From: Geert Stappers <stappers@stappers.nl>
To: mlmmj@mlmmj.org
Subject: [mlmmj] mlmmj-chown
Date: Sat, 03 Jun 2017 14:23:34 +0000 [thread overview]
Message-ID: <20170603142334.GE32244@gpm.stappers.nl> (raw)
[-- Attachment #1: Type: text/plain, Size: 1002 bytes --]
Summary: making possible that user can do
chown -R mlmmj $MLMMJ_TOPDIR
Hello,
Those who want and did
chown -R mlmmj /var/spool/mlmmj/teamfoo
will have seen
chown: changing ownership of '/var/spool/mlmmj/teamfoo/index': Operation not permitted
chown: changing ownership of '/var/spool/mlmmj/teamfoo/requeue': Operation not permitted
chown: changing ownership of '/var/spool/mlmmj/teamfoo/moderation': Operation not permitted
chown: changing ownership of '/var/spool/mlmmj/teamfoo/mlmmj-maintd.lastrun.log': Operation not permitted
and are tempted to do
sudo chown -R mlmmj /var/spool/mlmmj/teamfoo
But `sudo` is not allowed for all users and surely not wanted
for webusers ( the operating system user that runs the webserver process )
And sudo privilege is overkill for only the CAP_CHOWN capability is needed.
However setting CAP_CHOWN on a script has no effect, a binary is neeed.
Find attached the source for such binary.
Groeten
Geert Stappers
--
Leven en laten leven
[-- Attachment #2: mlmmj-chown.c --]
[-- Type: text/x-csrc, Size: 2572 bytes --]
/*
*
* mlmmj-chown /abso/lute/path/to/mlmmj/list
*
* programm for non-root to change ownership to mlmmj user
*
*
* to build do
* gcc -o mlmmj-chown -D MLMMJ_USER=\"mlmmj\" mlmmj-chown.c
*
* you have to do
* sudo /sbin/setcap cap_chown+ep ./mlmmj-chown
* before using
*
* (C) 2017 Geert Stappers <stappers@stappers.it>
* Same license as mlmmj,
* it is okay to use this programm outside the mlmmj project
*
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
#include <pwd.h>
#ifndef MLMMJ_USER
#define MLMMJ_USER "mlmmj"
#endif
/* Global variables */
int verbose ;
uid_t uid ;
static void chownR( const char *fname ) ;
int main(int argc, char *argv[])
{
int opt ;
struct passwd *pwd;
verbose = 0 ;
while ((opt = getopt(argc, argv, "v")) != -1) {
switch (opt) {
case 'v':
verbose = 1;
break;
default:
fprintf(stderr, "Usage: %s [-v] /p/a/t/h\n",
argv[0]);
exit(EXIT_FAILURE);
}
}
if (verbose) printf("Verbose flag is set.\n");
if ( optind >= argc ) {
fprintf(stderr, "Missing /p/a/t/h\n");
exit(EXIT_FAILURE);
}
if (verbose) printf("Path argument '%s'\n", argv[optind]);
/* Wish:
* tests on valid user input for the path to mlmmj listdir
*/
pwd = getpwnam(MLMMJ_USER);
if (pwd == NULL) {
fprintf(stderr,
"No user '%s' in getent passwd.\n", MLMMJ_USER);
exit(EXIT_FAILURE);
}
uid = pwd->pw_uid;
if (verbose) printf("User ID of '%s' is %d.\n", MLMMJ_USER, uid);
/* Start change owner */
if (chown(argv[optind], uid, -1) == -1) {
perror("chown");
fprintf(stderr, "for %s\n", argv[optind] );
exit(EXIT_FAILURE);
}
/* and continue recursive */
chownR(argv[optind]);
if (verbose) printf("Done.\n");
exit(EXIT_SUCCESS);
}
void chownR( const char *fname )
{
DIR *dir;
struct dirent *entry;
if (!(dir = opendir(fname)))
return;
if (!(entry = readdir(dir)))
return;
do {
char path[1024];
int len = snprintf(path, sizeof(path)-1,
"%s/%s", fname, entry->d_name);
path[len] = 0;
if (entry->d_type == DT_DIR) {
if (strcmp(entry->d_name, ".") == 0
|| strcmp(entry->d_name, "..") == 0)
continue;
if (verbose) printf("d %s\n", path);
if (chown(path, uid, -1) == -1) {
perror("chown");
fprintf(stderr, "on directory %s\n", path );
}
chownR(path);
}
else {
if (verbose) printf("f %s\n", path);
if (chown(path, uid, -1) == -1) {
perror("chown");
fprintf(stderr, "on file %s\n", path );
}
}
} while (entry = readdir(dir));
closedir(dir);
}
/* l l */
next reply other threads:[~2017-06-03 14:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-03 14:23 Geert Stappers [this message]
2017-06-03 14:50 ` [mlmmj] mlmmj-chown Marvin Gülker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170603142334.GE32244@gpm.stappers.nl \
--to=stappers@stappers.nl \
--cc=mlmmj@mlmmj.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).