# Copyright © 2002  Networks Associates Technology, Inc.
# All rights reserved.
#
# Sample configuration file.  Shows the options

bind {
	80			# app can bind to port 80,
	443			# and port 443
}

open_ro {			# app can read these files
	/path/to/file1
	/path/to/file2
	/path/to/dir/*
}

open_rw { }			# app can write these files

open_a  { }			# app can append to these files

unlink  { }			# app can unlink these files

runas {				# app can invoke priv_execve or priv_rerunas
	joe			# as user "joe".  Use "*" as a wild card.
}				# Root needs to be listed explicitly and will
				# not match "*"

auth 1				# app can use pam authentication.

allow_rerun 1			# app can use priv_rerun_as and priv_respawn_as
				# the basis of all the "_as" methods.

fork 1				# app can use priv_fork, which allows
				# the child to continue talking to the
				# privman server

unpriv_user nobody		# the default unprivileged user the program
				# runs as after priv_init.
				# defaults to "nobody"

chroot /path/to/jail		# the chroot jail the program runs in after
				# priv_init.  Defaults to "/"