package main

import (
	"errors"
	"fmt"
	"os/user"
	"strconv"
	"syscall"
)

func privdrop(config *Configuration) error {
	if config.SystemUser == nil {
		return nil
	}

	current, err := user.Current()
	if err != nil {
		return fmt.Errorf("looking up current user: %w", err)
	}
	if current.Uid != "0" {
		return errors.New("'systemuser' directive requires running as root user")
	}

	uid, err := strconv.Atoi(config.SystemUser.Uid)
	if err != nil {
		return errors.New("invalid 'systemuser' directive")
	}

	if err := syscall.Setuid(uid); err != nil {
		return fmt.Errorf("setuid: %w", err)
	}

	return nil
}