This repository has been archived by the owner on Sep 1, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
run.man
141 lines (141 loc) · 4.31 KB
/
run.man
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
.TH run 8
'''
.SH NAME
\fBrun\fR \- set process properties and exec specified command.
'''
.SH SYNOPSIS
\fBrun\fR [\fIoptions\fR] \fIcommand\fR \fIargs\fR ...
'''
.SH DESCRIPTION
\fBrun\fR allows configuring process attributes of a newly spawned
command. All requested changes are applied before \fIcommand\fR is
started.
.P
\fBrun\fR is intended for privileged users, as one of its main uses
is spawning commands with limited privileges. Some of the options
may work for regular users, but most will not.
.P
Another use for \fBrun\fR is searching $PATH and doing output redirects
without calling \fBsh\fR(1) or some other shell.
'''
.SH USAGE
The following options are accepted:
.IP "\fB-u\fR\fIuser\fR" 4
Set user, see \fBsetuid\fR(2).
.IP "\fB-g\fR\fIgroup\fR" 4
Set group, see \fBsetgid\fR(2). Multiple \fB-g\fR also set supplementary groups, see \fBsetgroups\fR(2)
.IP "\fB-X\fR\fIcgroup\fR" 4
Add process to specified cgroup.
.IP "\fB-C\fR\fIdir\fR" 4
Change working directory to \fIdir\fR.
.IP "\fB-l\fR\fIfile\fR" 4
Redirect stdout and stderr to \fIfile\fR.
.IP "\fB-o\fR\fIfile\fR" 4
Redirect stdout to \fIfile\fR.
.IP "\fB-e\fR\fIfile\fR" 4
Redirect stderr to \fIfile\fR.
.IP "\fB-n\fR" 4
Redirect stdout and stderr to /dev/null.
.IP "\fB-s\fR" 4
Start a new session by calling \fBsetsid\fR(2).
.IP "\fB-R\fR\fIdir\fR" 4
Change root directory to \fIdir\fR.
Arguments for \fB-C\fR, \fB-l\fR, \fB-o\fR, \fB-e\fR will be taken relative to the new root.
.IP "\fB-r\fIN\fR" 4
Change process priority (renice) to \fIN\fR, see \fBsetpriority\fR(2).
Note \fBrun\fR uses kernel scale 1..40, with default priority 20 and
highest priority 1.
.IP "\fB-m\fR\fImask\fR" 4
Set \fBumask\fR(2) for the spawned process.
.IP "\fB-y\fR" 4
Set stdout as the controlling TTY; see TIOCSCTTY in \fBtty_ioctl\fR(4).
.IP "\fB-c\fR" 4
Exec \fBsh -c \fIcommand args\fR instead of just \fIcommand args\fR.
.IP "\fB-S\fR[\fIflags\fR]" 4
Call \fBunshare\fR(2) to diassociate all of, or only selected parts
of the process execution context:
.PD 0
.RS
.TP
\fBd\fR file descriptors (CLONE_FILES)
.TP
\fBf\fR filesystem (CLONE_FS)
.TP
\fBi\fR System V IPC namespace (CLONE_NEWIPC)
.TP
\fBn\fR network namespace (CLONE_NEWNET)
.TP
\fBm\fR mount namespace (CLONE_NEWNS)
.TP
\fBu\fR UTS IPC namespace (CLONE_NEWUTS)
.TP
\fBv\fR System V semaphore undo values (CLONE_SYSVSEM)
.RE
.PD 1
.IP "\fB+\fIc\fIN\fR[\fB/\fIM\fR]" 4
Set process ulimits. \fIN\fR is soft limit, \fIM\fR is hard limit;
in case only one number is specified, equal hard and soft limits are set.
Possible limits with respective C constants (see \fBsetrlimits\fR(2)):
.PD 0
.RS
.TP
\fBa\fR size of the process's virtual memory (RLIMIT_AS)
.TP
\fBc\fR size of core files created (RLIMIT_CORE)
.TP
\fBd\fR size of a process's data segment (RLIMIT_DATA)
.TP
\fBe\fR scheduling priority (RLIMIT_NICE)
.TP
\fBf\fR size of files written (RLIMIT_FSIZE)
.TP
\fBi\fR number of pending signals (RLIMIT_SIGPENDING)
.TP
\fBl\fR size that may be locked into memory (RLIMIT_MEMLOCK)
.TP
\fBm\fR resident set size (RLIMIT_RSS)
.TP
\fBn\fR number of open files (RLIMIT_NOFILE)
.TP
\fBp\fR number of threads (RLIMIT_NPROC)
.TP
\fBq\fR number of bytes in POSIX message queues (RLIMIT_MSGQUEUE)
.TP
\fBr\fR real-time scheduling priority (RLIMIT_RTPRIO)
.TP
\fBs\fR stack size (RLIMIT_STACK)
.TP
\fBt\fR amount of cpu time in seconds (RLIMIT_CPU)
.TP
\fBx\fR number of file locks (RLIMIT_LOCKS)
.TP
\fBT\fR time in microseconds process with real-time
schedule policy may consume without making a blocking syscall (RLIMIT_RTTIME)
.RE
.PD 1
.P
'''
.SH FILES
.IP "\fB{/var/log}\fR" 4
Default output directory for \fB-o\fR, \fB-e\fR and \fB-l\fR.
.IP "\fB{/sys/fs/cgroup}\fR" 4
Default cgroup directory for \fB-C\fR.
'''
.SH ENVIRONMENT
PATH is used to find specified command. See \fBexecvp\fR(1).
'''
.SH NOTES
This page describes /sbin/run, a tool normally only available to the root user.
For gdb simulator front-end typically installed as /usr/bin/run,
see \fBrun\fR(1).
'''
.SH SEE ALSO
Similar utilities: \fBsu\fR(1), \fBsudo\fR(1), \fBrunuser\fR(1),
\fBulimit\fR in \fBbash\fR(1),
\fBnice\fR(1), \fBcgexec\fR(1), \fBsetsid\fR(1).
.P
Syscalls: \fBsetresuid\fR(2), \fBsetresgid\fR(2), \fBsetrlimit\fR(2),
\fBsetpriority\fR(2), \fBexecve\fR(2), \fBsetsid\fR(2), \fBunshare\fR(2).
.P
General concepts: \fBcredentials\fR(7), \fBnamespaces\fR(7),
documentation/cgroups/ from the kernel source tree.