08ae5775ea
This makes the behavior of the two APIs more consistent. suexec is still allowed for the magical "Gerrit Code Review" PeerDaemonUser, but is now also permitted if the Run As capability has been granted. Change-Id: I9acd6467d9e02084519b30e0c4a3d08065e74484
70 lines
1.5 KiB
Plaintext
70 lines
1.5 KiB
Plaintext
suexec
|
|
======
|
|
|
|
NAME
|
|
----
|
|
suexec - Execute a command as any registered user account
|
|
|
|
SYNOPSIS
|
|
--------
|
|
[verse]
|
|
'ssh' -p <port>
|
|
-i SITE_PATH/etc/ssh_host_rsa_key
|
|
'"Gerrit Code Review@localhost"'
|
|
'suexec'
|
|
--as <EMAIL>
|
|
[--from HOST:PORT]
|
|
[--]
|
|
[COMMAND]
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
The suexec command permits executing any other command as any other
|
|
registered user account.
|
|
|
|
suexec can only be invoked by the magic user `Gerrit Code Review`,
|
|
or any user granted granted the link:access-control.html#capability_runAs[Run As]
|
|
capability. The run as capability is permitted to be used only if
|
|
link:config-gerrit.html[auth.enableRunAs] is true.
|
|
|
|
OPTIONS
|
|
-------
|
|
|
|
--as::
|
|
Email address of the user you want to impersonate.
|
|
|
|
--from::
|
|
Hostname and port of the machine you want to impersonate
|
|
the command coming from.
|
|
|
|
COMMAND::
|
|
Gerrit command you want to run.
|
|
|
|
ACCESS
|
|
------
|
|
Caller must be the magic user Gerrit Code Review using the SSH
|
|
daemon's host key, or a key on this daemon's peer host key ring,
|
|
or a user granted the Run As capability.
|
|
|
|
SCRIPTING
|
|
---------
|
|
This command is intended to be used in scripts.
|
|
|
|
EXAMPLES
|
|
--------
|
|
|
|
Approve the change with commit c0ff33 as "Verified +1" as user bob@example.com
|
|
=====
|
|
$ sudo -u gerrit ssh -p 29418 \
|
|
-i site_path/etc/ssh_host_rsa_key \
|
|
"Gerrit Code Review@localhost" \
|
|
suexec \
|
|
--as bob@example.com \
|
|
-- \
|
|
gerrit approve --verified +1 c0ff33
|
|
=====
|
|
|
|
GERRIT
|
|
------
|
|
Part of link:index.html[Gerrit Code Review]
|