summaryrefslogtreecommitdiffstats
path: root/usr.sbin/jail
diff options
context:
space:
mode:
authormaxim <maxim@FreeBSD.org>2004-05-29 18:39:27 +0000
committermaxim <maxim@FreeBSD.org>2004-05-29 18:39:27 +0000
commit872614c8b30f45e6f74f24ea4a80280a5072d96e (patch)
treef6592e8301c4bf7c7b8aae2cfebadb761e5194ba /usr.sbin/jail
parente8757e8b1e95f52354d58f8eab92007e3e306f4b (diff)
downloadFreeBSD-src-872614c8b30f45e6f74f24ea4a80280a5072d96e.zip
FreeBSD-src-872614c8b30f45e6f74f24ea4a80280a5072d96e.tar.gz
o Implement -U flag: run command as user which exists only in jail.
o getpwnam(3) returns NULL and does not set errno when the user does not exist. Bail out with "no such user" instead of "Unknown error: 0". PR: bin/67262 Submitted by: demon (-U flag) MFC after: 3 weeks
Diffstat (limited to 'usr.sbin/jail')
-rw-r--r--usr.sbin/jail/jail.88
-rw-r--r--usr.sbin/jail/jail.c51
2 files changed, 40 insertions, 19 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 21ff002..53544f1 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -42,7 +42,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl i
-.Op Fl u Ar username
+.Op Fl u Ar username | Fl U Ar username
.Ar path hostname ip-number command ...
.Sh DESCRIPTION
The
@@ -54,7 +54,11 @@ The options are as follows:
.It Fl i
Output the jail identifier of the newly created jail.
.It Fl u Ar username
-The user name as whom the
+The user name from host environment as whom the
+.Ar command
+should run.
+.It Fl U Ar username
+The user name from jailed environment as whom the
.Ar command
should run.
.It Ar path
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index 3eb1293..1e5ff9b 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -17,6 +17,7 @@ __FBSDID("$FreeBSD$");
#include <arpa/inet.h>
#include <err.h>
+#include <errno.h>
#include <grp.h>
#include <login_cap.h>
#include <pwd.h>
@@ -27,6 +28,22 @@ __FBSDID("$FreeBSD$");
static void usage(void);
+#define GET_USER_INFO do { \
+ pwd = getpwnam(username); \
+ if (pwd == NULL) { \
+ if (errno) \
+ err(1, "getpwnam: %s", username); \
+ else \
+ errx(1, "%s: no such user", username); \
+ } \
+ lcap = login_getpwclass(pwd); \
+ if (lcap == NULL) \
+ err(1, "getpwclass: %s", username); \
+ ngroups = NGROUPS; \
+ if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0) \
+ err(1, "getgrouplist: %s", username); \
+} while (0)
+
int
main(int argc, char **argv)
{
@@ -34,19 +51,24 @@ main(int argc, char **argv)
struct jail j;
struct passwd *pwd;
struct in_addr in;
- int ch, groups[NGROUPS], i, iflag, ngroups;
+ int ch, groups[NGROUPS], i, iflag, ngroups, uflag, Uflag;
char *username;
- iflag = 0;
+ iflag = uflag = Uflag = 0;
username = NULL;
- while ((ch = getopt(argc, argv, "iu:")) != -1) {
+ while ((ch = getopt(argc, argv, "iu:U:")) != -1) {
switch (ch) {
case 'i':
iflag = 1;
break;
case 'u':
username = optarg;
+ uflag = 1;
+ break;
+ case 'U':
+ username = optarg;
+ Uflag = 1;
break;
default:
usage();
@@ -56,18 +78,10 @@ main(int argc, char **argv)
argv += optind;
if (argc < 4)
usage();
-
- if (username != NULL) {
- pwd = getpwnam(username);
- if (pwd == NULL)
- err(1, "getpwnam: %s", username);
- lcap = login_getpwclass(pwd);
- if (lcap == NULL)
- err(1, "getpwclass: %s", username);
- ngroups = NGROUPS;
- if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)
- err(1, "getgrouplist: %s", username);
- }
+ if (uflag && Uflag)
+ usage();
+ if (uflag)
+ GET_USER_INFO;
if (chdir(argv[0]) != 0)
err(1, "chdir: %s", argv[0]);
memset(&j, 0, sizeof(j));
@@ -85,6 +99,8 @@ main(int argc, char **argv)
fflush(stdout);
}
if (username != NULL) {
+ if (Uflag)
+ GET_USER_INFO;
if (setgroups(ngroups, groups) != 0)
err(1, "setgroups");
if (setgid(pwd->pw_gid) != 0)
@@ -103,7 +119,8 @@ static void
usage(void)
{
- (void)fprintf(stderr,
- "usage: jail [-i] [-u username] path hostname ip-number command ...\n");
+ (void)fprintf(stderr, "%s%s\n",
+ "usage: jail [-i] [-u username | -U username]",
+ " path hostname ip-number command ...");
exit(1);
}
OpenPOWER on IntegriCloud