func determineAppropriateUsername() (string, error) {
for _, u := range usernamesToTry {
_, err := passwd.ParseUID(u)
if err == nil {
return u, nil
}
}
return "", fmt.Errorf("cannot find appropriate username")
}
func (h *ihandler) DropPrivileges() error {
if h.dropped {
return nil
}
// Extras
if !h.info.NoBanSuid {
// Try and bansuid, but don't process errors. It may not be supported on
// the current platform, and Linux won't allow SECUREBITS to be set unless
// one is root (or has the right capability). This is basically a
// best-effort thing.
bansuid.BanSuid()
}
// Various fixups
if uidFlag.Value() != "" && gidFlag.Value() == "" {
gid, err := passwd.GetGIDForUID(uidFlag.Value())
if err != nil {
return err
}
gidFlag.SetValue(strconv.FormatInt(int64(gid), 10))
}
if h.info.DefaultChroot == "" {
h.info.DefaultChroot = "/"
}
chrootPath := chrootFlag.Value()
if chrootPath == "" {
chrootPath = h.info.DefaultChroot
}
uid := -1
gid := -1
if uidFlag.Value() != "" {
var err error
uid, err = passwd.ParseUID(uidFlag.Value())
if err != nil {
return err
}
gid, err = passwd.ParseGID(gidFlag.Value())
if err != nil {
return err
}
}
if (uid <= 0) != (gid <= 0) {
return fmt.Errorf("Either both or neither of the UID and GID must be positive")
}
if uid > 0 {
chrootErr, err := daemon.DropPrivileges(uid, gid, chrootPath)
if err != nil {
return fmt.Errorf("Failed to drop privileges: %v", err)
}
if chrootErr != nil && chrootFlag.Value() != "" && chrootFlag.Value() != "/" {
return fmt.Errorf("Failed to chroot: %v", chrootErr)
}
} else if chrootFlag.Value() != "" && chrootFlag.Value() != "/" {
return fmt.Errorf("Must use privilege dropping to use chroot; set -uid")
}
// If we still have any caps (maybe because we didn't setuid), try and drop them.
err := caps.Drop()
if err != nil {
return fmt.Errorf("cannot drop caps: %v", err)
}
if !h.info.AllowRoot && daemon.IsRoot() {
return fmt.Errorf("Daemon must not run as root or with capabilities; run as non-root user or use -uid")
}
h.dropped = true
return nil
}
