Module: Puppet::Util::SUIDManager

Extended by:

Forwardable

Includes:

Warnings

Defined in:

lib/puppet/util/suidmanager.rb

Class Method Summary

• .asuser(new_uid = nil, new_gid = nil) ⇒ Object

  Runs block setting uid and gid if provided then restoring original ids.

• .convert_xid(type, id) ⇒ Object

  Make sure the passed argument is a number.

• .groups=(grouplist) ⇒ Object
• .initgroups(user) ⇒ Object

  Initialize supplementary groups.

• .osx_maj_ver ⇒ Object
• .root? ⇒ Boolean
• .run_and_capture(command, new_uid = nil, new_gid = nil) ⇒ Object
• .system(command, new_uid = nil, new_gid = nil) ⇒ Object

Methods included from Warnings

clear_warnings, notice_once, warnonce

Class Method Details

.asuser(new_uid = nil, new_gid = nil) ⇒ Object

Runs block setting uid and gid if provided then restoring original ids

# File 'lib/puppet/util/suidmanager.rb', line 50

def asuser(new_uid=nil, new_gid=nil)
  return yield if Puppet.features.microsoft_windows? or !root?

  # We set both because some programs like to drop privs, i.e. bash.
  old_uid, old_gid = self.uid, self.gid
  old_euid, old_egid = self.euid, self.egid
  old_groups = self.groups
  begin
    self.egid = convert_xid :gid, new_gid if new_gid
    self.initgroups(convert_xid(:uid, new_uid)) if new_uid
    self.euid = convert_xid :uid, new_uid if new_uid

    yield
  ensure
    self.euid, self.egid = old_euid, old_egid
    self.groups = old_groups
  end
end

.convert_xid(type, id) ⇒ Object

Make sure the passed argument is a number.

Raises:

• (ArgumentError)

# File 'lib/puppet/util/suidmanager.rb', line 71

def convert_xid(type, id)
  map = {:gid => :group, :uid => :user}
  raise ArgumentError, "Invalid id type #{type}" unless map.include?(type)
  ret = Puppet::Util.send(type, id)
  if ret == nil
    raise Puppet::Error, "Invalid #{map[type]}: #{id}"
  end
  ret
end

.groups=(grouplist) ⇒ Object

# File 'lib/puppet/util/suidmanager.rb', line 30

def groups=(grouplist)
  if osx_maj_ver == '10.6'
    return true
  else
    return Process.groups = grouplist
  end
end

.initgroups(user) ⇒ Object

Initialize supplementary groups

# File 'lib/puppet/util/suidmanager.rb', line 83

def initgroups(user)
  require 'etc'
  Process.initgroups(Etc.getpwuid(user).name, Process.gid)
end

.osx_maj_ver ⇒ Object

# File 'lib/puppet/util/suidmanager.rb', line 16

def osx_maj_ver
  return @osx_maj_ver unless @osx_maj_ver.nil?
  require 'facter'
  # 'kernel' is available without explicitly loading all facts
  if Facter.value('kernel') != 'Darwin'
    @osx_maj_ver = false
    return @osx_maj_ver
  end
  # But 'macosx_productversion_major' requires it.
  Facter.loadfacts
  @osx_maj_ver = Facter.value('macosx_productversion_major')
end

.root? ⇒ Boolean

# File 'lib/puppet/util/suidmanager.rb', line 45

def self.root?
  Process.uid == 0
end

.run_and_capture(command, new_uid = nil, new_gid = nil) ⇒ Object

# File 'lib/puppet/util/suidmanager.rb', line 90

def run_and_capture(command, new_uid=nil, new_gid=nil)
  output = Puppet::Util.execute(command, :failonfail => false, :combine => true, :uid => new_uid, :gid => new_gid)
  [output, $CHILD_STATUS.dup]
end

.system(command, new_uid = nil, new_gid = nil) ⇒ Object

# File 'lib/puppet/util/suidmanager.rb', line 96

def system(command, new_uid=nil, new_gid=nil)
  status = nil
  asuser(new_uid, new_gid) do
    Kernel.system(command)
    status = $CHILD_STATUS.dup
  end
  status
end