Improved groups/gid handling.

master
Luka Vandervelden 4 years ago
parent 5d4cad69a6
commit 7258ac4552

@ -13,6 +13,8 @@ lib LibC
fun setuid(Int32) : Int32
fun setgid(Int32) : Int32
fun getpwnam(Char*) : Passwd*
fun initgroups(Char*, Int32) : Int32
end
module System
@ -25,10 +27,12 @@ module System
passwd = pointer.value
become_user passwd.pw_uid, passwd.pw_uid
end
uid = passwd.pw_uid
gid = passwd.pw_gid
r = LibC.initgroups user_name, passwd.pw_gid
raise Errno.new "initgroups" if r != 0
def self.become_user(uid, gid)
r = LibC.setgid gid
raise Errno.new "setgid" if r != 0
@ -36,21 +40,4 @@ module System
raise Errno.new "setuid" if r != 0
end
end
#def get_uid_gid(user_name : String)
# pointer = LibC.getpwnam user_name.to_unsafe
#
# if pointer.null?
# return nil
# end
#
# passwd = pointer.value
#
# {passwd.pw_uid, passwd.pw_gid}
#end
#uid, gid = get_uid_gid("http").not_nil!
#LibC.setuid uid
#LibC.setgid gid
#puts Process.run "whoami", output: Process::Redirect::Inherit

@ -301,7 +301,7 @@ class Service
child = Process.fork do
Dir.cd root
System.become_user uid, gid
System.become_user user_name
Process.exec "sh", ["-c", creation_command],
output: Process::Redirect::Inherit,
@ -347,7 +347,7 @@ class Service
LibC.dup2 stdout_file.fd, 1
LibC.dup2 stderr_file.fd, 2
System.become_user uid, gid
System.become_user user_name
Process.exec command, args,
chdir: (@reference.directory.try { |x| evaluate x } || root),

Loading…
Cancel
Save