Since the version 9.4.0, DeleGate has "implanted parameters" in its
executable file. Those parameters can be used to control authentication
and capability control, that is,
who may execute the executable and which functions or protocols may be used.
The executable file can be set with so called "set user-id on execution"
flag which is used to run under the super-user's privilege independent of
who invoked it. DeleGate may require such privilege in some cases,
including when it uses privileged port or doing PAM authentication.
This flag obsoletes external programs under
"subin" which have been
necessary to be installed supplementally.
The size of area for implants is 10K bytes by default.
Arbitrary configuration parameters can be holded in it.
It can be dangerous to turn the "set user-id on execution" flag for a
versatile program like DeleGate especially when the executable file is
marked to be "executable by anybody".
Therefore an executable file of DeleGate with the flag is restricted to
be executable only when the user is explicitly permitted the execution,
that is when the user is in the list of permitted users and/or
when the user knows the password to execute it.
Show the help and the current implants.
% delegated -Fimp
Implant the default ADMIN parameter.
% delegated -Fimp ADMINemail@example.com
Make the executable file be executable only by user2 and user3.
% delegated -Fimp -U user2,user3
Restrict so that only HTTP and FTP are capable.
% delegated -Fimp -C http,ftp
Encrypt the implants.
% delegated -Fimp -k
Set the set-uid-on-exec flag.
% su root -c "delegated -Fimp -m"
Implant all of parameters and invoke without parameters.