/* We don't want to run as root -- drop privileges if required */ void drop_privileges(const char* user_name) { int res; struct passwd *pw = getpwnam(user_name); if (!pw) { fprintf(stderr, "%s: not found\n", user_name); exit(2); } if (verbose) fprintf(stderr, "turning into %s\n", user_name); set_keepcaps(1); /* remove extraneous groups in case we belong to several extra groups that * may have unwanted rights. If non-root when calling setgroups(), it * fails, which is fine because... we have no unwanted rights * (see POS36-C for security context) * */ setgroups(0, NULL); res = setgid(pw->pw_gid); CHECK_RES_DIE(res, "setgid"); res = setuid(pw->pw_uid); CHECK_RES_DIE(res, "setuid"); set_capabilities(); set_keepcaps(0); }
static void set_user() { if (userName != NULL) { struct passwd *pwEnt = getpwnam(userName); if (pwEnt == NULL) errx(50, "User not found: %s", userName); set_keepcaps(1); if (setregid(pwEnt->pw_gid, pwEnt->pw_gid) != 0) err(50, "Failed to change group"); if (setreuid(pwEnt->pw_uid, pwEnt->pw_uid) != 0) err(50, "Failed to change user"); set_keepcaps(0); } }