusted-launcher-1 - execute job command as another user

SYNOPSIS

       usage: plainbox-trusted-launcher-1 [-h] (-w | -t CHECKSUM)
              [-T NAME=VALUE [NAME=VALUE ...]]  [-g CHECKSUM] [-G NAME=VALUE [NAME=VALUE ...]]

DESCRIPTION

       This  command  is  a part of the implementation of plainbox(1). It is not intended to be invoked directly
       and the command line arguments and behavior may freely change between versions.

       Technically this program is used to run a command associated  with  a  job  definition  as  another  user
       (typically  as  root).  The  existing  technologies  such  as  sudo(8)  and  pkexec(1)  don't have enough
       granularity to still restrict arbitrary commands but allow  the  commands  that  are  inside  system-wide
       installed  locations  (thus  safe  as  one  needs  root  access to install those in the first place). One
       additional restriction is that some commands are themselves generated by other jobs.

EXECUTION

   Warm-up Mode
       If the --warmup option is specified then nothing more happens and the program exists immediately. This is
       intended to 'warm-up' the tool that executes  plainbox-trusted-launcher-1  itself  (typically  pkexec  or
       sudo)

   Normal Execution
       In  normal  execution  mode,  the  launcher  looks up the job with the checksum specified by --target and
       executes the command embedded inside. Environment passed via  --target-environment  is  appended  to  the
       environment variables inherited from the parent process.

       Standard  output,  standard  error  and exit code of plainbox-trusted-launcher-1 is exactly as the values
       from the commands embedded into the selected job itself.

   Indirect Execution
       In indirect execution mode, the  launcher  first  looks  up  the  job  with  the  checksum  specified  by
       --generator,  executes  it,  discarding  stderr  and  re-interpreting stdout as a set of job definitions.
       Environment passed via the --generator-environment is appended  (but  just  to  the  generator  job,  the
       --target  job has independent environment). All of the additional job definitions are added to the global
       pool of jobs the launcher knows about.

       After that the launcher continues as with normal execution, returning the same stdout,  stderr  and  exit
       code.

OPTIONS

   Optional Arguments
          -h, --help
                 show this help message and exit

          -w, --warmup
                 return immediately, only useful when used with pkexec(1)

   Target job specification
          -t CHECKSUM, --target CHECKSUM
                 run a job with this checksum

          -T NAME=VALUE [NAME=VALUE ...], --target-environment NAME=VALUE [NAME=VALUE ...]
                 environment passed to the target job

   Generator job specification
          -g CHECKSUM, --generator CHECKSUM
                 also run a job with this checksum (assuming it is a local job)

          -G NAME=VALUE [NAME=VALUE ...], --generator-environment NAME=VALUE [NAME=VALUE ...]
                 environment passed to the generator job

ENVIRONMENT VARIABLES

       The following environment variables DO NOT affect plainbox-trusted-launcher-1

       PROVIDERPATH
              For  plainbox(1)  this  would  affect  the  set  of  directories where plainbox looks for provider
              definitions. The trusted launcher has a fixed list of directories that cannot be extended.

              The fixed list is composed of two system-wide locations:

              • /usr/local/share/plainbox-providers-1

              • /usr/share/plainbox-providers-1

       All the other environment variables mentioned in plainbox(1) work the same way.

AUTHOR

       Zygmunt Krynicki

COPYRIGHT

       2012-2014 Canonical Ltd

0.5                                              April 09, 2014                   PLAINBOX-TRUSTED-LAUNCHER-1(1)