elvis 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE.md +13 -0
- data/README.md +16 -0
- data/lib/elvis.rb +71 -0
- metadata +70 -0
data/LICENSE.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
Copyright 2011 Square Inc.
|
|
2
|
+
|
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
you may not use this file except in compliance with the License.
|
|
5
|
+
You may obtain a copy of the License at
|
|
6
|
+
|
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
|
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
See the License for the specific language governing permissions and
|
|
13
|
+
limitations under the License.
|
data/README.md
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
Elvis synopsis
|
|
2
|
+
============================
|
|
3
|
+
|
|
4
|
+
system "id"
|
|
5
|
+
Elvis.run_as(nobody) {
|
|
6
|
+
system "id"
|
|
7
|
+
}
|
|
8
|
+
system "id"
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
Elvis limitations
|
|
12
|
+
============================
|
|
13
|
+
|
|
14
|
+
* Elvis currently supports linux and OSX. set*id() functions behave very differently on different unixes, patches welcome.
|
|
15
|
+
* Elvis cannot be used with JRuby because of the JVM model. Instead, spawn a subprocess.
|
|
16
|
+
* Elvis cannot be used in conjunction with threads, as it modifies process global state.
|
data/lib/elvis.rb
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
#!/usr/bin/ruby
|
|
2
|
+
|
|
3
|
+
require 'etc'
|
|
4
|
+
|
|
5
|
+
module Elvis
|
|
6
|
+
|
|
7
|
+
def Elvis.check_threads
|
|
8
|
+
if Thread.list.length != 1
|
|
9
|
+
raise "Elvis.run_as cannot be used with threads"
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
arch, os = RUBY_PLATFORM.split('-')
|
|
13
|
+
if os =~ /^darwin/
|
|
14
|
+
def Elvis.run_as(user)
|
|
15
|
+
check_threads
|
|
16
|
+
pw = Etc.getpwnam(user)
|
|
17
|
+
|
|
18
|
+
original_uid = Process.euid
|
|
19
|
+
original_gid = Process.egid
|
|
20
|
+
original_groups = Process.groups
|
|
21
|
+
begin
|
|
22
|
+
Process::Sys.setregid(pw.gid, pw.gid)
|
|
23
|
+
Process.initgroups(user, pw.gid)
|
|
24
|
+
Process::Sys.seteuid(pw.uid)
|
|
25
|
+
Process::Sys.setreuid(pw.uid, -1)
|
|
26
|
+
|
|
27
|
+
yield
|
|
28
|
+
ensure
|
|
29
|
+
Process::Sys.setreuid(original_uid, original_uid)
|
|
30
|
+
Process::Sys.setregid(original_gid, original_gid)
|
|
31
|
+
Process.groups = original_groups
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
elsif os == "linux"
|
|
35
|
+
def Elvis.run_as(user)
|
|
36
|
+
check_threads
|
|
37
|
+
pw = Etc.getpwnam(user)
|
|
38
|
+
|
|
39
|
+
original_uid = Process.euid
|
|
40
|
+
original_gid = Process.egid
|
|
41
|
+
original_groups = Process.groups
|
|
42
|
+
begin
|
|
43
|
+
Process::Sys.setresgid(pw.gid, pw.gid, -1)
|
|
44
|
+
Process.initgroups(user, pw.gid)
|
|
45
|
+
Process::Sys.setresuid(pw.uid, pw.uid, -1)
|
|
46
|
+
|
|
47
|
+
yield
|
|
48
|
+
ensure
|
|
49
|
+
Process::Sys.setresuid(original_uid, original_uid, -1)
|
|
50
|
+
Process::Sys.setresgid(original_gid, original_gid, -1)
|
|
51
|
+
Process.groups = original_groups
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
else
|
|
55
|
+
raise "unknown platform: #{RUBY_PLATFORM}. set*id() functions do not have reliable behavior between systems."
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
if __FILE__ == $0
|
|
60
|
+
print "Starting up as: "
|
|
61
|
+
system "id"
|
|
62
|
+
begin
|
|
63
|
+
Elvis.run_as(ARGV.first) {
|
|
64
|
+
print "inside block as: "
|
|
65
|
+
system "id"
|
|
66
|
+
}
|
|
67
|
+
ensure
|
|
68
|
+
print "outside block as: "
|
|
69
|
+
system "id"
|
|
70
|
+
end
|
|
71
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: elvis
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
hash: 29
|
|
5
|
+
prerelease:
|
|
6
|
+
segments:
|
|
7
|
+
- 0
|
|
8
|
+
- 0
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.0.1
|
|
11
|
+
platform: ruby
|
|
12
|
+
authors:
|
|
13
|
+
- Evan Miller
|
|
14
|
+
autorequire:
|
|
15
|
+
bindir: bin
|
|
16
|
+
cert_chain: []
|
|
17
|
+
|
|
18
|
+
date: 2012-08-24 00:00:00 Z
|
|
19
|
+
dependencies: []
|
|
20
|
+
|
|
21
|
+
description: When you're root, sometimes it's handy to drop privileges temporarily to impersonate a user
|
|
22
|
+
email:
|
|
23
|
+
- evan@squareup.com
|
|
24
|
+
executables: []
|
|
25
|
+
|
|
26
|
+
extensions: []
|
|
27
|
+
|
|
28
|
+
extra_rdoc_files:
|
|
29
|
+
- LICENSE.md
|
|
30
|
+
files:
|
|
31
|
+
- lib/elvis.rb
|
|
32
|
+
- README.md
|
|
33
|
+
- LICENSE.md
|
|
34
|
+
homepage: https://github.com/square/prodeng/tree/master/elvis
|
|
35
|
+
licenses: []
|
|
36
|
+
|
|
37
|
+
post_install_message:
|
|
38
|
+
rdoc_options:
|
|
39
|
+
- --charset=UTF-8
|
|
40
|
+
require_paths:
|
|
41
|
+
- lib
|
|
42
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
43
|
+
none: false
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
hash: 3
|
|
48
|
+
segments:
|
|
49
|
+
- 0
|
|
50
|
+
version: "0"
|
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
52
|
+
none: false
|
|
53
|
+
requirements:
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
hash: 23
|
|
57
|
+
segments:
|
|
58
|
+
- 1
|
|
59
|
+
- 3
|
|
60
|
+
- 6
|
|
61
|
+
version: 1.3.6
|
|
62
|
+
requirements: []
|
|
63
|
+
|
|
64
|
+
rubyforge_project:
|
|
65
|
+
rubygems_version: 1.8.24
|
|
66
|
+
signing_key:
|
|
67
|
+
specification_version: 3
|
|
68
|
+
summary: Elvis impersonates users
|
|
69
|
+
test_files: []
|
|
70
|
+
|