1 files changed, 34 insertions, 0 deletions

diff --git a/privdrop.go b/privdrop.go
new file mode 100644
index 0000000..c866430
--- /dev/null
+++ b/privdrop.go
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os/user"
+	"strconv"
+	"syscall"
+)
+
+func privdrop(config *Configuration) error {
+	if config.SystemUser == nil {
+		return nil
+	}
+
+	current, err := user.Current()
+	if err != nil {
+		return fmt.Errorf("looking up current user: %w", err)
+	}
+	if current.Uid != "0" {
+		return errors.New("'systemuser' directive requires running as root user")
+	}
+
+	uid, err := strconv.Atoi(config.SystemUser.Uid)
+	if err != nil {
+		return errors.New("invalid 'systemuser' directive")
+	}
+
+	if err := syscall.Setuid(uid); err != nil {
+		return fmt.Errorf("setuid: %w", err)
+	}
+
+	return nil
+}