func determineAppropriateUsername() (string, error) { for _, u := range usernamesToTry { _, err := passwd.ParseUID(u) if err == nil { return u, nil } } return "", fmt.Errorf("cannot find appropriate username") }
func (h *ihandler) DropPrivileges() error { if h.dropped { return nil } // Extras if !h.info.NoBanSuid { // Try and bansuid, but don't process errors. It may not be supported on // the current platform, and Linux won't allow SECUREBITS to be set unless // one is root (or has the right capability). This is basically a // best-effort thing. bansuid.BanSuid() } // Various fixups if uidFlag.Value() != "" && gidFlag.Value() == "" { gid, err := passwd.GetGIDForUID(uidFlag.Value()) if err != nil { return err } gidFlag.SetValue(strconv.FormatInt(int64(gid), 10)) } if h.info.DefaultChroot == "" { h.info.DefaultChroot = "/" } chrootPath := chrootFlag.Value() if chrootPath == "" { chrootPath = h.info.DefaultChroot } uid := -1 gid := -1 if uidFlag.Value() != "" { var err error uid, err = passwd.ParseUID(uidFlag.Value()) if err != nil { return err } gid, err = passwd.ParseGID(gidFlag.Value()) if err != nil { return err } } if (uid <= 0) != (gid <= 0) { return fmt.Errorf("Either both or neither of the UID and GID must be positive") } if uid > 0 { chrootErr, err := daemon.DropPrivileges(uid, gid, chrootPath) if err != nil { return fmt.Errorf("Failed to drop privileges: %v", err) } if chrootErr != nil && chrootFlag.Value() != "" && chrootFlag.Value() != "/" { return fmt.Errorf("Failed to chroot: %v", chrootErr) } } else if chrootFlag.Value() != "" && chrootFlag.Value() != "/" { return fmt.Errorf("Must use privilege dropping to use chroot; set -uid") } // If we still have any caps (maybe because we didn't setuid), try and drop them. err := caps.Drop() if err != nil { return fmt.Errorf("cannot drop caps: %v", err) } if !h.info.AllowRoot && daemon.IsRoot() { return fmt.Errorf("Daemon must not run as root or with capabilities; run as non-root user or use -uid") } h.dropped = true return nil }