BSD setusercontext(3) equivalent?
Thorsten Glaser
tg at debian.org
Mon Nov 1 21:25:45 UTC 2021
Hi,
I’m currently trying to *properly* port a utility¹ that uses the BSD
auth call setusercontext(3)² to switch to a user account. The function³
bundles quite an amount of things (this utility asks it for all except
setlogin(2)⁴ because it does not detach from the parent session):
• set ulimits configured for the target user
• set priority (niceness) if configured
• set umask
• set the group vector and primary group (setgid(2))
• [not here] setlogin(2)
• switches to the user (seteuid and setuid)
• initialises the user’s environment and $PATH
It specifically does not change the directory, though (the application
does that beforehand, if possible).
The application in question is somewhat like cron or su. It’s called
nightly from cron(8) running as root, forking for every user account
(iterating over getpwent(3) in a loop) that qualifies (does not have
a nomail file but has a calendar file); in the child process, it then
switches to the user (as shown above), checks for nomail/calendar file
existence if not possible beforehand (e.g. home directory automounted
or (NFS) not accessible to root), then does its thing (forking cpp(1)
and sendmail(8) in the middle), then exits. “Doing its thing” notably
does NOT involve forking or exiting something else, just calling its
“main” function cal(), so here it is unlike su(8) and cron(8).
I found http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html
but it talks so much about authentification, which there is none here
(it’s intended so that root can switch to any user), while not telling
me enough to do the actual switching. Or at least not in a comprehen‐
sible (to me) way. It talks about sessions and credentials, but so
delightfully vague I cannot make heads or tails out of it.
Can anyone please help me in porting this? Maybe someone already has
made a drop-in replacement for setusercontext(3), even? I’ve not found
one in the usual places (portable OpenBSD software; OpenSSH’s account
management is much more complex and designed differently). I see
https://sources.debian.org/src/cron/3.0pl1-137/debian/patches/features/PAM-support-for-jobs.patch/
but it has no explanation, and I’m not sure how much of this either
is applicable to or sufficient for my scenario. (Also unsure if it’s
indeed possible to drop in or whether I need to call PAM again before
exitting, which, unless I can use atexit, is going to be tricky to
impossible.)
① https://github.com/MirBSD/calendar/
② http://www.mirbsd.org/man3/setusercontext
③ http://www.mirbsd.org/cvs.cgi/src/lib/libc/gen/login_cap.c?rev=HEAD
near line 600
③ http://www.mirbsd.org/man2/setlogin
Thanks in advance,
//mirabilos
--
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence. -- Coywolf Qi Hunt
More information about the Pam-list
mailing list