diff options
| author | tjpcc <tjp@ctrl-c.club> | 2023-09-28 08:08:48 -0600 |
|---|---|---|
| committer | tjpcc <tjp@ctrl-c.club> | 2023-10-09 08:47:37 -0600 |
| commit | 6e1c25af361dde4c063eccbf769e966df4b65f23 (patch) | |
| tree | d28044cf2db246555deda8db395f2f0a7e786590 /privdrop.go | |
| parent | b4f45f7c654e87bda6d5e7effb6ac5b5feb29ce0 (diff) | |
config file refactor
Diffstat (limited to 'privdrop.go')
| -rw-r--r-- | privdrop.go | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/privdrop.go b/privdrop.go new file mode 100644 index 0000000..c866430 --- /dev/null +++ b/privdrop.go @@ -0,0 +1,34 @@ +package main + +import ( + "errors" + "fmt" + "os/user" + "strconv" + "syscall" +) + +func privdrop(config *Configuration) error { + if config.SystemUser == nil { + return nil + } + + current, err := user.Current() + if err != nil { + return fmt.Errorf("looking up current user: %w", err) + } + if current.Uid != "0" { + return errors.New("'systemuser' directive requires running as root user") + } + + uid, err := strconv.Atoi(config.SystemUser.Uid) + if err != nil { + return errors.New("invalid 'systemuser' directive") + } + + if err := syscall.Setuid(uid); err != nil { + return fmt.Errorf("setuid: %w", err) + } + + return nil +} |