Provided by: hippotat-common_1.2.2_all bug

NAME
       hippotat-setup-permissions - set up permissions for (non-root) use of hippotat


SYNOPSYS
        hippotat-setup-permissions client
        hippotat-setup-permissions server
        hippotat-setup-permissions revoke


DESCRIPTION
       Sets up (or revokes) the permissions to allow hippotat and/or hippotatd to run.

       With "server" permissions needed for the server are granted to the "_hippotat" user (or other user set
       using "USER" in "/etc/default/hippotat".)

       With "client" permissions needed for the client are granted to the "_hippotat" group (or other group set
       using "GROUP" in "/etc/default/hippotat".)

       Required permissions are determined based on the hippotat configuration in "/etc/hippotat".  (The
       "hippotat" or "hippotatd" program is run in a special mode to query the configuration.)

       In every run, revokes permissions granted to the configured user and/or group by previous invocations of
       this script, but which are not any longer needed according to the configuration and command line.  So
       "revoke" revokes all permissions, and "client" and "server" each revoke the other.  (Only permissions
       granted in the specific files used by this script will be amended or revoked.)


FILES
       "/etc/userv/ipif-access/hippotat".
           Grants to the appropriate user or group the ability to make the virtual network interfaces, and route
           traffic to them.  Created on both clients and servers.

       "/etc/authbind/byuid/"uid
           Grants the server the ability to bind to the configured ports and addresses.  The uid is that for the
           "_hippotat" user, or "USER".  Created on servers.

       "/etc/userv/services.d/ipif"
           Enables the "ipif" userv service, which is itself controlled by "/etc/userv/ipif-access/" etc.

           Will be made a symlink to "/etc/userv/services-available/ipif".  Created on both clients and servers.
           Not removed during revocation, since other programs on the system may need it,

           Makes  the  symlink  in  .   (This is not undone by "revoke", since that might disturb other services
           which are relying on it.)

       "/etc/default/hippotat"
           Shell script fragment sourced by the init script and by hippotat-setup-permissions, and the hippotatd
           init script.  Can set "USER" and "GROUP" (and other variables that control the init script).

perl v5.40.1                                        Hippotat                       hippotat-setup-permissions(8)