-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix FreeBSD credentials #40
Comments
Why don't use POSIX::setuid() to set effective and real uids in one call? It should work on most posix systems. |
This might work, thanks, I didn't know about it. |
Yes it is not easy to set complementary groups, because there is no getgrent in POSIX module. But settings complementary is non-obvious and in most cases not expected feature. If in config written: If complementary is explicitly set in config, it is possible to set credential under FreeBSD with code like this: use POSIX;
my $user = 'citrin';
my @groups = qw(citrin quagga);
my $gid = (getgrnam $groups[0])[2];
my $groups = join ' ', map { (getgrnam $_)[2] } @groups;
$) = $gid.' '.$groups;
setgid($gid) or die $!;
setuid( (getpwnam($user))[2] ) or die $!; |
Wait, where is it documented? Ubic uses main/complementary groups of user only if no groups are explicitly specified. Thank you for the code sample. I'll try to check if it works on all platforms. BTW, my long-term plan is to separate credentials code into a separate distribution ( |
Yes, may fault, I misread the doc. |
Ubic::Credentials::POSIX
doesn't work on FreeBSD. It has something to do with the order of setting effective and real uid (and also gids).I tried to fix it in 1.39, but turned out perl activates the tainted mode in this case, so since 1.43 release we're back at "works on linux and broken on freebsd".
It works fine on MacOSX, though.
The text was updated successfully, but these errors were encountered: