Drop privileges

1 files changed, 49 insertions, 0 deletions

diff --git a/privileges.cpp b/privileges.cpp
new file mode 100644
index 0000000..94f1fed
--- /dev/null
+++ b/privileges.cpp
@@ -0,0 +1,49 @@
+#include "privileges.h"
+
+#include <cstdlib>
+#include <iostream>
+#include <string>
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "config.h"
+
+using namespace std::string_literals;
+
+namespace {
+
+ int get_number_from_process(std::string command) {
+  char value[100];
+
+  FILE* p = popen(command.data(), "r");
+  if (p == NULL)
+   throw std::runtime_error("Error executing: "s + command);
+
+  if (fgets(value, sizeof(value), p) == NULL)
+   throw std::runtime_error("Error reading from command: "s + command);
+
+  pclose(p);
+
+  return atoi(value);
+ }
+
+}
+
+void drop_privileges(const Config& config)
+{
+ // skip when run as user
+ if (geteuid() != 0) {
+  std::cout << "Note: not running as root -> not dropping privileges" << std::endl;
+  return;
+ }
+
+ int gid = get_number_from_process("id -g "s + config.Group());
+ if (setgid(gid) == -1)
+  throw std::runtime_error("setgid()");
+ 
+ int uid = get_number_from_process("id -u "s + config.User());
+ if (setuid(uid) == -1)
+  throw std::runtime_error("setuid()");
+}
+