-
Notifications
You must be signed in to change notification settings - Fork 0
/
greenv
executable file
·96 lines (82 loc) · 2.12 KB
/
greenv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
#
# greenv
# start program as user with green environment (clean but sane)
#
# usage:
# - must be invoked as root (use sudo)
# - arg1: user to run as
# - argN: argument vector for program
#
# desc:
# - wraps program invocation as different user via sudo -u
# - only basic/minimal sanitized version of environment passed in
# - does not involve session layer, pam, etc
# - impetus for this program was originally a "gem install" user+wrapper
# - beyond that, useful to replace: su -lc "env - ENV=ENV1 ... args" user
#
# note:
# - redhat 'runuser' would work, but see debian bug 8700
# - waiting for upstream util-linux release
# - update: may be deprecated; runuser now is in jessie
# - update: debian runuser starts login shell, uses pam?!?! (todo: verify)
# - update: sudo uses pam anyways!
#
# todo:
# - integrate with ~/.bash/{init,env}
# - does not handle spaces in any of the exports
# - embeds call to sudo -- NOT GOOD, was whole point of runuser
#
# https://github.com/smemsh/utilsh/
# https://spdx.org/licenses/GPL-2.0
#
##############################################################################
umask 002
PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin
LD_LIBRARY_PATH=/usr/local/lib
exports=(PATH LD_LIBRARY_PATH)
exports+=(LINES COLUMNS LANG TERM)
exports+=(HOSTNAME DISPLAY)
exports+=(HOME USER USERNAME LOGNAME)
###
process_args ()
{
declare -g user=$1
(($# >= 2)) || return 3
(($EUID == 0)) || return 7 # assert: already root
getent passwd $user &>/dev/null || return 13 # assert: user exists
}
set_user_envs ()
{
local var
for var in USER LOGNAME USERNAME; do
declare -gx $var=$user; done
}
set_home_envs ()
{
local homedir
eval homedir=~$USER
[[ $homedir ]] &&
test -d $homedir &&
test -r $homedir &&
test -x $homedir &&
declare -gx HOME=$homedir
}
mkenvs ()
{
local v
xline="$exports=${!exports}"
for ((i = 1; i < ${#exports[@]}; i++)); do
v=${exports[i]}; xline+=" $v=${!v}"; done
}
###
main ()
{
process_args "$@" || exit $?; shift
set_user_envs $user || exit 20
set_home_envs $user || exit 30
mkenvs
sudo -u $user env - $xline "$@"
}
main "$@"