/* We don't want to run as root -- drop privileges if required */
void drop_privileges(const char* user_name)
{
int res;
struct passwd *pw = getpwnam(user_name);
if (!pw) {
fprintf(stderr, "%s: not found\n", user_name);
exit(2);
}
if (verbose)
fprintf(stderr, "turning into %s\n", user_name);
set_keepcaps(1);
/* remove extraneous groups in case we belong to several extra groups that
* may have unwanted rights. If non-root when calling setgroups(), it
* fails, which is fine because... we have no unwanted rights
* (see POS36-C for security context)
* */
setgroups(0, NULL);
res = setgid(pw->pw_gid);
CHECK_RES_DIE(res, "setgid");
res = setuid(pw->pw_uid);
CHECK_RES_DIE(res, "setuid");
set_capabilities();
set_keepcaps(0);
}
static void set_user()
{
if (userName != NULL) {
struct passwd *pwEnt = getpwnam(userName);
if (pwEnt == NULL)
errx(50, "User not found: %s", userName);
set_keepcaps(1);
if (setregid(pwEnt->pw_gid, pwEnt->pw_gid) != 0)
err(50, "Failed to change group");
if (setreuid(pwEnt->pw_uid, pwEnt->pw_uid) != 0)
err(50, "Failed to change user");
set_keepcaps(0);
}
}
