rwog
| Crates.io | rwog |
| lib.rs | rwog |
| version | 0.2.3 |
| source | src |
| created_at | 2018-04-01 18:16:21.470953 |
| updated_at | 2018-04-11 16:06:13.159973 |
| description | Run a program as if you were not a member of certain supplementary groups. Cannot grant privileges or change /etc/group. |
| homepage | |
| repository | https://github.com/JesseTG/rwog |
| max_upload_size | |
| id | 58528 |
| size | 12,119 |
Jesse Talavera-Greenberg (JesseTG)
documentation
README
NAME
rwog - run without groups
SYNOPSIS
rwog -g <groups>... [-- command-with-args...]
DESCRIPTION
rwog lets you run a given command while temporarily reducing your group membership. It does not modify /etc/group or /etc/passwd, and cannot grant you permissions you don't already have. Possible use cases for rwog include:
- In a shared system for which you are a privileged user, pretending that you are an unprivileged user without logging in as one.
- Testing a program's behavior when it doesn't have the group memberships it needs.
OPTIONS
-h, --help
Display the help.
-g, --groups
Run the given command without these groups, given by name (not number). You cannot drop your primary group membership (which is output by id -gn). Groups that don't exit or that you're not already a member of are ignored.
SEE ALSO
id(1), getent(1), groups(1), group(5)
BUGS
- Does not support
gids given by number. When it does, suchgids will be given of the form+gid_number, as is the case with mostcoreutilsprograms.
CAVEATS
rwog must have the capability CAP_SETGID in order to be used. Grant it with setcap $(which rwog) cap_setgid=pe if your package manager hasn't done so already. You could run it as root, but given that rwog is supposed to reduce privileges you'd be missing the point entirely.
I cannot promise that rwog is entirely secure. I'm not doing anything blatantly wrong, but it's possible that there's something I missed. Do not let untrusted users run rwog.
LICENSE
MIT.