Add the setruid utility
This commit is contained in:
parent
0429c3f6f5
commit
b7de9c1a50
|
@ -1,3 +1,4 @@
|
|||
*.swp
|
||||
*.o
|
||||
pidfilewrapper
|
||||
setruid
|
||||
|
|
13
Makefile
13
Makefile
|
@ -9,21 +9,24 @@ CFLAGS += -std=c11 -Os -g -Wall -Wextra -pedantic
|
|||
CPPFLAGS +=
|
||||
LDFLAGS +=
|
||||
|
||||
all: pidfilewrapper
|
||||
all: pidfilewrapper setruid
|
||||
|
||||
pidfilewrapper: pidfilewrapper.c
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $<
|
||||
|
||||
setruid: setruid.c
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $<
|
||||
|
||||
.PHONY: all install uninstall clean distclean
|
||||
|
||||
install: all
|
||||
install: all pidfilewrapper.1 setruid.1
|
||||
mkdir -p $(BINDIR)
|
||||
install pidfilewrapper $(BINDIR)
|
||||
install pidfilewrapper setruid $(BINDIR)
|
||||
mkdir -p $(DESTDIR)$(MANDIR)/man1
|
||||
cp pidfilewrapper.1 $(DESTDIR)$(MANDIR)/man1/pidfilewrapper.1
|
||||
cp pidfilewrapper.1 setruid.1 $(DESTDIR)$(MANDIR)
|
||||
|
||||
uninstall:
|
||||
rm -f $(BINDIR)/pidfilewrapper $(DESTDIR)$(MANDIR)/man1/pidfilewrapper.1
|
||||
rm -f $(BINDIR)/pidfilewrapper $(BINDIR)/setruid $(DESTDIR)$(MANDIR)/man1/pidfilewrapper.1 $(DESTDIR)$(MANDIR)/setruid.1
|
||||
|
||||
clean:
|
||||
rm -f pidfilewrapper
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
.Dd Jul 11, 2018
|
||||
.Dt setruid 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm setruid
|
||||
.Nd set the real UID for a command
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Ar command
|
||||
.Op Ar arguments
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
sets the real UID while keeping the effective UID the same. It is indended for
|
||||
simple servers that need to bind on a low port and drop privileges by setting
|
||||
effective UID to real UID.
|
||||
.Pp
|
||||
.Nm
|
||||
executes the given command as the same process.
|
||||
.Sh EXIT STATUS
|
||||
.Nm
|
||||
will exit with status 1 if it fails to set the UID or execute the given command.
|
||||
If it is succesful, exit status will be that of the given command.
|
||||
.Sh AUTHORS
|
||||
.Nm
|
||||
has been written by nortti.
|
|
@ -0,0 +1,36 @@
|
|||
#define _BSD_SOURCE
|
||||
#include <errno.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
if(argc < 3) {
|
||||
fprintf(stderr, "Usage: %s username command [arguments]\n", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
const char *username = argv[1];
|
||||
errno = 0;
|
||||
struct passwd *passwd_entry = getpwnam(username);
|
||||
if(passwd_entry == NULL) {
|
||||
perror("getpwnam");
|
||||
return 1;
|
||||
}
|
||||
|
||||
uid_t ruid = passwd_entry->pw_uid;
|
||||
|
||||
if(setreuid(ruid, -1) != 0) {
|
||||
perror("getpwnam");
|
||||
return 1;
|
||||
}
|
||||
|
||||
char **daemon_argv = &argv[2];
|
||||
const char *daemon_command = daemon_argv[0];
|
||||
|
||||
execvp(daemon_command, daemon_argv);
|
||||
|
||||
perror("execvp");
|
||||
return 1;
|
||||
}
|
Loading…
Reference in New Issue