diff options
Diffstat (limited to 'specs/SIAddresses/localuser.md')
| -rw-r--r-- | specs/SIAddresses/localuser.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/specs/SIAddresses/localuser.md b/specs/SIAddresses/localuser.md new file mode 100644 index 0000000..d44d54a --- /dev/null +++ b/specs/SIAddresses/localuser.md @@ -0,0 +1,32 @@ +## Server-interpreted Authentication Types "localuser" and "localgroup" + +On systems which can determine in a secure fashion the credentials of a client +process, the "localuser" and "localgroup" authentication methods provide access +based on those credentials. The format of the values provided is platform +specific. For POSIX & UNIX platforms, if the value starts with the character +'#', the rest of the string shall be treated as a decimal uid or gid, otherwise +the string is defined as a user name or group name. + +Systems offering this MUST not simply trust a user supplied value (such as an +environment variable or IDENT protocol response). It is expected many systems +will only support this for clients running on the same host using a local IPC +transport. + +Examples: + +``` +xhost +SI:localuser:alanc +``` + +``` +xhost +SI:localuser:#1234 +``` + +``` +xhost +SI:localgroup:wheel +``` + +``` +xhost +SI:localgroup:#0 +``` + |