-
Notifications
You must be signed in to change notification settings - Fork 79
/
dropuidgid.c
41 lines (37 loc) · 940 Bytes
/
dropuidgid.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/*
20140420
Jan Mojzis
Public domain.
*/
#include <sys/types.h>
#include <unistd.h>
#include <grp.h>
#include "e.h"
#include "dropuidgid.h"
/*
The 'dropuidgid' function is used to drop root privileges. If the process has
appropriate permittions, the 'dropuidgid' function sets user ID and group ID
of calling process to uid and gid. The 'dropuidgid' function also initialize
supplementary group IDs.
*/
int dropuidgid(const char *name, uid_t uid, gid_t gid) {
/* we can change group only as the root */
if (geteuid() == 0) {
if (setgid(gid) == -1) return 0;
if (getgid() != gid) {
errno = EPERM;
return 0;
}
if (name) {
if (initgroups(name, gid) == -1) return 0;
}
}
if (geteuid() != uid) {
if (setuid(uid) == -1) return 0;
if (getuid() != uid) {
errno = EPERM;
return 0;
}
}
return 1;
}