Expand description
§privdrop
A secure and comprehensive crate for privilege dropping in Unix-based systems.
§Overview
This crate provides a robust mechanism for privileged processes to safely drop their elevated permissions, a critical operation for services that need to start with root privileges but should run with minimal permissions afterward. It supports:
- Changing the root directory (chroot) to restrict filesystem access
- Switching to a non-root user to relinquish privileges
- Setting primary group memberships for proper resource access
- Managing supplementary groups for fine-grained permission control
All operations are performed atomically during the apply()
call, ensuring
security during the transition.
§Features
- Atomic Operations: All privilege-dropping actions occur in one atomic step
- Builder Pattern: Simple and flexible configuration interface
- Error Handling: Comprehensive error reporting with specific error types
- Safety Focused: Designed with security best practices
§Basic Example
use privdrop::PrivDrop;
fn main() {
PrivDrop::default()
.chroot("/var/empty")
.user("nobody")
.apply()
.unwrap_or_else(|e| panic!("Failed to drop privileges: {}", e));
// Continue running with dropped privileges...
}
§Advanced Example
use privdrop::PrivDrop;
fn main() {
PrivDrop::default()
.chroot("/var/empty") // Change root directory
.user("nobody") // Switch to non-root user
.group("nogroup") // Set primary group
.group_list(&["www-data", "adm"]) // Set supplementary groups
.include_default_supplementary_groups() // Include default groups
.fallback_to_ids_if_names_are_numeric() // Allow numeric IDs
.apply()
.unwrap_or_else(|e| panic!("Failed to drop privileges: {}", e));
// Continue running with dropped privileges...
}
§Safety Considerations
This crate performs privilege operations that require root access initially. All operations are executed in a specific order to ensure security:
- Preloading necessary resources before privilege drop to prevent deadlocks
- Looking up user and group IDs
- Performing chroot operations if configured
- Dropping privileges by changing user and group IDs
The system ensures that once privileges are dropped, they cannot be regained.
Modules§
- reexports
- Reexported dependencies for use in consuming crates.
Structs§
- Priv
Drop PrivDrop
structure for securely dropping privileges in Unix systems.- Priv
Drop Error - Error type for privilege dropping operations.
Enums§
- Error
Kind - Types of errors that can occur during privilege dropping operations.