func changeUser(username string) error {
currentUser, err := user.Current()
if err != nil {
return util.Errorf("Could not determine current user: %s", err)
}
uid, gid, err := p2_user.IDs(username)
if err != nil {
return util.Errorf("Could not retrieve uid/gid for %q: %s", username, err)
}
if strconv.Itoa(uid) == currentUser.Uid && strconv.Itoa(gid) == currentUser.Gid {
return nil
}
userCstring := C.CString(username)
defer C.free(unsafe.Pointer(userCstring))
ret, err := C.initgroups(userCstring, C.__gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not initgroups for %q (primary gid %v): %s", username, gid, err)
}
ret, err = C.setgid(C.__gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not setgid %v: %s", gid, err)
}
ret, err = C.setuid(C.__uid_t(uid))
if ret != 0 && err != nil {
return util.Errorf("Could not setuid %v: %s", uid, err)
}
return nil
}
//Setuid set the uid to uid
func Setuid(uid int) error {
ret, err := C.setuid(C.__uid_t(uid))
if ret == C.int(0) {
return nil
}
return err
}
func DropPrivileges(name string) {
cname := C.CString(name)
home := C.CString("HOME")
slash := C.CString("/")
defer C.cfree(unsafe.Pointer(home))
defer C.cfree(unsafe.Pointer(cname))
defer C.cfree(unsafe.Pointer(slash))
cpw := C.getpwnam(cname)
C.setgid(cpw.pw_gid)
C.setuid(cpw.pw_uid)
C.setenv(home, cpw.pw_dir, 1)
C.setsid()
C.chdir(slash)
C.umask(022)
}
func changeUser(username string) error {
uid, gid, err := user.IDs(username)
if err != nil {
return util.Errorf("Could not retrieve uid/gid for %q: %s", username, err)
}
userCstring := C.CString(username)
defer C.free(unsafe.Pointer(userCstring))
ret, err := C.initgroups(userCstring, C.int(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not initgroups for %q (primary gid %v): %s", username, gid, err)
}
ret, err = C.setgid(C.gid_t(gid))
if ret != 0 && err != nil {
return util.Errorf("Could not setgid %v: %s", gid, err)
}
ret, err = C.setuid(C.uid_t(uid))
if ret != 0 && err != nil {
return util.Errorf("Could not setuid %v: %s", uid, err)
}
return nil
}