2 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
3 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
5 /* user.c - set user id, group id and group access list
7 * Copyright 1999 by PM Lashley.
10 * Redistribution and use in source and binary forms are permitted only
11 * as authorized by the OpenLDAP Public License. A copy of this
12 * license is available at http://www.OpenLDAP.org/license.html or
13 * in file LICENSE in the top-level directory of the distribution.
18 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
22 #include <ac/stdlib.h>
32 #include <ac/unistd.h>
38 * Set real and effective user id and group id, and group access list
39 * The user and group arguments are freed.
43 slap_init_user( char *user, char *group )
47 int got_uid = 0, got_gid = 0;
51 if ( isdigit( (unsigned char) *user )) {
55 pwd = getpwuid( uid );
62 pwd = getpwnam( user );
65 Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
71 user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
86 if ( isdigit( (unsigned char) *group )) {
89 grp = getgrgid( gid );
93 grp = getgrnam( group );
98 Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
100 exit( EXIT_FAILURE );
108 if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
109 Debug( LDAP_DEBUG_ANY,
110 "Could not set the group access (gid) list\n", 0, 0, 0 );
111 exit( EXIT_FAILURE );
121 if ( setgid( gid ) != 0 ) {
122 Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
124 exit( EXIT_FAILURE );
127 if ( setegid( gid ) != 0 ) {
128 Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
130 exit( EXIT_FAILURE );
136 if ( setuid( uid ) != 0 ) {
137 Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
139 exit( EXIT_FAILURE );
142 if ( seteuid( uid ) != 0 ) {
143 Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
145 exit( EXIT_FAILURE );
151 #endif /* HAVE_PWD_H && HAVE_GRP_H */