The s6-applyuidgid program
s6-applyuidgid executes a program with reduced privileges.
s6-applyuidgid [ -z ] [ -u uid ] [ -g gid ] [ -G gidlist ] [ -U ] prog...
- s6-applyuidgid sets its uid, gid and supplementary group list to the
values given, then executes into prog.
- -u uid : set the process' user ID to uid
- -g gid : set the process' group ID to gid
- -G gidlist : set the process' supplementary group list
to gidlist, which must be given as a comma-separated list of numeric GIDs,
- -U : set the process' user ID, group ID and supplementary group list
to the values of the UID, GID and GIDLIST environment variables. If a -u,
-g or -G option is given after -U, the command line
value overrides the environment variable.
- -z : unexport. The UID, GID and GIDLIST variables will be
removed from the process environment.
- s6-applyuidgid can only be run as root. Its main use is to drop root privileges before
starting a daemon.
- s6-applyuidgid is a more generic version of
s6-setuidgid. It is used as a command line
building block by some programs that rewrite their command line, such as