diff options
| author | Arne Babenhauserheide <arne_bab@web.de> | 2021-12-29 23:25:42 +0100 |
|---|---|---|
| committer | Arne Babenhauserheide <arne_bab@web.de> | 2021-12-29 23:29:05 +0100 |
| commit | 500fe6e0cb1fe3b239dd0be83cd57c73d8c8c9aa (patch) | |
| tree | 12a9d9dec03c8d6b8e04689fe1dae9ec4ceaa9ca /utils/nullauth.c | |
| parent | ac29bb14011d77fc6042a8455179231450a79b9c (diff) | |
trans/checkperms.c: add deferred authorization translator
Setup the translator:
echo HELLOWORLD > /hello && \
settrans -cga /hello $(realpath ~/Dev/hurd/trans/checkperms) --groupname=user
Create the FIFOs:
USER=root
GROUP=user
mkdir -p /run/$USER/request-permission
mkdir -p /run/$USER/grant-permission
mkfifo /run/$USER/request-permission/$GROUP
mkfifo /run/$USER/grant-permission/$GROUP
Setup the permission-granting program in a separate shell:
USER=root
GROUP=user
while true; do
PID="$(cat /run/$USER/request-permission/$GROUP)"
echo Process $PID tries to access file /hello but is not in the required group $GROUP.
ps-hurd -p $PID -aeux
if [[ "$(read -e -p 'Grant permission and add group "'$GROUP'" for 5 minutes? [y/N]> '; echo $REPLY)" == [Yy]* ]]; then
addauth -p $PID -g $GROUP
echo 0 > /run/$USER/grant-permission/$GROUP
(sleep 300 && rmauth -p $PID -g $GROUP 2>/dev/null) &
else
echo 1 > /run/$USER/grant-permission/$GROUP
fi
done
Access the translator as user without the required group and with the group:
su - user --shell /bin/bash -c 'cat /hello'
cat /hello & # accept the request in the permission granting program
Diffstat (limited to 'utils/nullauth.c')
0 files changed, 0 insertions, 0 deletions