git://git.iain.cx/iain / profile.git / blob
? search:


4b1c0dceec5538bc797c97e90961ad2294f7eef1
[profile.git] / opt / bin / become
1 #!/bin/bash
2
3 chdir=0
4 kerberos=0
5 x11=0
6 while getopts ":kx" opt; do
7   case $opt in
8     c) chdir=1;;
9     k) kerberos=1;;
10     x) x11=1;;
11   esac
12 done
13 shift $((OPTIND-1))
14
15 user="$1"; shift
16 if [ -z "$user" ]; then
17   echo >&2 "Usage: become [-c] [-k] [-x] <user>"
18   echo >&2 "Options: -c   Stay in current directory even if target user is not root."
19   echo >&2 "         -k   Delegate Kerberos credentials even if target user is not root."
20   echo >&2 "         -x   Delegate X11 cookie even if target user is not root."
21   exit 1
22 fi
23
24 uid=$(PATH=/usr/xpg4/bin:/usr/bin id -u "$user" 2>/dev/null)
25 if [ -z "$uid" ]; then
26   echo >&2 "Who is $user?"
27   exit 2
28 fi
29
30 if [ $uid = 0 ]; then
31   chdir=1
32   kerberos=1
33   x11=1
34 fi
35
36 PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
37 if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
38   COOKIE="$(xauth list $DISPLAY)"
39 fi
40 ignore_profile_user=0
41 for candidate in "$HOME" "$PROFILE_HOME"; do
42   [ -n "$candidate" ] || continue
43   BECOME="$candidate/.become"
44   [ -d "$BECOME" ] || continue
45
46   # Script to run when becoming any user.
47   [ -z "$allusersprofile" ] && allusersprofile="$BECOME/all"
48   [ -f "$allusersprofile" ] || allusersprofile=
49
50   # Set $HOME/all sticky to ignore $PROFILE_HOME/$user.
51   if [ "$candidate" = "$HOME" ]; then
52     [ -k "$BECOME/all" ] && ignore_profile_user=1
53   else
54     [ $ignore_profile_user = 1 ] && continue
55   fi
56
57   # Script to run (after the one mentioned above) when becoming this user.
58   [ -z "$userprofile" ] && userprofile="$BECOME/$user"
59   [ -f "$userprofile" ] || userprofile=
60 done
61
62 # Preserve environment variables.
63 ignore_environment_user=0
64 for candidate in "$HOME" "$PROFILE_HOME"; do
65   [ -n "$candidate" ] || continue
66   BECOME="$candidate/.become/environment"
67   [ -d "$BECOME" ] || continue
68
69   # Script to run when becoming any user.
70   [ -z "$allusersenvironment" ] && allusersenvironment="$BECOME/all"
71   [ -f "$allusersenvironment" ] || allusersenvironment=
72
73   # Set $HOME/all sticky to ignore $PROFILE_HOME/$user.
74   if [ "$candidate" = "$HOME" ]; then
75     [ -k "$BECOME/all" ] && ignore_environment_user=1
76   else
77     [ $ignore_environment_user = 1 ] && continue
78   fi
79
80   # Environment variables to preserve when becomeing this user.
81   [ -z "$userenvironment" ] && userenvironment="$BECOME/$user"
82   [ -f "$userenvironment" ] || userenvironment=
83 done
84
85 file="${TMPDIR:-/tmp}/$USER.become.$user.$RANDOM.$$"
86 umask=$(builtin umask -p)
87 builtin umask 077
88 if exec 3>"$file" && exec <"$file" && rm "$file"; then
89   builtin $umask
90   echo >&3 "cd"
91   echo >&3 "PROFILE_HOME='${PROFILE_HOME:-$HOME}'"
92   if [ -n "$PRINCIPAL" ]; then
93     echo >&3 "PRINCIPAL='$PRINCIPAL'"
94     if [ $kerberos = 1 ]; then
95       ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: [DF]I[LR][E:]://p')
96       if [ -f "$ccname" ]; then
97         echo >&3 "export KRB5CCNAME='$KRB5CCNAME'"
98         openssl=$(find_working openssl)
99         if [ -n "$openssl" ]; then
100           echo >&3 "KRB5OPENSSL='$openssl'"
101           echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
102         fi
103       fi
104     fi
105   fi
106   if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
107     echo >&3 "xauth add $COOKIE"
108   else
109     echo >&3 "unset DISPLAY"
110   fi
111   if [ ! "$PROFILE_HOME" = "$HOME" ]; then
112     echo >&3 "export SCREENRC=$PROFILE_HOME/.screenrc"
113   fi
114 else
115   exit 111
116 fi
117
118 echo >&3 ". ${PROFILE_HOME:-$HOME}/.bash_profile"
119 for profile in "$allusersprofile" "$userprofile"; do
120   [ -f "$profile" ] && cat >&3 2>/dev/null "$profile"
121 done
122 for environment in "$allusersenvironment" "$userenvironment"; do
123   [ -f "$environment" ] || continue
124   while read -d $'\n' variable; do
125     variable=${variable%%=*}
126     eval "[ -z \${$variable:+set} ] || echo >&3 \"$variable='\$$variable'\""
127   done < "$environment"
128 done
129 [ $chdir = 1 ] && echo >&3 2>/dev/null "cd - &>/dev/null"
130
131 exec 3>&-
132 dir=$(dirname "$0")
133 [ "$dir" = "." ] && dir="$PWD"
134 exec sudo -H -u "$user" "$dir/became"
135 exit 111
Home directory stuff.