aboutsummaryrefslogtreecommitdiffstats
s6: the s6-svperms program

s6
Software
skarnet.org

The s6-svperms program

s6-svperms allows the user to see, or modify, for a given list of services: who can read their states, who can send them control commands, and who can subscribe to up/down events for those services.

Interface 

     s6-svperms [ -v ] [ -u | -g group | -G group | -o | -O group ] [ -e | -E group ] servicedirs...

Without options, or with only the -v option, s6-svperms prints 3 lines to stdout for every service directory listed in servicedirs. Every line contains the name of the service directory, then the following information:

  • status: - indicates who is allowed to read status information on the service, with commands such as s6-svstat or s6-svdt. The values can be owner, for only the owner of the service; group: name, for the owner and members of group name; or public, for all users.
  • control: - indicates who is allowed to send control commands to the service, with commands such as s6-svc. The values can be owner, for only the owner of the service; or group: name, for the owner and members of group name.
  • events: - indicates who is allowed to subscribed to events sent by s6-supervise for this service, with commands such as s6-svwait or s6-svlisten1. The values can be group: name, for the owner and members of group name, or public, for all users.

If something goes wrong while reading a part of the configuration of a service directory, s6-svperms does not print the corresponding line to stdout; instead, it prints a warning message to stderr.

When invoked with other options, s6-svperms modifies the permissions of the service directories listed in servicedirs... as specified by the options. The same permissions will be applied to all the services listed in servicedirs....

Options

  • -v : re-read the permissions after writing them, and print them to stdout.
  • -u : restrict the status: and control: permissions to owner: only the owner of a service directory will be able to read its state or control the service. This is the default when s6-supervise starts a service for the first time.
  • -g group : allow members of group group to read the status of the service, but not to control it - control will be restricted to the owner.
  • -G group : allow members of group group to read and control the service.
  • -o : allow everyone to read the status of the service, but restrict control: to the owner.
  • -O group : allow everyone to read the status, and allow members of group group to control the service.
  • -e : allow everyone to subscribe to events.
  • -E group : only allow members of group group to subscribe to events. This is the default when s6-supervise starts a service for the first time, with group being the primary group of the s6-supervise process (most likely root).

group is normally a group name that will be searched in the group database. But if it starts with a colon (:), the rest of group will be interpreted as a numerical gid, and the group database will not be read.

Exit codes

  • 0: success
  • 1: something went wrong when reading permissions in one of the service directories
  • 100: wrong usage
  • 111: system call failed

Notes

  • The default (restrictive) permissions are safe.
  • Unless operation of a service is restricted information, it is also safe to make status: more permissive.
  • Opening control: to a group can be useful for instance in a shared administration situation when individual administrators are not given full root powers.
  • Making events: public bears a small risk of a local DoS attack preventing more subscriptions to events, so it is not recommended for supervision trees where such subscriptions are critical to operations - such as a set of root services managed by s6-rc.
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-26 22:12:02 +0000