#!/bin/bash
-user="$1"
+kerberos=0
+x11=0
+while getopts ":kx" opt; do
+ case $opt in
+ k) kerberos=1;;
+ x) x11=1;;
+ esac
+done
+shift $((OPTIND-1))
+
+user="$1"; shift
if [ -z "$user" ]; then
- echo >&2 "Usage: become <user>"
+ echo >&2 "Usage: become [-k] [-x] <user>"
+ echo >&2 "Options: -k Delegate Kerberos credentials even if target user is not root."
+ echo >&2 " -x Delegate X11 cookie even if target user is not root."
exit 1
fi
+uid=$(PATH=/usr/xpg4/bin:/usr/bin id -u "$user" 2>/dev/null)
+if [ -z "$uid" ]; then
+ echo >&2 "Who is $user?"
+ exit 2
+fi
+
+if [ $uid = 0 ]; then
+ kerberos=1
+ x11=1
+fi
+
+PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
+if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
+ COOKIE="$(xauth list $DISPLAY)"
+fi
BECOME="$HOME/.become"
profile="$BECOME/$user"
[ -f "$profile" ] || profile="$BECOME/all"
-exec sudo -H -u "$user" env BECOME_HOME="$HOME" /bin/bash --rcfile "$profile"
+file="${TMPDIR:-/tmp}/$USER.become.$user.$RANDOM.$$"
+umask=$(builtin umask -p)
+builtin umask 077
+if exec 3>"$file" && exec <"$file" && rm "$file"; then
+ builtin $umask
+ echo >&3 "cd"
+ echo >&3 "PROFILE_HOME='$HOME'"
+ if [ -n "$PRINCIPAL" ]; then
+ echo >&3 "PRINCIPAL='$PRINCIPAL'"
+ if [ $kerberos = 1 ]; then
+ ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
+ if [ -f "$ccname" ]; then
+ openssl=$(find_working openssl)
+ if [ -n "$openssl" ]; then
+ echo >&3 "KRB5OPENSSL='$openssl'"
+ echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
+ fi
+ fi
+ fi
+ fi
+ if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
+ echo >&3 "xauth add $COOKIE"
+ else
+ echo >&3 "unset DISPLAY"
+ fi
+else
+ exit 111
+fi
+
+echo >&3 ". $HOME/.bash_profile"
+[ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
+[ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
+
+exec 3>&-
+dir=$(dirname "$0")
+[ "$dir" = "." ] && dir="$PWD"
+exec sudo -H -u "$user" "$dir/became"
+exit 111
git://git.iain.cx/iain / profile.git / blobdiff