forked from kiss-community/kiss
kiss: as_root changes
1. Removed strict list of KISS_SU values. Anything that uses sudo-like arguments is now supported. 2. Calling a nested package manager instance is now avoided when unneeded. 3. Removed hardcoded root assumptions (and renamed as_root to as_user). The check is now simply (current_user == owner of path).
This commit is contained in:
Dylan Araps
parent
7c2c32fb37
commit
49e9feca74
87
kiss
87
kiss
@ -105,40 +105,32 @@ fnr() {
|
|||||||
esac done
|
esac done
|
||||||
}
|
}
|
||||||
|
|
||||||
as_root() {
|
am_owner() {
|
||||||
case $uid/${user:=root}/${cmd_su##*/} in
|
# Figure out if we need to change users to operate on
|
||||||
0/root/*)
|
# a given file or directory.
|
||||||
"$@"
|
inf=$(ls -ld "$1") ||
|
||||||
;;
|
die "Failed to file information for '$1'"
|
||||||
|
|
||||||
*/doas|*/sudo|*/ssu)
|
# Split the ls output into fields.
|
||||||
log "Using '$cmd_su' (to become $user)"
|
# Intentional, globbing disabled.
|
||||||
|
# shellcheck disable=2046,2086
|
||||||
|
set -- "$1" $inf
|
||||||
|
|
||||||
"$cmd_su" -u "$user" -- "$@"
|
user=$4
|
||||||
;;
|
|
||||||
|
|
||||||
*/su)
|
uid=$(id -u "$user") ||
|
||||||
log "Using 'su' (to become $user)
|
die "Invalid user '$user' for '$1'"
|
||||||
Note: su will ask for password every time.
|
|
||||||
Use doas, sudo or ssu for more control."
|
|
||||||
|
|
||||||
"$cmd_su" -c "$* <&3" "$user" 3<&0 </dev/tty
|
equ "$oid/$uid" "$uid/$oid"
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
die "Invalid KISS_SU value: '$cmd_su' (valid: doas, sudo, ssu, su)"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
}
|
||||||
|
|
||||||
file_owner() {
|
as_user() {
|
||||||
# Intentional, globbing disabled.
|
printf 'Using '%s' (to become %s)\n' "$cmd_su" "$user"
|
||||||
# shellcheck disable=2046
|
|
||||||
set -- $(ls -ld "$1")
|
|
||||||
|
|
||||||
user=${3:-root}
|
case ${cmd_su##*/} in
|
||||||
|
su) "$cmd_su" -c "$* <&3" "$user" 3<&0 </dev/tty ;;
|
||||||
id -u "$user" >/dev/null 2>&1 || user=root
|
*) "$cmd_su" -u "$user" -- "$@"
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_owner() {
|
pkg_owner() {
|
||||||
@ -1564,29 +1556,13 @@ pkg_update() {
|
|||||||
|
|
||||||
log "$PWD" "[verify: $_sig]"
|
log "$PWD" "[verify: $_sig]"
|
||||||
|
|
||||||
if [ -w "$PWD" ] && ! equ "$uid" 0; then
|
if ! am_owner "$PWD"; then
|
||||||
|
log "$PWD" "Need '$user' to update"
|
||||||
|
as_user git pull
|
||||||
|
as_user git submodule update --remote --init -f
|
||||||
|
else
|
||||||
git pull
|
git pull
|
||||||
git submodule update --remote --init -f
|
git submodule update --remote --init -f
|
||||||
|
|
||||||
else
|
|
||||||
equ "$uid" 0 || log "$PWD" "Need root to update"
|
|
||||||
|
|
||||||
# Find out the owner of the repository and spawn
|
|
||||||
# git as this user below.
|
|
||||||
#
|
|
||||||
# This prevents 'git' from changing the original
|
|
||||||
# ownership of files and directories in the rare
|
|
||||||
# case that the repository is owned by a 3rd user.
|
|
||||||
file_owner "$PWD"
|
|
||||||
|
|
||||||
# We're in a repository which is owned by a 3rd
|
|
||||||
# user. Not root or the current user.
|
|
||||||
equ "$user" root || log "Dropping to $user for pull"
|
|
||||||
|
|
||||||
as_root git pull
|
|
||||||
as_root git submodule update --remote --init -f
|
|
||||||
|
|
||||||
unset user
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# arg1: post-update
|
# arg1: post-update
|
||||||
@ -1719,8 +1695,8 @@ args() {
|
|||||||
# Intended behavior.
|
# Intended behavior.
|
||||||
# shellcheck disable=2030,2031
|
# shellcheck disable=2030,2031
|
||||||
case $action in a|alternatives|i|install|r|remove)
|
case $action in a|alternatives|i|install|r|remove)
|
||||||
! ok "$1" || [ -w "$KISS_ROOT/" ] || equ "$uid" 0 || {
|
if ok "$1" && ! am_owner "$KISS_ROOT/"; then
|
||||||
as_root env \
|
as_user env \
|
||||||
HOME="$HOME" \
|
HOME="$HOME" \
|
||||||
XDG_CACHE_HOME="$XDG_CACHE_HOME" \
|
XDG_CACHE_HOME="$XDG_CACHE_HOME" \
|
||||||
KISS_COMPRESS="$KISS_COMPRESS" \
|
KISS_COMPRESS="$KISS_COMPRESS" \
|
||||||
@ -1734,7 +1710,7 @@ args() {
|
|||||||
_KISS_LVL="$_KISS_LVL" \
|
_KISS_LVL="$_KISS_LVL" \
|
||||||
"$0" "$action" "$@"
|
"$0" "$action" "$@"
|
||||||
return
|
return
|
||||||
}
|
fi
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Actions can be abbreviated to their first letter. This saves keystrokes
|
# Actions can be abbreviated to their first letter. This saves keystrokes
|
||||||
@ -1899,12 +1875,7 @@ main() {
|
|||||||
|
|
||||||
# Figure out which 'sudo' command to use based on the user's choice or what
|
# Figure out which 'sudo' command to use based on the user's choice or what
|
||||||
# is available on the system.
|
# is available on the system.
|
||||||
cmd_su=${KISS_SU:-"$(
|
cmd_su=${KISS_SU:-su}
|
||||||
command -v sudo ||
|
|
||||||
command -v doas ||
|
|
||||||
command -v ssu ||
|
|
||||||
command -v su
|
|
||||||
)"} || cmd_su=su
|
|
||||||
|
|
||||||
# Figure out which utility is available to dump elf information.
|
# Figure out which utility is available to dump elf information.
|
||||||
cmd_elf=${KISS_ELF:-"$(
|
cmd_elf=${KISS_ELF:-"$(
|
||||||
@ -1928,7 +1899,7 @@ main() {
|
|||||||
|
|
||||||
# Make note of the user's current ID to do root checks later on.
|
# Make note of the user's current ID to do root checks later on.
|
||||||
# This is used enough to warrant a place here.
|
# This is used enough to warrant a place here.
|
||||||
uid=$(id -u)
|
oid=$(id -u)
|
||||||
|
|
||||||
create_tmp_dirs
|
create_tmp_dirs
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user