Add new sudo configuration option

Add a new configuration option, sudo, which tells remctld and
remctl-shell to run the command as a different user using sudo.  The
path to the sudo binary is determined when remctld is compiled.
Normally, it's more convenient to use the existing user option, but it
relies on remctld running as root.  If running the daemon as a
non-root user, or when running remctl-shell as a non-root user, this
option may work better.

1 files changed, 16 insertions, 0 deletions

diff --git a/docs/remctld.pod b/docs/remctld.pod
index f10d245..5d7fcfa 100644
--- a/docs/remctld.pod
+++ b/docs/remctld.pod
@@ -289,6 +289,22 @@ to the command.  Be aware that even if the I<subcommand> is the designated
 argument to pass on standard input (C<stdin=1>), the I<subcommand> may not
 contain NUL characters.
 
+=item sudo=(I<username> | #I<uid>)
+
+[3.12] Run this command as the specified user using B<sudo>.  This is
+exactly equivalent to prepending C<sudo -u I<username> --> to the command
+before running it.  The path to B<sudo> is determined when B<remctld> is
+built.
+
+The I<user> option is simpler and easier if B<remctld> is running as root.
+However, it may be desirable in some configurations to run B<remctld> as a
+non-root user, and B<remctl-shell> (which shares the same configuration
+files) usually runs as a non-root user.  In those cases, this option can
+be used to use B<sudo> to switch users before running the command.
+
+Since the argument is passed verbatim to B<sudo>'s B<-u> option, you can
+specify a numeric UID by prepending it with C<#>.
+
 =item summary=I<arg>
 
 [3.2] Specifies the argument for this command that will print a usage