2 ** Copyright (C) 2000 by Kevin L. Mitchell <klmitch@mit.edu>
4 ** This program is free software; you can redistribute it and/or modify
5 ** it under the terms of the GNU General Public License as published by
6 ** the Free Software Foundation; either version 2 of the License, or
7 ** (at your option) any later version.
9 ** This program is distributed in the hope that it will be useful,
10 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
11 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 ** GNU General Public License for more details.
14 ** You should have received a copy of the GNU General Public License
15 ** along with this program; if not, write to the Free Software
16 ** Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <sys/types.h>
27 #include <sys/resource.h>
31 * Try and find the correct name to use with getrlimit() for setting the max.
32 * number of files allowed to be open by this process.
34 * Shamelessly stolen from ircu...
37 #define RLIMIT_FD_MAX RLIMIT_FDMAX
40 #define RLIMIT_FD_MAX RLIMIT_NOFILE
42 #ifdef RLIMIT_OPEN_MAX
43 #define RLIMIT_FD_MAX RLIMIT_OPEN_MAX
45 #error Unable to find a valid RLIMIT_FD_MAX
51 * Set the hard and soft limits for maximum file descriptors.
54 set_fdlimit(unsigned int max_descriptors)
58 limit.rlim_max = limit.rlim_cur = max_descriptors;
60 return setrlimit(RLIMIT_FD_MAX, &limit);
64 * Change directories to the indicated root directory, then make it the
68 change_root(char *root)
79 * Change the user and group ids--including supplementary groups!--as
83 change_user(char *user, char *group)
90 /* Track down a struct passwd describing the desired user */
91 uid = strtol(user, &tmp, 10); /* was the user given as a number? */
92 if (*tmp) { /* strtol() failed to parse; look up as a user name */
93 if (!(pwd = getpwnam(user)))
95 } else if (!(pwd = getpwuid(uid))) /* look up uid */
98 uid = pwd->pw_uid; /* uid to change to */
99 gid = pwd->pw_gid; /* default gid for user */
101 if (group) { /* a group was specified; track down struct group */
102 gid = strtol(group, &tmp, 10); /* was the group given as a number? */
103 if (*tmp) { /* strtol() failed to parse; look up as a group name */
104 if (!(grp = getgrnam(group)))
106 } else if (!(grp = getgrgid(gid))) /* look up gid */
109 gid = grp->gr_gid; /* set the gid */
112 if (initgroups(pwd->pw_name, gid)) /* initialize supplementary groups */
114 if (setgid(gid)) /* change our current group */
116 if (setuid(uid)) /* change our current user */
119 return 0; /* success! */
123 * Explain how to use this program.
126 usage(char *prog, int retval)
128 fprintf(stderr, "Usage: %s [-u <user>] [-g <group>] [-l <limit>] [-c <root>]"
129 " -- \\\n\t\t<cmd> [<cmdargs>]\n", prog);
130 fprintf(stderr, " %s -h\n", prog);
136 main(int argc, char **argv)
139 char *prog, *user = 0, *group = 0, *root = 0;
141 /* determine program name for error reporting */
142 if ((prog = strrchr(argv[0], '/')))
147 /* process command line arguments */
148 while ((c = getopt(argc, argv, "hu:g:l:c:")) > 0)
150 case 'h': /* requested help */
154 case 'u': /* suggested a user */
158 case 'g': /* suggested a group */
162 case 'l': /* file descriptor limit */
163 limit = strtol(optarg, 0, 10);
166 case 'c': /* select a root directory */
170 default: /* unknown command line argument */
175 /* Not enough arguments; we must have a command to execute! */
179 if (limit > 0) /* set the requested fd limit */
180 if (set_fdlimit(limit) < 0) {
185 if (root) /* change root directories */
186 if (change_root(root)) {
191 if (user) /* change to selected user account */
192 if (change_user(user, group)) {
197 /* execute the requested command */
198 execvp(argv[optind], argv + optind);
200 /* If we got here, execvp() failed; report the error */