Module: Fusuma::Plugin::Appmatcher::UserSwitcher

Includes:

CustomProcess

Included in:

Gnome, GnomeExtension, GnomeExtensions::Installer, UnsupportedBackend, X11

Defined in:

lib/fusuma/plugin/appmatcher/user_switcher.rb

Overview

Drop sudo privileges

Defined Under Namespace

Classes: User

Class Method Summary

• .login_user ⇒ Object

Instance Method Summary

• #as_user(user = login_user, proctitle:) ⇒ Object

  Execute the provided block in a child process as the specified user The parent blocks until the child finishes.

• #drop_priv(user) ⇒ Object

  Drops privileges to that of the specified user.

Class Method Details

.login_user ⇒ Object

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 33

def login_user
  @login_user ||= begin
    username = ENV["SUDO_USER"] || Etc.getlogin
    uid = `id -u #{username}`.chomp.to_i
    gid = `id -g #{username}`.chomp.to_i
    User.new(username, uid, gid)
  end
end

Instance Method Details

#as_user(user = login_user, proctitle:) ⇒ Object

Execute the provided block in a child process as the specified user The parent blocks until the child finishes.

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 23

def as_user(user = login_user, proctitle:)
  self.proctitle = "#{self.class.name.underscore}(#{user.username}) -> #{proctitle}"

  fork do
    drop_priv(user)
    yield(user) if block_given?
  end
end

#drop_priv(user) ⇒ Object

Drops privileges to that of the specified user

# File 'lib/fusuma/plugin/appmatcher/user_switcher.rb', line 14

def drop_priv(user)
  # Process.initgroups(user.username, user.gid)
  Process::Sys.setegid(user.gid)
  Process::Sys.setgid(user.gid)
  Process::Sys.setuid(user.uid)
end