#!/bin/bash
+chdir=0
kerberos=0
x11=0
-while getopts ":kx" opt; do
+copy=0
+dir=
+while getopts ":D:cd:kx" opt; do
case $opt in
+ D)
+ copy=1
+ dir=$OPTARG
+ ;;
+ c) chdir=1;;
+ d) dir=$OPTARG;;
k) kerberos=1;;
x) x11=1;;
esac
done
shift $((OPTIND-1))
+srcdir=${0%/*}
+[ "$srcdir" = "$0" -o "$srcdir" = "." ] && srcdir=$PWD
+if [ -n "$dir" ]; then
+ if [ $copy = 1 ]; then
+ if ! cp "$srcdir/became" "$dir/became"; then
+ echo >&2 "Failed to copy $srcdir/became to $dir!"
+ exit 100
+ fi
+ fi
+else
+ dir=$srcdir
+fi
+
user="$1"; shift
if [ -z "$user" ]; then
- echo >&2 "Usage: become [-k] [-x] <user>"
- echo >&2 "Options: -k Delegate Kerberos credentials even if target user is not root."
- echo >&2 " -x Delegate X11 cookie even if target user is not root."
+ echo >&2 "Usage: become [-c] [-d <dir>] [-k] [-x] <user>"
+ echo >&2 "Options: -c Stay in current directory even if target user is not root."
+ echo >&2 " -d <dir> Look for \"became\" script in given directory."
+ echo >&2 " -k Delegate Kerberos credentials even if target user is not root."
+ echo >&2 " -x Delegate X11 cookie even if target user is not root."
exit 1
fi
fi
if [ $uid = 0 ]; then
+ chdir=1
kerberos=1
x11=1
fi
if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
COOKIE="$(xauth list $DISPLAY)"
fi
-BECOME="$HOME/.become"
-profile="$BECOME/$user"
-[ -f "$profile" ] || profile="$BECOME/all"
+ignore_profile_user=0
+for candidate in "$HOME" "$PROFILE_HOME"; do
+ [ -n "$candidate" ] || continue
+ BECOME="$candidate/.become"
+ [ -d "$BECOME" ] || continue
+
+ # Script to run when becoming any user.
+ [ -z "$allusersprofile" ] && allusersprofile="$BECOME/all"
+ [ -f "$allusersprofile" ] || allusersprofile=
+
+ # Set $HOME/all sticky to ignore $PROFILE_HOME/$user.
+ if [ "$candidate" = "$HOME" ]; then
+ [ -k "$BECOME/all" ] && ignore_profile_user=1
+ else
+ [ $ignore_profile_user = 1 ] && continue
+ fi
+
+ # Script to run (after the one mentioned above) when becoming this user.
+ [ -z "$userprofile" ] && userprofile="$BECOME/$user"
+ [ -f "$userprofile" ] || userprofile=
+done
+
+# Preserve environment variables.
+ignore_environment_user=0
+for candidate in "$HOME" "$PROFILE_HOME"; do
+ [ -n "$candidate" ] || continue
+ BECOME="$candidate/.become/environment"
+ [ -d "$BECOME" ] || continue
-file="$(mktemp)"
-if [ -n "$file" ]; then
- exec 3>"$file"
- exec <"$file"
- rm "$file"
+ # Script to run when becoming any user.
+ [ -z "$allusersenvironment" ] && allusersenvironment="$BECOME/all"
+ [ -f "$allusersenvironment" ] || allusersenvironment=
+ # Set $HOME/all sticky to ignore $PROFILE_HOME/$user.
+ if [ "$candidate" = "$HOME" ]; then
+ [ -k "$BECOME/all" ] && ignore_environment_user=1
+ else
+ [ $ignore_environment_user = 1 ] && continue
+ fi
+
+ # Environment variables to preserve when becomeing this user.
+ [ -z "$userenvironment" ] && userenvironment="$BECOME/$user"
+ [ -f "$userenvironment" ] || userenvironment=
+done
+
+file="${TMPDIR:-/tmp}/$USER.become.$user.$RANDOM.$$"
+umask=$(builtin umask -p)
+builtin umask 077
+if exec 3>"$file" && exec <"$file" && rm "$file"; then
+ builtin $umask
echo >&3 "cd"
- echo >&3 "PROFILE_HOME='$HOME'"
+ echo >&3 "PROFILE_HOME='${PROFILE_HOME:-$HOME}'"
if [ -n "$PRINCIPAL" ]; then
echo >&3 "PRINCIPAL='$PRINCIPAL'"
if [ $kerberos = 1 ]; then
- ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
+ ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: [DF]I[LR][E:]://p')
if [ -f "$ccname" ]; then
+ echo >&3 "export KRB5CCNAME='$KRB5CCNAME'"
openssl=$(find_working openssl)
if [ -n "$openssl" ]; then
echo >&3 "KRB5OPENSSL='$openssl'"
else
echo >&3 "unset DISPLAY"
fi
-
- echo >&3 2>/dev/null ". $HOME/.bash_profile"
- [ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
- [ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
+ if [ ! "$PROFILE_HOME" = "$HOME" ]; then
+ echo >&3 "export SCREENRC=$PROFILE_HOME/.screenrc"
+ fi
+else
+ exit 111
fi
-dir=$(dirname "$0")
-[ "$dir" = "." ] && dir="$PWD"
+echo >&3 ". ${PROFILE_HOME:-$HOME}/.bash_profile"
+for profile in "$allusersprofile" "$userprofile"; do
+ [ -f "$profile" ] && cat >&3 2>/dev/null "$profile"
+done
+for environment in "$allusersenvironment" "$userenvironment"; do
+ [ -f "$environment" ] || continue
+ while read -d $'\n' variable; do
+ variable=${variable%%=*}
+ eval "[ -z \${$variable:+set} ] || echo >&3 \"$variable='\$$variable'\""
+ done < "$environment"
+done
+[ $chdir = 1 ] && echo >&3 2>/dev/null "cd - &>/dev/null"
+
+exec 3>&-
exec sudo -H -u "$user" "$dir/became"
exit 111