.\" In .TH, FOO should be all caps, SECTION should be 1-8, maybe w/ subsection
.\" other parms are allowed: see man(7), man(1)
.\"
.\" This template provided by Tom Christiansen <tchrist@jhereg.perl.com>.
.\" 
.TH LCMAPS_POSIX_ENF 8 "March 22, 2011"
.SH NAME
lcmaps_posix_enf.mod \- LCMAPS plugin to switch user identity
.SH SYNOPSIS
.B lcmaps_posix_enf.mod
.RB [ \-maxuid  
.IR "number of uids" ]
.RB [ \-maxpgid
.IR "number of primary gids" ]
.RB [ \-maxsgid
.IR "number of secondary gids" ]
 
.SH DESCRIPTION

The Posix Enforcement plugin will enforce (apply) the gathered credentials
that are stacked in the datastructure of the Plugin Manager.
The plugin will get the credential information that is gathered by one or
more Acquisition plugins. This implies that at least one Acquisition should have been
run prior to this Enforcement.
All of the gathered information will be checked by looking into the 'passwd'
file of the system (FIXME: shouldn't that be 
.nh
.BR getpwent (2)?).
.hy
These files have information about all registered system
account and its user groups.
.PP
The Posix Enforcement plugin does not check whether the secondary groups have
the primary UID as a member, so it is possible to end up with more group memberships
than what is defined in the group database.
.PP
The (BSD/POSIX) functions 
.BR setreuid (2), 
.BR setregid (2)
and 
.BR setgroups (2)
are used to change the privileges of the process from root to that of a local user.

.SH OPTIONS
.TP
.BI "\-maxuid " "number of uids"
In principle, this will set the maximum number of allowed UIDs that
this plugin will handle, but at the moment only the first UID found
will be enforced; the others will discarded.  By setting the value to
a maximum there will be a failure raised when the amount of UIDs
exceed the set maximum. Without this value the plugin will continue
and will enforce only the first found value in the credential data
structure.
.TP
.BI "\-maxpgid " "number of primary gids"
This will set the maximum number of allowed Primary GIDs that
this plugin will handle, similar to
.BR \-maxuid . 
Also here only the first primary GID found will be
taken into account.
.TP
.BI "\-maxsgid " "number of secondary gids"
This will set the maximum allowed Secondary GIDs that this plugin will handle.
This number is limited by the system (NGROUPS) and is usually 32. If the plugin cannot
determine the system value, it limits itself to 32.
.PP 
The remaining options are considered dangerous, as they have the potential to
allow a client process to gain root privileges. 
.B The use of these options is strongly discouraged.
.TP
.BR \-set_only_euid " {" yes | no }
The result of setting this option to 'yes' is that only the effective uid is set.
In other words, it is still possible to regain root (uid) privileges for the process.
This is definitely undesirable if this module is used from a process like the gatekeeper,
since it would be possible for user jobs to get root privileges.
.TP
.BR \-set_only_egid " {" yes | no }
Analogue to the previous option the result of setting this option
to 'yes' is that only the effective (primary) gid is set.  In other
words, it is still possible to regain root (gid) privileges for the
process.  This is definitely undesirable if this module is used from a
process like the gatekeeper, since it would be possible for user jobs
to get root privileges. Possibly this option should be set if the
module is used by gridFTP, since this service does not spawn user jobs
and has to regain root pivileges at the end.

.SH "RETURN VALUES"
.TP
.B LCMAPS_MOD_SUCCESS
Success.
.TP 
.B LCMAPS_MOD_FAIL
Failure.

.SH BUGS
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
.SH "SEE ALSO"
.BR lcmaps.db (5), 
.BR lcmaps (3),
.BR getpwent (3),
.BR getgrent (3),
.BR setreuid (2), 
.BR setregid (2),
.BR setgroups (2).
.SH AUTHORS
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team 
<grid-mw-security@nikhef.nl>.