diff options
| -rw-r--r-- | doc/index.html | 2 | ||||
| -rw-r--r-- | doc/s6-envuidgid.html | 28 | ||||
| -rw-r--r-- | doc/upgrade.html | 7 | ||||
| -rw-r--r-- | package/info | 2 | ||||
| -rw-r--r-- | src/daemontools-extras/s6-envuidgid.c | 100 |
5 files changed, 98 insertions, 41 deletions
diff --git a/doc/index.html b/doc/index.html index 50f2558..3325207 100644 --- a/doc/index.html +++ b/doc/index.html @@ -100,7 +100,7 @@ library. </li> <h3> Download </h3> <ul> - <li> The current released version of s6 is <a href="s6-2.2.3.1.tar.gz">2.2.3.1</a>. </li> + <li> The current released version of s6 is <a href="s6-2.2.4.0.tar.gz">2.2.4.0</a>. </li> <li> Alternatively, you can checkout a copy of the s6 git repository: <pre> git clone git://git.skarnet.org/s6 </pre> </li> <li> There's also a diff --git a/doc/s6-envuidgid.html b/doc/s6-envuidgid.html index 48e9a20..da860cd 100644 --- a/doc/s6-envuidgid.html +++ b/doc/s6-envuidgid.html @@ -19,14 +19,15 @@ <h1> The s6-envuidgid program </h1> <p> -s6-envuidgid sets the UID, GID and GIDLIST environment variables, -then executes into another program. +s6-envuidgid potentially sets the UID, GID and GIDLIST environment +variables according to the options and arguments it is given; then it +executes into another program. </p> <h2> Interface </h2> <pre> - s6-envuidgid [ -g ] [ -i | -D <em>uid</em>:<em>gid</em> ] <em>account</em> <em>prog...</em> + s6-envuidgid [ -u | -g | -B ] [ -n ] [ -i | -D <em>uid</em>:<em>gid</em> ] <em>account</em> <em>prog...</em> </pre> <ul> @@ -43,14 +44,26 @@ primary group, GIDLIST is still set, but empty.) </li> <h2> Options </h2> <ul> + <li> <tt>-u</tt> : user. <em>account</em> will be interpreted as a +user name; the UID environment variable will be set to its numerical +value, and the GID and GIDLIST variables will not be touched. </li> <li> <tt>-g</tt> : group. <em>account</em> will be interpreted as a group name instead of a user name; the GID environment variable will be set to its numerical value, and the UID and GIDLIST variables will not be touched. </li> + <li> <tt>-B</tt> : both user and group. <em>account</em> will be +interpreted as <em>user<tt>:</tt>group</em>. The GIDLIST variable will not be +touched. If <em>user</em> exists, the UID variable will be set; if +<em>group</em> exists, the GID variable will be set. </li> + <li> <tt>-n</tt> : numerical fallback. If <em>account</em> cannot be +found in the user or group database, try to interpret the given values literally. +For instance, <tt>s6-envuidgid -B root:42</tt> will fail if there's no group +named <tt>42</tt> in the group database, but <tt>s6-envuidgid -nB root:42</tt> +will set UID to 0 and GID to 42. This option implies <tt>-B</tt>. </li> <li> <tt>-i</tt> : insist. If <em>account</em> is unknown, exit 1 with an error message. This is the default. </li> <li> <tt>-D <em>uid</em>:<em>gid</em></tt> : if <em>account</em> -is unknown, use <em>uid</em>, <em>gid</em>, and the empty list as the values -for UID, GID and GIDLIST. </li> +is unknown, use <em>uid</em> and <em>gid</em> as the values for UID and GID. +This options implies <tt>-B</tt>. </li> </ul> <h2> Notes </h2> @@ -64,6 +77,11 @@ drop its privileges later. Such a program can read its new uid/gid/groups info from the UID, GID and GIDLIST environment variables. Superservers such as <a href="http://skarnet.org/software/s6-networking/s6-tcpserver4.html">s6-tcpserver4</a> make use of this. </li> + <li> s6-envuidgid only sets GIDLIST when no option (or only <tt>-i</tt>) is +given. If s6-envuidgid risks defaulting to a given numerical value for +UID or GID, it will not interpret <em>account</em> as a complete account name +with uid, gid and supplementary group list; instead, it interprets it as an +arbitrary combination of user name and group name. </li> </ul> </body> diff --git a/doc/upgrade.html b/doc/upgrade.html index df9701f..7a2d7d8 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,13 @@ <h1> What has changed in s6 </h1> +<h2> in 2.2.4.0 </h2> + +<ul> + <li> Additional options to +<a href="s6-envuidgid.html">s6-envuidgid</a> for more flexibility </li> +</ul> + <h2> in 2.2.3.1 </h2> <ul> diff --git a/package/info b/package/info index eb98e42..968e6a2 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=s6 -version=2.2.3.1 +version=2.2.4.0 category=admin package_macro_name=S6 diff --git a/src/daemontools-extras/s6-envuidgid.c b/src/daemontools-extras/s6-envuidgid.c index c0aaac2..997b7b6 100644 --- a/src/daemontools-extras/s6-envuidgid.c +++ b/src/daemontools-extras/s6-envuidgid.c @@ -13,27 +13,33 @@ #include <skalibs/fmtscan.h> #include <skalibs/djbunix.h> -#define USAGE "s6-envuidgid [ -i | -D defaultuid:defaultgid ] [ -g ] username prog..." +#define USAGE "s6-envuidgid [ -i | -D defaultuid:defaultgid ] [ -u | -g | -B ] [ -n ] account prog..." #define dieusage() strerr_dieusage(100, USAGE) -int main (int argc, char const *const *argv, char const *const *envp) +int main (int argc, char *const *argv, char const *const *envp) { + char const *user = 0 ; + char const *group = 0 ; + int what = 0 ; + int numfallback = 0 ; + int insist = 1 ; + unsigned int pos ; uint64 uid ; gid_t gid ; - gid_t tab[NGROUPS_MAX] ; - int n = 0 ; - int dogroup = 0 ; - int insist = 1 ; + char fmt[19 + UINT64_FMT + (NGROUPS_MAX+1) * GID_FMT] ; PROG = "s6-envuidgid" ; { subgetopt_t l = SUBGETOPT_ZERO ; for (;;) { - register int opt = subgetopt_r(argc, argv, "giD:", &l) ; + register int opt = subgetopt_r(argc, (char const *const *)argv, "ugBniD:", &l) ; if (opt == -1) break ; switch (opt) { - case 'g' : dogroup = 1 ; break ; + case 'u' : what = 1 ; break ; + case 'g' : what = 2 ; break ; + case 'B' : what = 3 ; break ; + case 'n' : what = 3 ; numfallback = 1 ; break ; case 'i' : insist = 1 ; break ; case 'D' : { @@ -51,6 +57,7 @@ int main (int argc, char const *const *argv, char const *const *envp) else if (!gid0_scan(l.arg + pos, &gid)) dieusage() ; } insist = 0 ; + what = 3 ; break ; } default : dieusage() ; @@ -60,42 +67,67 @@ int main (int argc, char const *const *argv, char const *const *envp) } if (argc < 2) dieusage() ; - if (dogroup) + switch (what) + { + case 0 : /* account */ + case 1 : /* user */ + user = argv[0] ; + break ; + case 2 : /* group */ + group = argv[0] ; + break ; + case 3 : /* both */ + user = argv[0] ; + pos = str_chr(argv[0], ':') ; + if (argv[0][pos]) + { + argv[0][pos] = 0 ; + group = argv[0] + pos + 1 ; + if (!pos) user = 0 ; + } + break ; + default : strerr_dief1x(101, "inconsistent option management - please submit a bug-report") ; + } + + pos = 0 ; + + if (group) { - struct group *gr = getgrnam(argv[0]) ; - unsigned int pos = 4 ; - char fmt[4 + GID_FMT] = "GID=" ; + struct group *gr = getgrnam(group) ; if (gr) gid = gr->gr_gid ; - else if (insist) strerr_dief2x(1, "unknown group: ", argv[0]) ; + else if (numfallback && gid_scan(group, &gid)) ; + else if (insist) strerr_dief2x(1, "unknown group: ", group) ; + byte_copy(fmt + pos, 4, "GID=") ; pos += 4 ; pos += gid_fmt(fmt + pos, gid) ; fmt[pos++] = 0 ; - pathexec_r(argv+1, envp, env_len(envp), fmt, pos) ; } - else + + if (user) { - struct passwd *pw = getpwnam(argv[0]) ; + struct passwd *pw = getpwnam(user) ; if (pw) { uid = pw->pw_uid ; - gid = pw->pw_gid ; - n = prot_readgroups(argv[0], tab, NGROUPS_MAX) ; - if (n < 0) - strerr_diefu2sys(111, "get supplementary groups for ", argv[0]) ; - } - else if (insist) strerr_dief2x(1, "unknown user: ", argv[0]) ; - - { - unsigned int pos = 0 ; - char fmt[19 + UINT64_FMT + (n+1) * GID_FMT] ; - byte_copy(fmt + pos, 4, "UID=") ; pos += 4 ; - pos += uint64_fmt(fmt + pos, uid) ; - byte_copy(fmt + pos, 5, "\0GID=") ; pos += 5 ; - pos += gid_fmt(fmt + pos, gid) ; - byte_copy(fmt + pos, 9, "\0GIDLIST=") ; pos += 9 ; - pos += gid_fmtlist(fmt + pos, tab, n) ; - fmt[pos++] = 0 ; - pathexec_r(argv+1, envp, env_len(envp), fmt, pos) ; + if (!what) + { + gid_t tab[NGROUPS_MAX] ; + int n = prot_readgroups(argv[0], tab, NGROUPS_MAX) ; + if (n < 0) + strerr_diefu2sys(111, "get supplementary groups for ", argv[0]) ; + byte_copy(fmt + pos, 4, "GID=") ; pos += 4 ; + pos += gid_fmt(fmt + pos, pw->pw_gid) ; + byte_copy(fmt + pos, 9, "\0GIDLIST=") ; pos += 9 ; + pos += gid_fmtlist(fmt + pos, tab, n) ; + fmt[pos++] = 0 ; + } } + else if (numfallback && uint64_scan(user, &uid)) ; + else if (insist) strerr_dief2x(1, "unknown user: ", user) ; + byte_copy(fmt + pos, 4, "UID=") ; pos += 4 ; + pos += uint64_fmt(fmt + pos, uid) ; + fmt[pos++] = 0 ; } + + pathexec_r((char const *const *)argv + 1, envp, env_len(envp), fmt, pos) ; strerr_dieexec(111, argv[1]) ; } |