-
-
Save kawaz/3e423b0fc6eda643f1f5e11c8f5e0eca to your computer and use it in GitHub Desktop.
setuidgid w. support for supplementary groups
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/perl | |
| # https://gist.github.com/kawaz/3e423b0fc6eda643f1f5e11c8f5e0eca | |
| use POSIX qw(setuid setgid); | |
| use Unix::Groups qw(setgroups); | |
| die "usage: setusergroups username child\n" | |
| unless @ARGV >= 2; | |
| my $username = shift @ARGV; | |
| # get user entry | |
| my @userent = getpwnam($username) | |
| or die "unknown user: $username\n"; | |
| # build list of supp. groups | |
| my @supp_groups; | |
| while (my @e = getgrent) { | |
| if (grep { $_ eq $username } split /\s+/, $e[3]) { | |
| push @supp_groups, $e[2]; | |
| } | |
| } | |
| # setgid | |
| setgid($userent[3]) | |
| or die "setgid failed:$!"; | |
| # setgroups! | |
| setgroups(@supp_groups) | |
| or die "setgroups failed:$!"; | |
| # setuid | |
| setuid($userent[2]) | |
| or die "setuid failed:$!"; | |
| # exec | |
| exec @ARGV | |
| or die "failed to exec: $ARGV[0]:$!"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment