From: Mark Wooding Date: Sat, 20 Dec 2008 17:06:10 +0000 (+0000) Subject: client: New options for setting user and group identities. X-Git-Tag: 1.0.0pre8~34^2~7 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/ab46a7872ac5f10d0c96e7bba5b927b186442a2f client: New options for setting user and group identities. --- diff --git a/client/tripectl.1.in b/client/tripectl.1.in index 11fa6c94..57061ae1 100644 --- a/client/tripectl.1.in +++ b/client/tripectl.1.in @@ -63,6 +63,10 @@ Options: \& .RB [ \-p .IR path ] +.RB [ \-U +.IR user ] +.RB [ \-G +.IR group ] .RB [ \-S .IB arg , arg ,\fR...] . @@ -179,6 +183,31 @@ any passed automatically by (e.g., .BR \-a ). .TP +.BI "\-U, \-\-setuid=" user +Set uid to that of +.I user +(either a user name or integer uid) after initialization. Also set gid +to +.IR user 's +primary group, unless overridden by a +.B \-G +option. If a new +.BR tripe (8) +server is going to be spawned then it is also passed corresponding +.B \-U +and +.B \-G +options. +.TP +.BI "\-G, \-\-setgid=" group +Set gid to that of +.I group +(either a group name or integer gid) after initialization. If a new +.BR tripe (8) +server is going to be spawned then it is also passed a corresponding +.B \-G +option. +.TP .B "\-l, \-\-syslog" Send warnings and trace messages to the .BR syslog (8) diff --git a/client/tripectl.c b/client/tripectl.c index 13317047..6a2f82ab 100644 --- a/client/tripectl.c +++ b/client/tripectl.c @@ -318,6 +318,8 @@ Options in full:\n\ \n\ -D, --daemon Become a background task after connecting.\n\ -d, --directory=DIR Select current directory [default " CONFIGDIR "].\n\ +-U, --setuid=USER Set uid to USER after initialization.\n\ +-G, --setgid=GROUP Set gid to GROUP after initialization.\n\ -a, --admin-socket=FILE Select socket to connect to\n\ [default " SOCKETDIR "/tripesock].\n\ -P, --pidfile=FILE Write process-id to FILE.\n\ @@ -340,6 +342,8 @@ int main(int argc, char *argv[]) string_v spawnopts = DA_INIT; char *p; FILE *pidfp = 0; + uid_t u = -1; + gid_t g = -1; ego(argv[0]); @@ -356,6 +360,10 @@ int main(int argc, char *argv[]) { "version", 0, 0, 'v' }, { "usage", 0, 0, 'u' }, { "daemon", 0, 0, 'D' }, + { "uid", OPTF_ARGREQ, 0, 'U' }, + { "setuid", OPTF_ARGREQ, 0, 'U' }, + { "gid", OPTF_ARGREQ, 0, 'G' }, + { "setgid", OPTF_ARGREQ, 0, 'G' }, { "directory", OPTF_ARGREQ, 0, 'd' }, { "admin-socket", OPTF_ARGREQ, 0, 'a' }, { "spawn", 0, 0, 's' }, @@ -368,7 +376,7 @@ int main(int argc, char *argv[]) { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "+hvuDd:a:sp:S:lwf:nP:", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "+hvuDU:G:d:a:sp:S:lwf:nP:", opts, 0, 0, 0); if (i < 0) break; switch (i) { @@ -384,6 +392,12 @@ int main(int argc, char *argv[]) case 'D': f |= f_daemon | f_noinput; break; + case 'U': + u = u_getuser(optarg, &g); + break; + case 'G': + g = u_getgroup(optarg); + break; case 'd': dir = optarg; break; @@ -461,6 +475,8 @@ int main(int argc, char *argv[]) sigaction(SIGCHLD, &sa, 0); DA_PUSH(&spawnopts, 0); + if (g != (gid_t)-1) putarg(&spawnopts, "-G%lu", (unsigned long)g); + if (u != (uid_t)-1) putarg(&spawnopts, "-U%lu", (unsigned long)u); putarg(&spawnopts, "-a%s", sock); putarg(&spawnopts, "-d."); putarg(&spawnopts, "-F"); @@ -504,6 +520,7 @@ int main(int argc, char *argv[]) } } + u_setugid(u, g); if (f & f_daemon) { if (daemonize()) die(EXIT_FAILURE, "error becoming daemon: %s", strerror(errno)); diff --git a/init/tripe-init.in b/init/tripe-init.in index 439a740d..dfa7e031 100755 --- a/init/tripe-init.in +++ b/init/tripe-init.in @@ -122,8 +122,8 @@ case "$1" in ${keytag+-S-t}$keytag \ ${addr+-S-b}$addr \ ${port+-S-p}${port} \ - ${user+-S-U}${user} \ - ${group+-S-G}${group} \ + ${user+-U}${user} \ + ${group+-G}${group} \ ${trace+-S-T}${trace} \ ${tunnel+-S-n}${tunnel} \ ${miscopts}