ENVAUTH(7)                                                          ENVAUTH(7)



NAME
       envauth - check environment variables for regular expression matches

SYNOPSIS
       envauth  [-P  pid] [-C config] [-f file] [-g group] [-R root] [-u user]
       mnemonic program euid:egid cred_type:cred
       envauth -h|-H
       envauth -V

DESCRIPTION
       This jacket provides checks that are similar  to  the  internal  checks
       that  op  provides for environment variables -- but it can see environ-
       ment variable that other helmets or jackets  may  have  placed  in  the
       escalated environment.

       The program may be specified as a jacket or helmet.  The helmet case is
       much more common.

OPTIONS
       This program takes all the op provided options,  but  actually  doesn't
       look at any of them (other than -P).

ENVIRONMENT
       Like  any  jacket,  most of the configuration is passed from op via the
       environment.

       $ENVAUTH_VAR_name=regexp
              The environment variable name must exists  and  must  match  the
              regular expression regexp.

       $ENVAUTH_NOT_name=regexp
              The environment variable name must exists and must not match the
              regular expression regexp.

       $ENVAUTH_WARN=message
              Any requested failure message, rather than the default  "Sorry".

       $ENVAUTH_REVEAL=prefix
              The standard reveal logic.

EXAMPLES
       These are example from the command-line:

       /usr/local/libexec/jacket/envauth -V
              Output only the version of the program, then exit.

       /usr/local/libexec/jacket/envauth -H
              Output only a summary of the environment expected.

       All  of these are snips from the op access.cf file.  Note that you must
       allow any referenced environment variables into the escalated  environ-
       ment,  and it is a really good idea to include a $PATH.  (And to filter
       the list above well.)
       helmet=/usr/local/libexec/jacket/envauth
       $ENVAUTH_NOT_NAME=[$$'"<>=;&|#~]
              Forbid some shell meta character from $NAME.

       helmet=/usr/local/libexec/jacket/envauth
       $ENVAUTH_REVEAL=MasK
              Just use the reveal logic in envauth

BUGS
       This program is only really useful when used  under  coat,  because  op
       already  checks  the environment very well.  It might be useful after a
       stamp too.

AUTHOR
       K S Braunsdorf, from the Non-Player Character Guild
       op at-not-a-spammer ksb dot npcguild.org.nopinks

SEE ALSO
       op(1l), coat(7l), stamp(7l), op-jacket(7l), exit(3)



                                     LOCAL                          ENVAUTH(7)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ENVIRONMENT | EXAMPLES | BUGS | AUTHOR | SEE ALSO