Suid wrapper for ikisite
ikisite-wrapper subcommand options
ikisite-wrapper is a wrapper around ikisite. It is designed to be safely made suid root, though it is not currently suid by default.
A few ikisite subcommands can be run using the wrapper without any authorisation at all. These include: create, branch, list, sitelookup, checklock, updatecustomersite, and enabledns. So making the wrapper suid allows any user to create a site.
Other ikisite subcommands can only be run using the wrapper by users who specify a nonce in the IKISITE_NONCE environment variable. These include: delete, changesetup, domains, and deletenonce.
A site's current nonces are stored in its .ikisite-nonce file. A nonce can be generated by root or the site's user via using the createnonce subcommand, but it's usually generated by passing --createnonce to the create or branch subcommands. This allows anyone to create or branch a site and then use the nonce to allow further configuration of it (and delete it if something goes wrong).
Subcommands that can be called by the wrapper either without or with a nonce should be sure to fully validate their inputs.
Joey Hess <[email protected]>