Priviledges management.

- `service status` does not require priviledges anymore… if the
    `status` binary is owned by root and has the setuid and setguid
    flags. Hopefully, that binary only checks that a service’s process
    exists.

src/config.cr.in

@@ -5,4 +5,5 @@ RC_DIRECTORY           = "@SYSCONFDIR@/rc/services"
 LOG_DIRECTORY          = "@VARSTATEDIR@/log"
 SERVICES_DIRECTORY     = "@SHAREDIR@/services"
 ENVIRONMENTS_DIRECTORY = "@SYSCONFDIR@/rc/environments"
+OWN_LIBEXEC_DIR        = "@LIBEXECDIR@/service"
 

src/service.cr

@@ -95,7 +95,17 @@ begin
 			end
 		end
 	elsif args[0] == "status"
-		puts Service.new(args[1], args[2]?).status PID_DIRECTORY
+		child = Process.run "#{OWN_LIBEXEC_DIR}/status", [args[1]],
+			output: Process::Redirect::Inherit,
+			error: Process::Redirect::Inherit
+		return_value = child.exit_status / 256
+
+		# Errors not registered here should probably be verbose in `status`.
+		if return_value == 1
+			STDERR << "No such service.\n"
+		end
+
+		exit return_value
 	elsif args[0] == "show"
 		service = Service.all.find do |service|
 			unless service.name == args[1]

src/status.cr

@@ -7,6 +7,9 @@ ServiceDefinition.load SERVICES_DIRECTORY
 Environment.load ENVIRONMENTS_DIRECTORY
 Service.load RC_DIRECTORY
 
+LibC.setuid 0
+LibC.setgid 0
+
 Service.get_by_id(ARGV[0]).try do |service|
 	puts service.status PID_DIRECTORY
 	exit 0