Module: User

Extended by:

User

Included in:

User

Defined in:

lib/nub/user.rb

Overview

Some user related helper methods

Instance Method Summary

• #drop_privileges ⇒ Object

  Drop root privileges to original user.

• #drop_privileges! ⇒ Object

  Correctly and permanently drops privileges timetobleed.com/5-things-you-dont-know-about-user-ids-that-will-destroy-you/ requires you drop the group before the user and use a safe solution.

• #name ⇒ Object

  Get the real user taking into account sudo priviledges.

• #raise_privileges(uid, gid) ⇒ Object

  Raise privileges if dropped earlier.

• #root? ⇒ Boolean

  Check if the current user has root privileges.

Instance Method Details

#drop_privileges ⇒ Object

Drop root privileges to original user

Parameters:

• optional (Proc) —

  block to execut in context of user

# File 'lib/nub/user.rb', line 53

def drop_privileges
  result = nil
  uid = gid = nil

  # Drop privileges
  if Process.uid.zero?
    uid, gid = Process.uid, Process.gid
    user_uid = ENV['SUDO_UID'].to_i
    user_gid = ENV['SUDO_GID'].to_i
    Process::GID.grant_privilege(user_gid)
    Process::UID.grant_privilege(user_uid)
  end

  # Execute block if given
  begin
    result = Proc.new.call
    self.raise_privileges(uid, gid)
  rescue ArgumentError
    # No block given just return ids
    result = [uid, gid]
  rescue
    self.raise_privileges(uid, gid)
  end

  return result
end

#drop_privileges! ⇒ Object

Correctly and permanently drops privileges timetobleed.com/5-things-you-dont-know-about-user-ids-that-will-destroy-you/ requires you drop the group before the user and use a safe solution

# File 'lib/nub/user.rb', line 42

def drop_privileges!
  if Process.uid.zero?
    nobody = Etc.getpwnam('nobody')
    Process::Sys.setresgid(nobody.gid, nobody.gid, nobody.gid)
    Process::Sys.setresuid(nobody.uid, nobody.uid, nobody.uid)
  end
end

#name ⇒ Object

Get the real user taking into account sudo priviledges

# File 'lib/nub/user.rb', line 35

def name
  return Process.uid.zero? ? Etc.getpwuid(ENV['SUDO_UID'].to_i).name : ENV['USER']
end

#raise_privileges(uid, gid) ⇒ Object

Raise privileges if dropped earlier

Parameters:

• uid (String) —

  uid of user to assume

• gid (String) —

  gid of user to assume

# File 'lib/nub/user.rb', line 83

def raise_privileges(uid, gid)
  if uid and gid
    Process::UID.grant_privilege(uid)
    Process::GID.grant_privilege(gid)
  end
end

#root? ⇒ Boolean

Check if the current user has root privileges

Returns:

• (Boolean)

# File 'lib/nub/user.rb', line 30

def root?
  return Process.uid.zero?
end