On Fri, 24.06.11 14:39, Michal Vyskocil ([email protected]) wrote:
> Add -u/--user option, which changes the effective and real user and
> group id to the new value. The user must exists in the chroot, otherwise
> it will fail. Both username and user id are accepted.
Sounds sensible, though I do wonder about the ultimate usefulness of
this given that this requires user settings configured on the host
systems in a way that makes sense in the container too. (i.e. the $HOME
and UID/GID of the user must be in sync in host and in container). Or am
I missing something?
> +static struct passwd *getpwun(const char* user) {
> +
> + struct passwd *pw;
> +
> + pw = getpwnam(user);
> +
> + if (!pw && isdigits(user)) {
> + pw = getpwuid((uid_t)atoi(user));
> + }
> +
> + if (! (pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir &&
> pw->pw_dir[0]
> + && pw->pw_passwd)) {
> + log_error("user name or id %s does not exist: %m", user);
> + return NULL;
> + }
Please work the other way here. Use "safe_atou()" first on the
username, and if that works it's a numeric uid. If it doesn't try
getpwnam(). Code that already does this you find in get_user_creds() in
execute.c.
> + mkdir_p(pw->pw_dir, 0755);
> + if (chown(pw->pw_dir, pw->pw_uid, pw->pw_gid) < 0) {
> + log_error("chown(%s) failed: %m",
> pw->pw_dir);
> + goto child_fail;
> + }
Please use safe_mkdir() here.
Lennart
--
Lennart Poettering - Red Hat, Inc.
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
