From: Sami Kerola <kerolasa@iki.fi>
To: util-linux@vger.kernel.org
Cc: kerolasa@iki.fi
Subject: [PATCH 06/33] setpriv: allow login and group name option arguments
Date: Sat, 13 Apr 2013 20:54:34 +0100 [thread overview]
Message-ID: <1365882901-11429-7-git-send-email-kerolasa@iki.fi> (raw)
In-Reply-To: <1365882901-11429-1-git-send-email-kerolasa@iki.fi>
For an average user names are easier to use than uid and gid numbers.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
sys-utils/setpriv.1 | 6 ++++--
sys-utils/setpriv.c | 42 ++++++++++++++++++++++++++++++------------
2 files changed, 34 insertions(+), 14 deletions(-)
diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index c56d89f..c05473c 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -55,7 +55,8 @@ inheritable set, you are likely to become confused. Do not do that.
Lists all known capabilities. Must be specified alone.
.TP
\fB\-\-ruid\fR \fIuid\fR, \fB\-\-euid\fR \fIuid\fR, \fB\-\-reuid\fR \fIuid\fR
-Sets the real, effective, or both \fIuid\fRs.
+Sets the real, effective, or both \fIuid\fRs. The uid argument can be
+given as textual login name.
.IP
Setting
.I uid
@@ -68,7 +69,8 @@ something like:
\-\-reuid=1000 \-\-\:regid=1000 \-\-\:caps=\-\:all
.TP
\fB\-\-rgid\fR \fIgid\fR, \fB\-\-egid\fR \fIgid\fR, \fB\-\-regid\fR \fIgid\fR
-Sets the real, effective, or both \fIgid\fRs.
+Sets the real, effective, or both \fIgid\fRs. The gid argument can be
+given as textual group name.
.IP
For safety, you must specify one of \-\-\:keep\-\:groups,
\-\-\:clear\-\:groups, or \-\-\:groups if you set any primary
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index a547fd7..7fa5f82 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -23,10 +23,12 @@
#include <getopt.h>
#include <grp.h>
#include <linux/securebits.h>
+#include <pwd.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/prctl.h>
+#include <sys/types.h>
#include <unistd.h>
#include "c.h"
@@ -545,6 +547,28 @@ static void do_apparmor_profile(const char *label)
_("write failed: %s"), _PATH_PROC_ATTR_EXEC);
}
+static uid_t get_user(const char *s, const char *err)
+{
+ struct passwd *pw;
+ long tmp;
+ pw = getpwnam(s);
+ if (pw)
+ return pw->pw_uid;
+ tmp = strtol_or_err(s, err);
+ return tmp;
+}
+
+static gid_t get_group(const char *s, const char *err)
+{
+ struct group *gr;
+ long tmp;
+ gr = getgrnam(s);
+ if (gr)
+ return gr->gr_gid;
+ tmp = strtol_or_err(s, err);
+ return tmp;
+}
+
int main(int argc, char **argv)
{
enum {
@@ -627,43 +651,37 @@ int main(int argc, char **argv)
if (opts.have_ruid)
errx(EXIT_FAILURE, _("duplicate ruid"));
opts.have_ruid = 1;
- opts.ruid = strtol_or_err(optarg,
- _("failed to parse ruid"));
+ opts.ruid = get_user(optarg, _("failed to parse ruid"));
break;
case EUID:
if (opts.have_euid)
errx(EXIT_FAILURE, _("duplicate euid"));
opts.have_euid = 1;
- opts.euid = strtol_or_err(optarg,
- _("failed to parse euid"));
+ opts.euid = get_user(optarg, _("failed to parse euid"));
break;
case REUID:
if (opts.have_ruid || opts.have_euid)
errx(EXIT_FAILURE, _("duplicate ruid or euid"));
opts.have_ruid = opts.have_euid = 1;
- opts.ruid = opts.euid = strtol_or_err(optarg,
- _("failed to parse reuid"));
+ opts.ruid = opts.euid = get_user(optarg, _("failed to parse reuid"));
break;
case RGID:
if (opts.have_rgid)
errx(EXIT_FAILURE, _("duplicate rgid"));
opts.have_rgid = 1;
- opts.rgid = strtol_or_err(optarg,
- _("failed to parse rgid"));
+ opts.rgid = get_group(optarg, _("failed to parse rgid"));
break;
case EGID:
if (opts.have_egid)
errx(EXIT_FAILURE, _("duplicate egid"));
opts.have_egid = 1;
- opts.egid = strtol_or_err(optarg,
- _("failed to parse egid"));
+ opts.egid = get_group(optarg, _("failed to parse egid"));
break;
case REGID:
if (opts.have_rgid || opts.have_egid)
errx(EXIT_FAILURE, _("duplicate rgid or egid"));
opts.have_rgid = opts.have_egid = 1;
- opts.rgid = opts.egid = strtol_or_err(optarg,
- _("failed to parse regid"));
+ opts.rgid = opts.egid = get_group(optarg, _("failed to parse regid"));
break;
case CLEAR_GROUPS:
if (opts.clear_groups)
--
1.8.2.1
next prev parent reply other threads:[~2013-04-13 19:55 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-13 19:54 [PATCH 00/33] pull: bash completions, help screens, and file writing Sami Kerola
2013-04-13 19:54 ` [PATCH 01/33] bash-completion: add mount and umount Sami Kerola
2013-04-13 19:54 ` [PATCH 02/33] blkid, hwclock, ldattach: use program_invocation_short_name Sami Kerola
2013-04-13 19:54 ` [PATCH 03/33] utmpdump: add option to write to a file Sami Kerola
2013-04-13 19:54 ` [PATCH 04/33] cfdisk: add long options to the command Sami Kerola
2013-04-26 11:30 ` Karel Zak
2013-04-13 19:54 ` [PATCH 05/33] bash-completion: prefer bash 3.x 'here string' syntax Sami Kerola
2013-04-13 21:59 ` Dave Reisner
2013-04-26 11:38 ` Karel Zak
2013-04-26 12:29 ` Sami Kerola
2013-04-13 19:54 ` Sami Kerola [this message]
2013-04-13 19:54 ` [PATCH 07/33] build-sys: add --disable-setterm to ./configure Sami Kerola
2013-04-26 11:53 ` Karel Zak
2013-04-13 19:54 ` [PATCH 08/33] hexdump: add long options to the command Sami Kerola
2013-04-13 19:54 ` [PATCH 09/33] setsid: exit when control terminal cannot be set Sami Kerola
2013-04-13 19:54 ` [PATCH 10/33] cfdisk: check writing to a file was successful Sami Kerola
2013-04-13 19:54 ` [PATCH 11/33] setpriv: " Sami Kerola
2013-04-13 19:54 ` [PATCH 12/33] agetty: " Sami Kerola
2013-04-13 19:54 ` [PATCH 13/33] pg: " Sami Kerola
2013-04-13 19:54 ` [PATCH 14/33] libblkid: " Sami Kerola
2013-04-13 19:54 ` [PATCH 15/33] libmount: " Sami Kerola
2013-04-13 19:54 ` [PATCH 16/33] include: add close_fd() for noticing write errors before close() Sami Kerola
2013-04-13 19:54 ` [PATCH 17/33] fdformat: check writing to a file descriptor was successful Sami Kerola
2013-04-13 19:54 ` [PATCH 18/33] partx: " Sami Kerola
2013-04-13 19:54 ` [PATCH 19/33] resizepart: " Sami Kerola
2013-04-13 19:54 ` [PATCH 20/33] cfdisk: " Sami Kerola
2013-04-13 19:54 ` [PATCH 21/33] sfdisk: " Sami Kerola
2013-04-13 19:54 ` [PATCH 22/33] wdctl: " Sami Kerola
2013-04-13 19:54 ` [PATCH 23/33] fsck.cramfs: " Sami Kerola
2013-04-13 19:54 ` [PATCH 24/33] fsck.minix: " Sami Kerola
2013-04-13 19:54 ` [PATCH 25/33] mkfs.bfs: " Sami Kerola
2013-04-13 19:54 ` [PATCH 26/33] mkfs.cramfs: unify write check to a file descriptor Sami Kerola
2013-04-13 19:54 ` [PATCH 27/33] mkfs.minix: check writing to a file descriptor was successful Sami Kerola
2013-04-13 19:54 ` [PATCH 28/33] mkswap: unify write check to a file descriptor Sami Kerola
2013-04-13 19:54 ` [PATCH 29/33] swaplabel: check writing to a file descriptor was successful Sami Kerola
2013-04-13 19:54 ` [PATCH 30/33] fallocate: " Sami Kerola
2013-04-13 19:54 ` [PATCH 31/33] setpriv: " Sami Kerola
2013-04-13 19:55 ` [PATCH 32/33] swapon: " Sami Kerola
2013-04-13 19:55 ` [PATCH 33/33] wall: " Sami Kerola
2013-04-17 13:31 ` [PATCH 00/33] pull: bash completions, help screens, and file writing Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1365882901-11429-7-git-send-email-kerolasa@iki.fi \
--to=kerolasa@iki.fi \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox