1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#!/usr/bin/perl
use warnings;
use strict;
sub processline {
my $user=shift;
my $setup=shift;
if (! getpwnam("$user")) {
print STDERR "warning: user $user does not exist\n";
return
}
if (! -f "$setup") {
print STDERR "warning: $setup does not exist, skipping\n";
return;
}
print "Processing $setup as user $user ...\n";
# su is not used because it passes arguments through the shell,
# which is not safe for untrusted setup file names.
defined(my $pid = fork) or die "Can’t fork: $!";
if (! $pid) {
my ($uuid, $ugid) = (getpwnam($user))[2, 3];
$)="$ugid $ugid";
$(=$ugid;
$<=$uuid;
$>=$uuid;
if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
die "failed to drop permissions to $user";
}
%ENV=();
$ENV{HOME}=(getpwnam($user))[7];
exec("ikiwiki", "-setup", $setup, @ARGV);
die "failed to run ikiwiki: $!";
}
waitpid($pid,0);
if ($?) {
print STDERR "Processing $setup as user $user failed with code $?\n";
}
}
sub processlist {
my $file=shift;
my $forceuser=shift;
my $list;
open ($list, "<$file") || die "$file: $!";
while (<$list>) {
chomp;
s/^\s+//;
s/\s+$//;
next if /^#/ || ! length;
if (/^([^\s]+)\s+([^\s]+)$/) {
my $user=$1;
my $setup=$2;
if (defined $forceuser && $forceuser ne $user) {
print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n";
}
processline($user, $setup);
}
elsif (/^([^\s]+)$/) {
my $user=$1;
my $home=(getpwnam($user))[7];
if (defined $home && -d $home) {
my $dotfile="$home/.ikiwiki/wikilist";
if (-e $dotfile) {
processlist($dotfile, $user);
}
}
}
}
close $list;
}
my $wikilist="/etc/ikiwiki/wikilist";
if (-e $wikilist) {
processlist($wikilist);
}
|