E-MailRelay
Public Member Functions | Static Public Member Functions | List of all members
G::Root Class Reference

A class which acquires the process's special privileges on construction and releases them on destruction. More...

#include <groot.h>

+ Inheritance diagram for G::Root:

Public Member Functions

 Root ()
 Default constructor. More...
 
 Root (bool change_group)
 Constructor overload with explicit control over whether to change the group-id or not. More...
 
 Root (const Root &)=delete
 
 Root (Root &&)=delete
 
void operator= (const Root &)=delete
 
void operator= (Root &&)=delete
 

Static Public Member Functions

static void init (const std::string &nobody, bool fixed_group=false)
 < Desctructor. More...
 
static Identity nobody ()
 Returns the 'nobody' identity corresponding to the init() user name. More...
 
static void atExit () noexcept
 Re-acquires special privileges just before process exit. More...
 
static void atExit (SignalSafe) noexcept
 Re-acquires special privileges just before process exit. More...
 

Detailed Description

A class which acquires the process's special privileges on construction and releases them on destruction.

Despite the name of the class the special privileges are not necessarily root privileges; they can be suid privileges.

The class must be initialised by calling a static init() method. If instances are nested then the inner instances have no effect.

The effect of this class depends on whether the process's real-id is root or not. If the real-id is root then the effective-id is switched to some named 'ordinary' user's id at startup, and then back to what it was (ie. root or the suid-id) for the critical sections. Otherwise, in the case of a suid binary not run by root, the privileged effective-id is switched to the real-id at startup and switched back for the critical sections (although the switching back does rely on the saved-suid-id mechanism, POSIX_SAVED_IDS).

The implementation uses G::Process and G::Identity.

Definition at line 51 of file groot.h.

Constructor & Destructor Documentation

◆ Root() [1/2]

G::Root::Root ( )

Default constructor.

Acquires special privileges by switching the user-id and possibly the group-id (see init()).

Does nothing if the class has not been initialised by a call to init(). Does nothing if there is another instance at an outer scope.

The implementation uses G::Process::beSpecial().

Definition at line 35 of file groot.cpp.

◆ Root() [2/2]

G::Root::Root ( bool  change_group)
explicit

Constructor overload with explicit control over whether to change the group-id or not.

Definition at line 46 of file groot.cpp.

◆ ~Root()

G::Root::~Root ( )

Definition at line 57 of file groot.cpp.

Member Function Documentation

◆ atExit() [1/2]

void G::Root::atExit ( )
staticnoexcept

Re-acquires special privileges just before process exit.

Definition at line 68 of file groot.cpp.

◆ atExit() [2/2]

void G::Root::atExit ( SignalSafe  safe)
staticnoexcept

Re-acquires special privileges just before process exit.

Definition at line 74 of file groot.cpp.

◆ init()

void G::Root::init ( const std::string &  nobody,
bool  fixed_group = false 
)
static

< Desctructor.

Releases special privileges if this instance acquired them. The implementation uses G::Process::beOrdinary(). Errors from seteuid() will call Process::terminate(). Initialises this class on process start-up by releasing root (or suid) privileges. Throws on error.

The string parameter gives a non-privileged username which is used if the real user-id is root.

Definition at line 80 of file groot.cpp.

◆ nobody()

G::Identity G::Root::nobody ( )
static

Returns the 'nobody' identity corresponding to the init() user name.

Precondition: init() called

Definition at line 88 of file groot.cpp.


The documentation for this class was generated from the following files: