func Drop(username string, files ...Inheritable) (bool, func() []error, error)
Drop works in two ways, depending on the privileges of the current process.
As the superuser (root), drop executes a new copy of the running program as the given user, blocks until that child program exits, then returns.
As the child process, drop returns without blocking. The current stdio streams, and zero-or-more "inheritable" files, are persisted and inherited by the new process.
If the first return argument is true, the caller is the root process and should exit immediately (e.g. by returning from main(), with os.Exit(), etc.)
The second return argument is a function. It is nil if the third argument is an error. In the child process, this calls the Close() method on each of the supplied Inheritable files. The caller may either Close() each Inheritable manually or typically simply defer this returned function. The returned []error argument from this function contains the errors returned by Inheritable Close() methods. In the root process, this returned function is always a no-op and does not need to be called.
func IsSuperuser() bool
IsSuperuser returns true iff the current user is root
func UserLookup(username string) (uid int, gid int, gids []int, err error)
UserLookup returns UID, GID, and Supplementary Group IDs
Inheritable interface describes a File-based handle that can be passed between a parent and child process across a dropping of privileges.
type Inheritable interface { // String returns some description of the resource. String() string // Open is called by the root process Open() (*os.File, error) // Inherit is called by the child process Inherit(*os.File) error // Close closes any resource generated by a call to Open or Inherit. Close() error }
InheritableFile is a file handle that survives a dropping of privileges.
type InheritableFile struct {
// contains filtered or unexported fields
}
func NewInheritableFile(path string, flags int, uid int, gid int, mode os.FileMode) *InheritableFile
NewInheritableFile returns an InhertiableFile that wraps a file handle that survives a dropping of privileges.
The parameters uid, gid, and mode, unless equal to -1, -1, or 0, set the user, group, and permissions of the file after it has been opened.
WARNING: if these values are supplied from a config file, that config file should be writable to root or system accounts only - otherwise, an attacker may edit the config file in such a way as to set the permissions of arbitrary files.
func (h InheritableFile) Close() error
func (h InheritableFile) Handle() *os.File
func (h *InheritableFile) Inherit(f *os.File) error
func (h *InheritableFile) Open() (*os.File, error)
func (h InheritableFile) String() string
InheritableNetListener is a net.Listener that survives a dropping of privileges.
Note that On JS and Windows, the File method of most Listeners are not implemented, so this will not work.
type InheritableNetListener struct {
// contains filtered or unexported fields
}
func NewInheritableTCPListener(address string) *InheritableNetListener
func NewInheritableUnixListener(address string, uid int, gid int, mode os.FileMode) *InheritableNetListener
NewInheritableUnixListener returns an InheritableNetListener for a UNIX socket.
The parameters uid, gid, and mode, unless equal to -1, -1, or 0, set the user, group, and permissions of the socket after it has been opened.
WARNING: if these values are supplied from a config file, that config file should be writable to root or system accounts only - otherwise, an attacker may edit the config file in such a way as to set the permissions of arbitrary files.
func (h *InheritableNetListener) Close() error
func (h InheritableNetListener) Handle() net.Listener
func (h *InheritableNetListener) Inherit(f *os.File) error
func (h *InheritableNetListener) Open() (*os.File, error)
func (h InheritableNetListener) String() string