argument to change uid/gid

Author: cathugger

cmd/yggdrasil/chuser_other.go

@@ -0,0 +1,10 @@
+//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris
+// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris
+
+package main
+
+import "errors"
+
+func chuser(user string) error {
+	return errors.New("setting uid/gid is not supported on this platform")
+}

cmd/yggdrasil/chuser_unix.go

@@ -0,0 +1,73 @@
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package main
+
+import (
+	"fmt"
+	osuser "os/user"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+func chuser(user string) error {
+	group := ""
+	if i := strings.IndexByte(user, ':'); i >= 0 {
+		user, group = user[:i], user[i+1:]
+	}
+
+	u := (*osuser.User)(nil)
+	g := (*osuser.Group)(nil)
+
+	if user != "" {
+		if _, err := strconv.ParseUint(user, 10, 32); err == nil {
+			u, err = osuser.LookupId(user)
+			if err != nil {
+				return fmt.Errorf("failed to lookup user by id %q: %v", user, err)
+			}
+		} else {
+			u, err = osuser.Lookup(user)
+			if err != nil {
+				return fmt.Errorf("failed to lookup user by name %q: %v", user, err)
+			}
+		}
+	}
+	if group != "" {
+		if _, err := strconv.ParseUint(group, 10, 32); err == nil {
+			g, err = osuser.LookupGroupId(group)
+			if err != nil {
+				return fmt.Errorf("failed to lookup group by id %q: %v", user, err)
+			}
+		} else {
+			g, err = osuser.LookupGroup(group)
+			if err != nil {
+				return fmt.Errorf("failed to lookup group by name %q: %v", user, err)
+			}
+		}
+	}
+
+	if g != nil {
+		gid, _ := strconv.ParseUint(g.Gid, 10, 32)
+		err := syscall.Setgid(int(gid))
+		if err != nil {
+			return fmt.Errorf("failed to setgid %d: %v", gid, err)
+		}
+	} else if u != nil {
+		gid, _ := strconv.ParseUint(u.Gid, 10, 32)
+		err := syscall.Setgid(int(gid))
+		if err != nil {
+			return fmt.Errorf("failed to setgid %d: %v", gid, err)
+		}
+	}
+
+	if u != nil {
+		uid, _ := strconv.ParseUint(u.Uid, 10, 32)
+		err := syscall.Setuid(int(uid))
+		if err != nil {
+			return fmt.Errorf("failed to setuid %d: %v", uid, err)
+		}
+	}
+
+	return nil
+}

cmd/yggdrasil/main.go

@@ -194,6 +194,7 @@ type yggArgs struct {
 	useconffile   string
 	logto         string
 	loglevel      string
+	chuser        string
 }
 
 func getArgs() yggArgs {
@@ -208,6 +209,7 @@ func getArgs() yggArgs {
 	getaddr := flag.Bool("address", false, "returns the IPv6 address as derived from the supplied configuration")
 	getsnet := flag.Bool("subnet", false, "returns the IPv6 subnet as derived from the supplied configuration")
 	loglevel := flag.String("loglevel", "info", "loglevel to enable")
+	chuser := flag.String("user", "", "user (and, optionally, group) to set UID/GID to")
 	flag.Parse()
 	return yggArgs{
 		genconf:       *genconf,
@@ -221,6 +223,7 @@ func getArgs() yggArgs {
 		getaddr:       *getaddr,
 		getsnet:       *getsnet,
 		loglevel:      *loglevel,
+		chuser:        *chuser,
 	}
 }
 
@@ -361,6 +364,13 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) {
 		logger.Errorln("An error occurred starting TUN/TAP:", err)
 	}
 	n.tuntap.SetupAdminHandlers(n.admin)
+	// Change user if requested
+	if args.chuser != "" {
+		err = chuser(args.chuser)
+		if err != nil {
+			panic(err)
+		}
+	}
 	// Make some nice output that tells us what our IPv6 address and subnet are.
 	// This is just logged to stdout for the user.
 	address := n.core.Address()