opt/bin/become

   1 #!/bin/bash
   2
   3 kerberos=0
   4 while getopts ":k" opt; do
   5   case $opt in
   6     k) kerberos=1
   7   esac
   8 done
   9 shift $((OPTIND-1))
  10
  11 user="$1"; shift
  12 if [ -z "$user" ]; then
  13   echo >&2 "Usage: become [-k] <user>"
  14   echo >&2 "Options: -k   Delegate Kerberos credentials even if target user is not root."
  15   exit 1
  16 fi
  17
  18 PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
  19 if [ -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
  20   COOKIE="$(xauth list $DISPLAY)"
  21 fi
  22 BECOME="$HOME/.become"
  23 profile="$BECOME/$user"
  24 [ -f "$profile" ] || profile="$BECOME/all"
  25
  26 file="$(mktemp)"
  27 if [ -n "$file" ]; then
  28   exec 3>"$file"
  29   exec <"$file"
  30   rm "$file"
  31
  32   echo >&3 "cd"
  33   echo >&3 "PROFILE_HOME='$HOME'"
  34   if [ -n "$PRINCIPAL" ]; then
  35     echo >&3 "PRINCIPAL='$PRINCIPAL'"
  36     if [ $kerberos = 1 ]; then
  37       ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
  38       if [ -f "$ccname" ]; then
  39         openssl=$(find_working openssl)
  40         if [ -n "$openssl" ]; then
  41           echo >&3 "KRB5OPENSSL='$openssl'"
  42           echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
  43         fi
  44       fi
  45     fi
  46   fi
  47   if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
  48     echo >&3 "xauth add $COOKIE"
  49   else
  50     echo >&3 "unset DISPLAY"
  51   fi
  52
  53   echo >&3 2>/dev/null ". $HOME/.bash_profile"
  54   [ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
  55   [ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
  56 fi
  57
  58 dir=$(dirname "$0")
  59 [ "$dir" = "." ] && dir="$PWD"
  60 exec sudo -H -u "$user" "$dir/became"
  61 exit 111