diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-11-01 15:17:00 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-11-01 15:17:00 -0700 |
commit | 2c9bf3e94369e6576ea576eaa82970a8128a59f5 (patch) | |
tree | b13204a1b16c115d3f365fa57a1a842789efe22e | |
parent | 05164a19652f9b0e7ed70f7030235b048dc4dad7 (diff) | |
download | consfigurator-2c9bf3e94369e6576ea576eaa82970a8128a59f5.tar.gz |
:SETUID: pass target uid to POSIX-LOGIN-ENVIRONMENT for correct PATH
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r-- | src/connection/setuid.lisp | 2 | ||||
-rw-r--r-- | src/image.lisp | 4 | ||||
-rw-r--r-- | src/property/installer.lisp | 2 | ||||
-rw-r--r-- | src/util.lisp | 4 |
4 files changed, 7 insertions, 5 deletions
diff --git a/src/connection/setuid.lisp b/src/connection/setuid.lisp index 59b9e67..6fba4c2 100644 --- a/src/connection/setuid.lisp +++ b/src/connection/setuid.lisp @@ -62,7 +62,7 @@ (format nil "~A:~A" uid gid) (unix-namestring (slot-value connection 'datadir)))) (posix-login-environment - user (connection-connattr connection :remote-home)) + uid user (connection-connattr connection :remote-home)) ;; We are privileged, so this sets the real, effective and saved IDs. (nix:setgid gid) (nix:initgroups user gid) (nix:setuid uid))) diff --git a/src/image.lisp b/src/image.lisp index 3c580ca..82bd569 100644 --- a/src/image.lisp +++ b/src/image.lisp @@ -93,7 +93,9 @@ Thus, PREREQUEST must not start up any threads." ,,@forms))) `(with-fork-request ,(wrap '`(posix-login-environment - ,(get-connattr :remote-user) ,(get-connattr :remote-home)) + ,(get-connattr :remote-uid) + ,(get-connattr :remote-user) + ,(get-connattr :remote-home)) prerequest) ,(wrap request) (,out ,err ,exit) ,@forms))) diff --git a/src/property/installer.lisp b/src/property/installer.lisp index a41112f..5c37ba3 100644 --- a/src/property/installer.lisp +++ b/src/property/installer.lisp @@ -275,7 +275,7 @@ using a combinator like ON-CHANGE, or applied manually with DEPLOY-THESE." (get-connattr :remote-home) "/root" (get-connattr :XDG_CACHE_HOME) #P"/root/.cache/" (get-connattr :consfigurator-cache) #P"/root/.cache/consfigurator/") - (posix-login-environment "root" "/root") + (posix-login-environment 0 "root" "/root") ;; Remount (mainly virtual) filesystems that other properties we will ;; apply might require (esp. relevant for installing bootloaders). diff --git a/src/util.lisp b/src/util.lisp index 1bed222..dc111a2 100644 --- a/src/util.lisp +++ b/src/util.lisp @@ -598,10 +598,10 @@ interactive debugger.")) (2 (signal 'skipped-properties) nil) (t ,on-failure)))) -(defun posix-login-environment (logname home) +(defun posix-login-environment (uid logname home) "Reset the environment after switching UID, or similar, in a :LISP connection. Does not currently establish a PAM session." - (let ((rootp (zerop (nix:geteuid))) + (let ((rootp (zerop uid)) (maybe-preserve '("TERM"))) (when rootp (push "SSH_AUTH_SOCK" maybe-preserve)) |