Class: Fusuma::Plugin::Appmatcher::UserSwitcher

Inherits:

Object

• Object
• Fusuma::Plugin::Appmatcher::UserSwitcher

Includes:

CustomProcess

Defined in:

lib/fusuma/plugin/appmatcher/user_switcher.rb

Overview

Drop sudo privileges

Defined Under Namespace

Classes: User

Instance Attribute Summary

• #login_user ⇒ Object readonly

  Returns the value of attribute login_user.

Instance Method Summary

• #as_user(user = @login_user, proctitle:) ⇒ Object

  Execute the provided block in a child process as the specified user The parent blocks until the child finishes.

• #drop_priv(user) ⇒ Object

  Drops privileges to that of the specified user.

• #initialize ⇒ UserSwitcher constructor

  A new instance of UserSwitcher.

Constructor Details

#initialize ⇒ UserSwitcher

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 16

def initialize
  username = ENV["SUDO_USER"] || Etc.getlogin
  uid = `id -u #{username}`.chomp.to_i
  gid = `id -g #{username}`.chomp.to_i
  @login_user = User.new(username, uid, gid)
end

Instance Attribute Details

#login_user ⇒ Object (readonly)

Returns the value of attribute login_user.

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 14

def login_user
  @login_user
end

Instance Method Details

#as_user(user = @login_user, proctitle:) ⇒ Object

Execute the provided block in a child process as the specified user The parent blocks until the child finishes.

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 33

def as_user(user = @login_user, proctitle:)
  self.proctitle = "#{self.class.name.underscore}(#{user.username}) -> #{proctitle}"

  fork do
    drop_priv(user)
    yield(user) if block_given?
  end
end

#drop_priv(user) ⇒ Object

Drops privileges to that of the specified user

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 24

def drop_priv(user)
  # Process.initgroups(user.username, user.gid)
  Process::Sys.setegid(user.gid)
  Process::Sys.setgid(user.gid)
  Process::Sys.setuid(user.uid)
end