Used mainly by daemons and such to aquire resources as su and then drop back to a restricted user.
privileges :: privileges $ Text
High-level abstraction for all text representationsprivileges :: privileges $ Text
High-level abstraction for all text representationscore :: union_find
union–find algorithm using an efficient disjoint-set data structureroot
to execute
# Process privileges management utilities
#
# Used mainly by daemons and such to aquire resources as su and
# then drop back to a restricted user.
module privileges
import opts
import posix
redef class Text
# Does the operating system know the user named `self`?
fun user_exists: Bool
do
var passwd = new Passwd.from_name(to_s)
return not passwd.address_is_null
end
# Does the operating system know the group named `self`?
fun group_exists: Bool
do
var passwd = new Group.from_name(to_s)
return not passwd.address_is_null
end
end
# Class to manage user groups
class UserGroup
# User name
var user: String
# Group name
var group: nullable String
# Drop privileges of the running program to those of `self`
#
# require: `user.user_exists and (group == null or group.group_exists)`
fun drop_privileges
do
var passwd = new Passwd.from_name(user)
assert not passwd.address_is_null
var uid = passwd.uid
var group = group
var gid
if group != null then
var gpasswd = new Group.from_name(group)
assert not gpasswd.address_is_null
gid = gpasswd.gid
else gid = passwd.gid
sys.gid = gid
sys.uid = uid
end
end
# Option to ask for a username and group
class OptionUserAndGroup
super OptionParameter
redef type VALUE: nullable UserGroup
# Create an `OptionUserAndGroup` for dropping privileges
init for_dropping_privileges
do
init("Drop privileges to user:group or simply user", null, ["-u", "--usergroup"])
end
redef fun convert(str)
do
var words = str.split(":")
if words.length == 1 then
return new UserGroup(str, null)
else if words.length == 2 then
return new UserGroup(words[0], words[1])
else
errors.add("Option {names.join(", ")} expected parameter in the format \"user:group\" or simply \"user\".\n")
return null
end
end
end
lib/privileges/privileges.nit:17,1--97,3