1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
NAME
Privileges::Drop - A module to make it simple to drop all privileges,
even POSIX groups.
DESCRIPTION
This module tries to simplify the process of dropping privileges. This
can be useful when your Perl program needs to bind to privileged ports,
etc. This module is much like Proc::UID, except that it's implemented in
pure Perl. Special care has been taken to also drop saved uid on
platforms that support this, currently only test on on Linux.
SYNOPSIS
use Privileges::Drop;
# Do privileged stuff
# Drops privileges and sets euid/uid to 1000 and egid/gid to 1000.
drop_uidgid(1000, 1000);
# Drop privileges to user nobody looking up gid and uid with getpwname
# This also set the enviroment variables USER, LOGNAME, HOME and SHELL.
drop_privileges('nobody');
METHODS
drop_uidgid($uid, $gid, @groups)
Drops privileges and sets euid/uid to $uid and egid/gid to $gid.
Supplementary groups can be set in @groups.
drop_privileges($user)
Drops privileges to the $user, looking up gid and uid with getpwname
and calling drop_uidgid() with these arguments.
The environment variables USER, LOGNAME, HOME and SHELL are also set
to the values returned by getpwname.
Returns the $uid and $gid on success and dies on error.
NOTE: If drop_privileges() is called when you don't have root
privileges it will just return undef;
NOTES
As this module only uses Perl's build in function, it relies on them to
work correctly. That means setting $GID and $EGID should also call
setgroups(), something that might not have been the case before Perl
5.004. So if you are running an older version, Proc::UID might be a
better choice.
AUTHOR
Troels Liebe Bentsen <tlb@rapanden.dk>
COPYRIGHT
Copyright(C) 2007-2009 Troels Liebe Bentsen
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
|
