glexec for Debian 
-----------------

  gLExec is a system tool to run a program under a different user
  identity, much like su or sudo. It's origins lie in the Apache
  suexec program, but little of that original codebase remains today.


  The purpose of gLExec is to switch user based on grid credentials,
  which are commonly SSL X509 certificates and proxies, but this is
  completely configurable through the use of the pluggable LCAS/LCMAPS
  framework.

  Because it needs to change user identity, it has to be installed
  setuid root, which is a risky proposition. It is also possible to
  install the program without the setuid capability, in which case it
  switches to logging only mode; while it still evaluates the given
  credentials it can do little more than report what identity it would
  have switched to. To serve its intended purpose, gLExec is installed
  setuid by default. System administrators can use dpkg-statoverride
  to change this.

  This program has been developed in a series of European Union funded
  grid computing projects: European Data Grid, Enabling Grids for
  E-SciencE (I, II & III), and the European Middleware Initiative. It
  is maintained by Nikhef, the National Institute for Subatomic
  Physics in the Netherlands, and is deployed by the European Grid
  Initiative, the Open Science Grid and the World-wide LHC Compute
  Grid. It has received several independent security assessments.

 -- Dennis van Dok (Software Engineer) <dennisvd@nikhef.nl>  Fri, 11 Mar 2011 07:48:46 +0100