doc/ko/lxc-usernsexec.sgml.in

2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoolxc: linux Container library
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo(C) Copyright IBM Corp. 2007, 2008
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooAuthors:
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooDaniel Lezcano <daniel.lezcano at free.fr>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooSerge Hallyn <serge.hallyn at ubuntu.com>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooThis library is free software; you can redistribute it and/or
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoomodify it under the terms of the GNU Lesser General Public
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooLicense as published by the Free Software Foundation; either
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yooversion 2.1 of the License, or (at your option) any later version.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooThis library is distributed in the hope that it will be useful,
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoobut WITHOUT ANY WARRANTY; without even the implied warranty of
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooLesser General Public License for more details.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooYou should have received a copy of the GNU Lesser General Public
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooLicense along with this library; if not, write to the Free Software
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooFoundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooTranslated into Korean
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yooby Sungbae Yoo <sungbae.yoo at samsung.com>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo-->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<!DOCTYPE refentry PUBLIC @docdtd@ [
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo]>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<refentry>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refmeta>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <refentrytitle>lxc-usernsexec</refentrytitle>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <manvolnum>1</manvolnum>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refmeta>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refnamediv>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <refname>lxc-usernsexec</refname>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <refpurpose>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      Run a task as root in a new user namespace.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      새로운 사용자 네임스페이스에서 root로 태스크를 실행
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </refpurpose>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refnamediv>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refsynopsisdiv>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <cmdsynopsis>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <command>lxc-usernsexec</command>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <arg choice="opt">-m <replaceable>uid-map</replaceable></arg>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <arg choice="req">-- command</arg>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </cmdsynopsis>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refsynopsisdiv>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <title><!-- Description -->설명</title>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <command>lxc-usernsexec</command> can be used to run a task as root
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      in a new user namespace.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <command>lxc-usernsexec</command>는 새로운 사용자 네임스페이스에서 루트로 태스크를 실행한다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <title><!-- Options -->옵션</title>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <variablelist>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <varlistentry>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <term>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <option>-m <replaceable>uid-map</replaceable></option>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </term>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <listitem>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      The uid map to use in the user namespace.  Each map consists of
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      four colon-separate values.  First a character 'u', 'g' or 'b' to
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      specify whether this map perttains to user ids, group ids, or
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      both; next the first userid in the user namespace;  next the
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      first userid as seen on the host;  and finally the number of
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      ids to be mapped.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo             -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            사용자 네임스페이스에서 사용될 uid 맵. 각각의 맵은 4개의 콜론(:)으로 구분된 값들로 구성되어 있다. 첫 번째는 'u', 'g', 'b' 문자로 각각 UID, GID, 또는 UID 및 GID 를 가리킨다. 그 다음은 사용자 네임스페이스 내에서의 UID, 그다음은 호스트의 UID, 그리고 마지막으로 매핑할 ID의 수를 지정한다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      More than one map can be specified.  If no map is
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      specified, then by default the full uid and gid ranges granted
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      by /etc/subuid and /etc/subgid will be mapped to the
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      uids and gids starting at 0 in the container.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo              -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            맵은 1개 이상도 지정가능하다. 만약 맵이 지정되지 않았다면, 기본값은 /etc/subuid와 /etc/subgid에서 허용된 모든 범위의 uid, gid가 컨테이너 내에서 0번부터 매핑된다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      Note that <replaceable>lxc-usernsexec</replaceable> always tries
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      to setuid and setgid to 0 in the namespace.  Therefore uid 0 in
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      the namespace must be mapped.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo              -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo            <replaceable>lxc-usernsexec</replaceable>는 언제나 0번 setuid와 setgid를 시도한 다는 것에 주의해야 한다. 그러므로 네임스페이스 내에서 uid 0은 매핑이 되어있어야 한다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </listitem>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </varlistentry>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    </variablelist>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <title><!-- Examples -->예제</title>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        To spawn a shell with the full allotted subuids mapped into
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    the container, use
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    To run a different shell than <replaceable>/bin/sh</replaceable>, use
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec &#045;&#045; /bin/bash
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        할당된 모든 subuid를 컨테이너에 매핑해서 쉘을 실행하려면,
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        를 사용하면 된다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <replaceable>/bin/sh</replaceable>대신 다른 쉘을 실행하려면,
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec -- /bin/bash
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        를 사용하면 된다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      <para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <!--
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    If your user id is 1000, root in a container is mapped to 190000, and
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    you wish to chown a file you own to root in the container, you can use:
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 &#045;&#045; /bin/chown 1:1 $file
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    This maps your userid to root in the user namespace, and 190000 to uid 1.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    Since root in the user namespace is privileged over all userids mapped
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    into the namespace, you are allowed to change the file ownership, which
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    you could not do on the host using a simple chown.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        -->
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        만약 현재 UID가 1000이고, 컨테이너의 root가 190000으로 매핑되어 있으며, 현재 사용자가 소유하고 있는 파일을 컨테이너의 root가 소유하도록 하려면, 아래처럼 하면 된다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        <programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 -- /bin/chown 1:1 $file
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        </programlisting>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        이것은 현재 UID를 사용자 네임스페이스 내에서 root로 하고, 190000을 uid 1로 매핑한다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo        사용자 네임스페이스의 root는 네임스페이스의 모든 UID에 권한이 있기 때문에, 호스트에서 chown을 사용할 수 없더라도 파일의 소유자를 변경할 수 있다.
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo      </para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  &seealso;
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  <refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <title><!-- Author -->저자</title>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo    <para>Serge Hallyn <email>serge.hallyn@ubuntu.com</email></para>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo  </refsect1>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo</refentry>
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo<!-- Keep this comment at the end of the file
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooLocal variables:
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoomode: sgml
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-omittag:t
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-shorttag:t
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-minimize-attributes:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-always-quote-attributes:t
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-indent-step:2
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-indent-data:t
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-parent-document:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-default-dtd-file:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-exposed-tags:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-local-catalogs:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoosgml-local-ecat-files:nil
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae YooEnd:
2b371b262f7272266ff18cc2aff65176a2c16383Sungbae Yoo-->