/*++ /* NAME /* chroot_uid 3 /* SUMMARY /* limit possible damage a process can do /* SYNOPSIS /* #include <chroot_uid.h> /* /* void chroot_uid(root_dir, user_name) /* const char *root_dir; /* const char *user_name; /* DESCRIPTION /* \fBchroot_uid\fR changes the process root to \fIroot_dir\fR and /* changes process privileges to those of \fIuser_name\fR. /* DIAGNOSTICS /* System call errors are reported via the msg(3) interface. /* All errors are fatal. /* LICENSE /* .ad /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ /* System library. */ #include <sys_defs.h> #include <pwd.h> #include <unistd.h> #include <grp.h> /* Utility library. */ #include "msg.h" #include "chroot_uid.h" /* chroot_uid - restrict the damage that this program can do */ void chroot_uid(const char *root_dir, const char *user_name) { struct passwd *pwd; uid_t uid; gid_t gid; /* * Look up the uid/gid before entering the jail, and save them so they * can't be clobbered. Set up the primary and secondary groups. */ if (user_name != 0) { if ((pwd = getpwnam(user_name)) == 0) msg_fatal("unknown user: %s", user_name); uid = pwd->pw_uid; gid = pwd->pw_gid; if (setgid(gid) < 0) msg_fatal("setgid(%ld): %m", (long) gid); if (initgroups(user_name, gid) < 0) msg_fatal("initgroups: %m"); } /* * Enter the jail. */ if (root_dir) { if (chroot(root_dir)) msg_fatal("chroot(%s): %m", root_dir); if (chdir("/")) msg_fatal("chdir(/): %m"); } /* * Drop the user privileges. */ if (user_name != 0) if (setuid(uid) < 0) msg_fatal("setuid(%ld): %m", (long) uid); /* * Give the desperate developer a clue of what is happening. */ if (msg_verbose > 1) msg_info("chroot %s user %s", root_dir ? root_dir : "(none)", user_name ? user_name : "(none)"); }