coat - apply multiple jackets to an escalation
coat [-P pid] [-C config] [-f file] [-g group] [-R root] [-u user]
mnemonic program euid:egid cred_type:cred
This jacket allows multiple jackets (or helmets) to be applied to a
single escalation. It does this by creating a synthetic environment
for each jacket that makes it look like it is talking directly to
op(1). It creates shim processes to exit with the correct status under
each jacket process. It passes the external commands issued from each
jacket to op and acts on each environment assignment and reveal logic
as best it can. This is not a perfect emulation, but it works in all
The program may be specified as a jacket or helmet. The jacket case is
much more common.
It is uncommon, but not unknown, to use this to weld together multiple
stamp instances to authorize a critical escalation.
This program takes all the op provided options, but actually doesn't
look at any of them (other than -P). It does pass them on to each
jacket instance it creates: each of these may check the options. In
the jacket case it also updates the -P option for each new instance.
Like any jacket, most of the configuration is passed from op via the
Usually the first jacket in the colon (:) separated list is an
absolute path, any other jackets are taken from the same direc-
tory as the last full path. If the name of the program is given
as an absolute path, then that directory is the default. Each
jacket is layered, and must complete its external input stream
on stdout, before the next is applied.
The standard reveal logic, see op-jacket(7). This would allow
one level of coat] to enable another, that might be poor form,
as it shouldn't ever really be required.
These are not deleted the environment: $IFS, $CDPATH, $ENV, $BASH_ENV,
or $PATH so don't allow unsafe values through the environment.
These are example from the command-line:
Output only the version of the program, then exit.
Output only a summary of the environment expected.
All of these are snips from the op access.cf file. Note that you must
allow any referenced environment variables into the escalated
environment, and it is a really good idea to include a $PATH. (And to
filter the list above well.)
$WROPE_TO=/var/tmp/prxyXXXXXX/wr0.XXXXXX $TERM $TERMCAP $PERP=$l
This is a common spell to run this jacket. Proxy the current
wrapper environment as well as the ssh-agent socket to the esca-
lated command. See wrope(7) and proxy-agent(7).
It is also likely that his is cut from a sentinel configuration.
It selects 2 helmets from the tiger application's arsenal of
freedom. This forces the escalation to "and" the results of the
two checks. There is no "or" jacket in the standard distribu-
tion. One could be coded from the source to coat.
environment=^.*_link$,^.*_d$,^.*_[0-9][0-9]*$ $TERM $TERMCAP $PERP=$l
This example shows how to spawn an instance of coat from itself.
We reveal the second level of configuration (the call to wrope)
after the first instance reads the environment, and before the
configured jackets are started. While it is nice to know one
could do that, I doubt there is a case that really requires
Signal status returns are not passed cleanly by most jackets. The sig-
nal number is converted to an exit, which is not really cool.
K S Braunsdorf, from the Non-Player Character Guild
op at-not-a-spammer ksb dot npcguild.org.nopinks
op(1l), op-jacket(7l), proxy-agent(7l), wrope(7), stamp(7), exit(3)