# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-03-29 09:51+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "SETPRIV"
msgstr ""

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "2022-05-11"
msgstr ""

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "util-linux 2.38.1"
msgstr ""

#. type: TH
#: debian-bookworm
#, no-wrap
msgid "User Commands"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "NAME"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "setpriv - run a program with different Linux privilege settings"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "SYNOPSIS"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<setpriv> [options] I<program> [I<arguments>]"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "DESCRIPTION"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Sets or queries various Linux privilege settings that are inherited across "
"B<execve>(2)."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"In comparison to B<su>(1) and B<runuser>(1), B<setpriv> neither uses PAM, "
"nor does it prompt for a password. It is a simple, non-set-user-ID wrapper "
"around B<execve>(2), and can be used to drop privileges in the same way as "
"B<setuidgid>(8) from B<daemontools>, B<chpst>(8) from B<runit>, or similar "
"tools shipped by other service managers."
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "OPTIONS"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--clear-groups>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "Clear supplementary groups."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<-d>, B<--dump>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Dump the current privilege state. This option can be specified more than "
"once to show extra, mostly useless, information. Incompatible with all other "
"options."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--groups> I<group>..."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set supplementary groups. The argument is a comma-separated list of GIDs or "
"names."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"B<--inh-caps> (B<+>|B<->)I<cap>..., B<--ambient-caps> (B<+>|B<->)I<cap>..., "
"B<--bounding-set> (B<+>|B<->)I<cap>..."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set the inheritable capabilities, ambient capabilities or the capability "
"bounding set. See B<capabilities>(7). The argument is a comma-separated list "
"of B<+>I<cap> and B<->I<cap> entries, which add or remove an entry "
"respectively. I<cap> can either be a human-readable name as seen in "
"B<capabilities>(7) without the I<cap_> prefix or of the format B<cap_N>, "
"where I<N> is the internal capability index used by Linux. B<+all> and B<-"
"all> can be used to add or remove all caps."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"The set of capabilities starts out as the current inheritable set for B<--"
"inh-caps>, the current ambient set for B<--ambient-caps> and the current "
"bounding set for B<--bounding-set>."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Note the following restrictions (detailed in B<capabilities>(7)) regarding "
"modifications to these capability sets:"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"A capability can be added to the inheritable set only if it is currently "
"present in the bounding set."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"A capability can be added to the ambient set only if it is currently present "
"in both the permitted and inheritable sets."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Notwithstanding the syntax offered by B<setpriv>, the kernel does not permit "
"capabilities to be added to the bounding set."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"If you drop a capability from the bounding set without also dropping it from "
"the inheritable set, you are likely to become confused. Do not do that."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--keep-groups>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Preserve supplementary groups. Only useful in conjunction with B<--rgid>, "
"B<--egid>, or B<--regid>."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--init-groups>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Initialize supplementary groups using initgroups3. Only useful in "
"conjunction with B<--ruid> or B<--reuid>."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--list-caps>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "List all known capabilities. This option must be specified alone."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--no-new-privs>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set the I<no_new_privs> bit. With this bit set, B<execve>(2) will not grant "
"new privileges. For example, the set-user-ID and set-group-ID bits as well "
"as file capabilities will be disabled. (Executing binaries with these bits "
"set will still work, but they will not gain privileges. Certain LSMs, "
"especially AppArmor, may result in failures to execute certain programs.) "
"This bit is inherited by child processes and cannot be unset. See "
"B<prctl>(2) and I<Documentation/prctl/no_new_privs.txt> in the Linux kernel "
"source."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "The I<no_new_privs> bit is supported since Linux 3.5."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--rgid> I<gid>, B<--egid> I<gid>, B<--regid> I<gid>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set the real, effective, or both GIDs. The I<gid> argument can be given as a "
"textual group name."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"For safety, you must specify one of B<--clear-groups>, B<--groups>, B<--keep-"
"groups>, or B<--init-groups> if you set any primary I<gid>."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--ruid> I<uid>, B<--euid> I<uid>, B<--reuid> I<uid>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set the real, effective, or both UIDs. The I<uid> argument can be given as a "
"textual login name."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Setting a I<uid> or I<gid> does not change capabilities, although the exec "
"call at the end might change capabilities. This means that, if you are root, "
"you probably want to do something like:"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<setpriv --reuid=1000 --regid=1000 --inh-caps=-all>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--securebits> (B<+>|B<->)I<securebit>..."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Set or clear securebits. The argument is a comma-separated list. The valid "
"securebits are I<noroot>, I<noroot_locked>, I<no_setuid_fixup>, "
"I<no_setuid_fixup_locked>, and I<keep_caps_locked>. I<keep_caps> is cleared "
"by B<execve>(2) and is therefore not allowed."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--pdeathsig keep>|B<clear>|B<E<lt>signalE<gt>>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Keep, clear or set the parent death signal. Some LSMs, most notably SELinux "
"and AppArmor, clear the signal when the process\\(aq credentials change. "
"Using B<--pdeathsig keep> will restore the parent death signal after "
"changing credentials to remedy that situation."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--selinux-label> I<label>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Request a particular SELinux transition (using a transition on exec, not "
"dyntrans). This will fail and cause B<setpriv> to abort if SELinux is not in "
"use, and the transition may be ignored or cause B<execve>(2) to fail at "
"SELinux\\(cqs whim. (In particular, this is unlikely to work in conjunction "
"with I<no_new_privs>.) This is similar to B<runcon>(1)."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--apparmor-profile> I<profile>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Request a particular AppArmor profile (using a transition on exec). This "
"will fail and cause B<setpriv> to abort if AppArmor is not in use, and the "
"transition may be ignored or cause B<execve>(2) to fail at AppArmor\\(cqs "
"whim."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<--reset-env>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Clears all the environment variables except B<TERM>; initializes the "
"environment variables B<HOME>, B<SHELL>, B<USER>, B<LOGNAME> according to "
"the user\\(cqs passwd entry; sets B<PATH> to I</usr/local/bin:/bin:/usr/bin> "
"for a regular user and to I</usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/"
"sbin:/usr/bin> for root."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"The environment variable B<PATH> may be different on systems where I</bin> "
"and I</sbin> are merged into I</usr>. The environment variable B<SHELL> "
"defaults to B</bin/sh> if none is given in the user\\(cqs passwd entry."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<-h>, B<--help>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "Display help text and exit."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<-V>, B<--version>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "Print version and exit."
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "NOTES"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"If applying any specified option fails, I<program> will not be run and "
"B<setpriv> will return with exit status 127."
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"Be careful with this tool \\(em it may have unexpected security "
"consequences. For example, setting I<no_new_privs> and then execing a "
"program that is SELinux-confined (as this tool would do) may prevent the "
"SELinux restrictions from taking effect."
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "EXAMPLES"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"If you\\(cqre looking for behavior similar to B<su>(1)/B<runuser>(1), or "
"B<sudo>(8) (without the B<-g> option), try something like:"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<setpriv --reuid=1000 --regid=1000 --init-groups>"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "If you want to mimic daemontools\\(aq B<setuid>(8), try:"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<setpriv --reuid=1000 --regid=1000 --clear-groups>"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "AUTHORS"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "SEE ALSO"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "B<runuser>(1), B<su>(1), B<prctl>(2), B<capabilities>(7)"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "REPORTING BUGS"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid "For bug reports, use the issue tracker at"
msgstr ""

#. type: SH
#: debian-bookworm
#, no-wrap
msgid "AVAILABILITY"
msgstr ""

#. type: Plain text
#: debian-bookworm
msgid ""
"The B<setpriv> command is part of the util-linux package which can be "
"downloaded from"
msgstr ""