9srv Manual Collection/plan9/cap(3) | 9srv Manual Collection/plan9/cap(3) |
---|
A capability is a null terminated string consisting of the concatenation of
an old user name, an ``@'', a new user name, an ``@'', and a string of randomly
generated characters called the key.
The trusted process enables the kernel to authenticate
capabilities passed to it by writing to
caphash
a secure hash of the capability.
The hash is 20 bytes long and generated by the following call:
The trusted process may then pass the capability to any process running as the old user. That process may then use the capability to change identity to the new user. A process uses a capability by writing it to capuse. The kernel computes the same hash using the supplied capability and searches its list of hashes for a match. If one is found, the kernel sets the process's user id to that in the capability.
9srv Manual Collection/plan9/cap(3) | Rev: Sun Dec 02 23:42:21 GMT 2007 |