1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#![cfg(unix)]
mod error;
pub use error::DropRootError;
use std::ffi::CString;
fn get_group_id_of(group_name: &str) -> Result<libc::gid_t, DropRootError> {
let group_record = unsafe { libc::getgrnam(CString::new(group_name)?.as_ptr()) };
if group_record.is_null() {
log::error!("Unable to getgrnam of the group {}", group_name);
return Err(DropRootError::last_os_error());
}
let group_id = unsafe { (*group_record).gr_gid };
return Ok(group_id);
}
fn get_user_id_of(user_name: &str) -> Result<libc::gid_t, DropRootError> {
let passwd_record = unsafe { libc::getpwnam(CString::new(user_name)?.as_ptr()) };
if passwd_record.is_null() {
log::error!("Unable to getpwnam of the user {}", user_name);
return Err(DropRootError::last_os_error());
}
let user_id = unsafe { (*passwd_record).pw_uid };
return Ok(user_id);
}
pub fn set_group(group_name: &str) -> Result<(), DropRootError> {
let group_id = get_group_id_of(group_name)?;
if unsafe { libc::setgid(group_id) } != 0 {
log::error!("Unable to setgid of group {}", group_name);
return Err(DropRootError::last_os_error());
}
return Ok(());
}
pub fn set_user(user_name: &str) -> Result<(), DropRootError> {
let user_id = get_user_id_of(user_name)?;
if unsafe { libc::setuid(user_id) } != 0 {
log::error!("Unable to setuid of user {}", user_name);
return Err(DropRootError::last_os_error());
}
return Ok(());
}
pub fn set_user_group(user: &str, group: &str) -> Result<(), DropRootError> {
set_group(group)?;
set_user(user)?;
log::info!("Process privilages changed to {}:{}", user, group);
return Ok(());
}