summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--debian/setuidgid.848
-rwxr-xr-xetc/debian/getty-tty5/finish2
-rwxr-xr-xetc/freebsd/getty-ttyv4/finish2
-rwxr-xr-xetc/openbsd/getty-ttyC4/finish2
-rw-r--r--src/setuidgid.c33
5 files changed, 87 insertions, 0 deletions
diff --git a/debian/setuidgid.8 b/debian/setuidgid.8
new file mode 100644
index 0000000..3063fef
--- /dev/null
+++ b/debian/setuidgid.8
@@ -0,0 +1,48 @@
+.TH setuidgid 8
+.SH NAME
+setuidgid \- runs another program under a specified account's uid and gid.
+.SH SYNOPSIS
+.B setuidgid
+.I account
+.I child
+.SH DESCRIPTION
+.I account
+is a single argument.
+.I child
+consists of one or more arguments. 
+
+.B setuidgid
+sets its uid and gid to
+.IR account 's
+uid and gid, removing all supplementary groups. It then runs
+.IR child .
+
+.B setuidgid
+cannot be run by anyone other than root.
+.SH EXIT CODES
+.B setuidgid
+exits 111 if it cannot find a UNIX account named
+.IB account ,
+if it cannot setgid, if it cannot setuid, or if it cannot run
+.IR child .
+Otherwise its exit code is the same as that of
+.IR child .
+.SH SEE ALSO
+supervise(8),
+svc(8),
+svok(8),
+svstat(8),
+svscanboot(8),
+svscan(8),
+readproctitle(8),
+fghack(8),  
+pgrphack(8),
+multilog(8),
+tai64n(8),
+tai64nlocal(8),
+envuidgid(8),
+envdir(8),
+softlimit(8),
+setlock(8)
+
+http://cr.yp.to/daemontools.html
diff --git a/etc/debian/getty-tty5/finish b/etc/debian/getty-tty5/finish
new file mode 100755
index 0000000..72d719b
--- /dev/null
+++ b/etc/debian/getty-tty5/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec utmpset -w tty5
diff --git a/etc/freebsd/getty-ttyv4/finish b/etc/freebsd/getty-ttyv4/finish
new file mode 100755
index 0000000..b53d0af
--- /dev/null
+++ b/etc/freebsd/getty-ttyv4/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec utmpset -w ttyv4
diff --git a/etc/openbsd/getty-ttyC4/finish b/etc/openbsd/getty-ttyC4/finish
new file mode 100755
index 0000000..b3c7aa7
--- /dev/null
+++ b/etc/openbsd/getty-ttyC4/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec utmpset -w ttyC4
diff --git a/src/setuidgid.c b/src/setuidgid.c
new file mode 100644
index 0000000..e5a3db3
--- /dev/null
+++ b/src/setuidgid.c
@@ -0,0 +1,33 @@
+#include <sys/types.h>
+#include <pwd.h>
+#include "prot.h"
+#include "strerr.h"
+#include "pathexec.h"
+
+#define USAGE " account child"
+#define FATAL "setuidgid: fatal: "
+
+const char *progname;
+
+void fatal(char *m) { strerr_die3sys(111, FATAL, m, ": "); }
+void usage() { strerr_die4x(100, "usage: ", progname, USAGE, "\n"); }
+
+int main(int argc, const char *const *argv, const char *const *envp) {
+  const char *account;
+  struct passwd *pw;
+
+  progname =argv[0];
+
+  if (! (account =*++argv)) usage();
+  if (! *++argv) usage();
+
+  if (! (pw =getpwnam(account)))
+    strerr_die3x(111, FATAL, "unknown account ", account);
+
+  if (prot_gid(pw->pw_gid) == -1) fatal("unable to setgid");
+  if (prot_uid(pw->pw_uid) == -1) fatal("unable to setuid");
+
+  pathexec_run(*argv, argv, envp);
+  strerr_die4sys(111, FATAL, "unable to run ", *argv, ": ");
+  return(1);
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 20:38:09 +0000