Become 'www-data' and give up root privileges

linkdd / lemonldap-cli

Command Line tool to configure LemonLDAP::NG (depecrated: now maintained by the LemonLDAP::NG team)

http://linkdd.github.com/lemonldap-cli

GNU General Public License v3.0

7 stars 0 forks source link

Become 'www-data' and give up root privileges #9

Closed linkdd closed 12 years ago

linkdd commented 12 years ago

lemonldap-ng-cli should give up root privileges :

use POSIX;

POSIX::setgid ((getgrnam ("www-data"))[2]);
POSIX::setuid ((getpwnam ("www-data"))[2]);

if ($> == 0)
{
     print STDERR "$0 must not be launched as root since local cache can be corrupted\n";
     print STDERR "Continue (y/N)? ";
     my $res = <STDIN>;
     exit 1 unless ($res =~ /^y/i);
}

It should be added in bin/lemonldap-ng-cli