COAT(7)                                                                COAT(7)

       coat - apply multiple jackets to an escalation

       coat  [-P  pid]  [-C  config]  [-f file] [-g group] [-R root] [-u user]
       mnemonic program euid:egid cred_type:cred
       coat -h|-H
       coat -V

       This jacket allows multiple jackets (or helmets) to  be  applied  to  a
       single  escalation.   It  does this by creating a synthetic environment
       for each jacket that makes it look  like  it  is  talking  directly  to
       op(1).  It creates shim processes to exit with the correct status under
       each jacket process.  It passes the external commands issued from  each
       jacket  to  op and acts on each environment assignment and reveal logic
       as best it can.  This is not a perfect emulation, but it works  in  all
       real-world cases.

       The program may be specified as a jacket or helmet.  The jacket case is
       much more common.

       It is uncommon, but not unknown, to use this to weld together  multiple
       stamp instances to authorize a critical escalation.

       This  program  takes  all the op provided options, but actually doesn't
       look at any of them (other than -P).  It does  pass  them  on  to  each
       jacket  instance  it  creates: each of these may check the options.  In
       the jacket case it also updates the -P option for each new instance.

       Like any jacket, most of the configuration is passed from  op  via  the

              Usually  the  first jacket in the colon (:) separated list is an
              absolute path, any other jackets are taken from the same  direc-
              tory as the last full path.  If the name of the program is given
              as an absolute path, then that directory is the  default.   Each
              jacket  is  layered, and must complete its external input stream
              on stdout, before the next is applied.

              The standard reveal logic, see op-jacket(7).  This  would  allow
              one  level  of coat] to enable another, that might be poor form,
              as it shouldn't ever really be required.

       These are not deleted the environment: $IFS, $CDPATH, $ENV,  $BASH_ENV,
       or $PATH so don't allow unsafe values through the environment.

       These are example from the command-line:

       /usr/local/libexec/jacket/coat -V
              Output only the version of the program, then exit.

       /usr/local/libexec/jacket/coat -H
              Output only a summary of the environment expected.

       All  of these are snips from the op file.  Note that you must
       allow  any  referenced  environment  variables   into   the   escalated
       environment,  and it is a really good idea to include a $PATH.  (And to
       filter the list above well.)
       $WROPE_TO=/var/tmp/prxyXXXXXX/wr0.XXXXXX $TERM $TERMCAP $PERP=$l
              This is a common spell to run this jacket.   Proxy  the  current
              wrapper environment as well as the ssh-agent socket to the esca-
              lated command.  See wrope(7) and proxy-agent(7).

              It is also likely that his is cut from a sentinel configuration.
              It  selects  2  helmets  from the tiger application's arsenal of
              freedom.  This forces the escalation to "and" the results of the
              two  checks.   There is no "or" jacket in the standard distribu-
              tion.  One could be coded from the source to coat.

       $COAT=proxy-agent:coat $L2Z_COAT=wrope
       environment=^.*_link$,^.*_d$,^.*_[0-9][0-9]*$ $TERM $TERMCAP $PERP=$l
              This example shows how to spawn an instance of coat from itself.
              We  reveal the second level of configuration (the call to wrope)
              after the first instance reads the environment, and  before  the
              configured  jackets  are  started.  While it is nice to know one
              could do that, I doubt there is  a  case  that  really  requires
              nested coat's.

       Signal status returns are not passed cleanly by most jackets.  The sig-
       nal number is converted to an exit, which is not really cool.

       K S Braunsdorf, from the Non-Player Character Guild
       op at-not-a-spammer ksb dot

       op(1l), op-jacket(7l), proxy-agent(7l), wrope(7), stamp(7), exit(3)

                                     LOCAL                             COAT(7)