diff options
| author | nicm <nicm> | 2022-05-30 12:48:57 +0000 |
|---|---|---|
| committer | nicm <nicm> | 2022-05-30 12:48:57 +0000 |
| commit | cd692b5a68be0eb95252380db97fbbec587d6350 (patch) | |
| tree | 6135b8c3512fc0d882e990907cc98f88d63716a4 /tmux.1 | |
| parent | d4423dca19d6d5cbaa97336a744ec760841c3816 (diff) | |
Add an ACL list for users connecting to the tmux socket. Users may be
forbidden from attaching, forced to attach read-only, or allowed to
attach read-write. A new command, server-access, configures the list.
tmux gets the user using getpeereid(3) of the client socket. Users must
still configure file system permissions manually. From Dallas Lyons and
others.
Diffstat (limited to 'tmux.1')
| -rw-r--r-- | tmux.1 | 40 |
1 files changed, 39 insertions, 1 deletions
@@ -1485,6 +1485,44 @@ option. .D1 Pq alias: Ic rename Rename the session to .Ar new-name . +.It Xo Ic server-access +.Op Fl adlrw +.Op Ar user +.Xc +Change the access or read/write permission of +.Ar user . +The user running the +.Nm +server (its owner) and the root user cannot be changed and are always +permitted access. +.Pp +.Fl a +and +.Fl d +are used to give or revoke access for the specified user. +If the user is already attached, the +.Fl d +flag causes their clients to be detached. +.Pp +.Fl r +and +.Fl w +change the permissions for +.Ar user : +.Fl r +makes their clients read-only and +.Fl w +writable. +.Fl l +lists current access permissions. +.Pp +By default, the access list is empty and +.Nm +creates sockets with file system permissions preventing access by any user +other than the owner (and root). +These permissions must be changed manually. +Great care should be taken not to allow access to untrusted users even +read-only. .Tg showmsgs .It Xo Ic show-messages .Op Fl JT @@ -5069,7 +5107,7 @@ The following variables are available, where appropriate: .It Li "client_name" Ta "" Ta "Name of client" .It Li "client_pid" Ta "" Ta "PID of client process" .It Li "client_prefix" Ta "" Ta "1 if prefix key has been pressed" -.It Li "client_readonly" Ta "" Ta "1 if client is readonly" +.It Li "client_readonly" Ta "" Ta "1 if client is read-only" .It Li "client_session" Ta "" Ta "Name of the client's session" .It Li "client_termfeatures" Ta "" Ta "Terminal features of client, if any" .It Li "client_termname" Ta "" Ta "Terminal name of client" |