droppriv

package
v0.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package droppriv provides privilege dropping functionality for Unix-like systems.

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidUsername = errors.New("invalid username")

ErrInvalidUsername is returned when a username fails validation.

View Source 
var ErrStrategyNotAvailable = fmt.Errorf("strategy not available")

ErrStrategyNotAvailable is returned when a strategy is not available on the system.

View Source 
var ErrUnsupported = errors.New("drop privileges not supported on this platform")

ErrUnsupported is returned when privilege dropping is not supported on the current platform.

Functions

func Chown 

func Chown(userName, path string, uid, gid int) error

Chown provides a package-level helper using the default manager.

func ChownAsRoot 

func ChownAsRoot(path string, uid, gid int) error

ChownAsRoot changes ownership as root using the default manager. WARNING: This bypasses all user validation. Use only when root access is required.

func MkdirAll 

func MkdirAll(userName, path string, perm os.FileMode) error

MkdirAll provides a package-level helper using the default manager.

func MkdirAllAsRoot 

func MkdirAllAsRoot(path string, perm os.FileMode) error

MkdirAllAsRoot creates directories as root using the default manager. WARNING: This bypasses all user validation. Use only when root access is required.

func Open 

func Open(userName, path string) (*os.File, error)

Open provides a package-level helper using the default manager.

func OpenAsRoot 

func OpenAsRoot(path string) (*os.File, error)

OpenAsRoot opens a file as root using the default manager. WARNING: This bypasses all user validation. Use only when root access is required.

func OpenFile 

func OpenFile(userName, path string, flag int, perm os.FileMode) (*os.File, error)

OpenFile provides a package-level helper using the default manager.

func OpenFileAsRoot 

func OpenFileAsRoot(path string, flag int, perm os.FileMode) (*os.File, error)

OpenFileAsRoot opens a file as root with specified flags and permissions using the default manager. WARNING: This bypasses all user validation. Use only when root access is required.

func ReloadDefaultManager 

func ReloadDefaultManager()

ReloadDefaultManager forces the default manager to be rebuilt using the current HTCondor configuration.

func ResetNSSCache added in v0.0.8 

func ResetNSSCache()

ResetNSSCache is a no-op on non-Linux systems or when CGO is enabled.

func SetNSSSwitchPath added in v0.0.8 

func SetNSSSwitchPath(_ string)

SetNSSSwitchPath is a no-op on non-Linux systems or when CGO is enabled.

Types

type CachedLookup 

type CachedLookup struct {
	// contains filtered or unexported fields
}

CachedLookup wraps a lookup strategy with caching.

func NewCachedLookup 

func NewCachedLookup(strategy LookupStrategy, ttl time.Duration) *CachedLookup

NewCachedLookup creates a new cached lookup with the given strategy and TTL.

func (*CachedLookup) ClearCache 

func (c *CachedLookup) ClearCache()

ClearCache clears all cached entries.

func (*CachedLookup) LookupUser 

func (c *CachedLookup) LookupUser(ctx context.Context, username string) (*UserInfo, error)

LookupUser looks up a user, using cache if available.

func (*CachedLookup) Name 

func (c *CachedLookup) Name() string

Name returns the name of the underlying strategy.

type ChainedLookupStrategy added in v0.0.8 

type ChainedLookupStrategy struct {
	// contains filtered or unexported fields
}

ChainedLookupStrategy tries multiple strategies in order until one succeeds.

func (*ChainedLookupStrategy) LookupUser added in v0.0.8 

func (c *ChainedLookupStrategy) LookupUser(ctx context.Context, username string) (*UserInfo, error)

LookupUser tries each strategy in order until one succeeds or a user is definitively not found.

func (*ChainedLookupStrategy) Name added in v0.0.8 

func (c *ChainedLookupStrategy) Name() string

Name returns the names of all strategies in the chain.

type Config 

type Config struct {
	Enabled    bool
	CondorUser string
	CondorIDs  *Identity
}

Config controls how the drop privileges manager behaves.

func ConfigFromHTCondor 

func ConfigFromHTCondor(cfg *config.Config) Config

ConfigFromHTCondor builds a Config using the HTCondor configuration parameters. DROP_PRIVILEGES toggles the feature on/off. CONDOR_IDS overrides the condor UID/GID. CONDOR_USER overrides the condor username lookup.

type ErrUserNotFound 

type ErrUserNotFound struct {
	Username string
}

ErrUserNotFound is returned when a user is not found.

func (*ErrUserNotFound) Error 

func (e *ErrUserNotFound) Error() string

type GoLookupStrategy 

type GoLookupStrategy struct{}

GoLookupStrategy uses Go's built-in user lookup. When CGO is enabled, this automatically uses getpwnam_r and the best available C library functions for maximum compatibility. When CGO is disabled, it falls back to parsing /etc/passwd.

func NewGoLookup 

func NewGoLookup() (*GoLookupStrategy, error)

NewGoLookup creates a new Go lookup strategy.

func (*GoLookupStrategy) LookupUser 

func (s *GoLookupStrategy) LookupUser(ctx context.Context, username string) (*UserInfo, error)

LookupUser looks up a user using Go's os/user package.

func (*GoLookupStrategy) Name 

func (s *GoLookupStrategy) Name() string

Name returns the strategy name.

type Identity 

type Identity struct {
	UID  uint32
	GID  uint32
	Name string
}

Identity represents a resolved Unix user and group.

type LookupStrategy 

type LookupStrategy interface {
	// LookupUser looks up a user by username and returns user info.
	LookupUser(ctx context.Context, username string) (*UserInfo, error)

	// Name returns the name of this lookup strategy.
	Name() string
}

LookupStrategy defines the interface for UID/GID lookup implementations.

func DefaultLookup 

func DefaultLookup() LookupStrategy

DefaultLookup returns the default lookup strategy for the system.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager coordinates per-thread privilege transitions for filesystem access.

func DefaultManager 

func DefaultManager() *Manager

DefaultManager returns the singleton manager built from the default HTCondor configuration.

func NewManager 

func NewManager(conf Config) (*Manager, error)

NewManager constructs a Manager from the provided configuration. Call Start() to drop privileges if enabled.

func (*Manager) Chown 

func (m *Manager) Chown(userName, path string, uid, gid int) error

Chown wraps os.Chown under the target user context. If userName is empty, the operation runs as the current user without privilege drop. userName cannot be "root" or "condor" - use ChownAsRoot for root operations.

func (*Manager) ChownAsRoot 

func (m *Manager) ChownAsRoot(path string, uid, gid int) error

ChownAsRoot changes ownership as root user. WARNING: This bypasses all user validation. Use only when root access is required.

func (*Manager) MkdirAll 

func (m *Manager) MkdirAll(userName, path string, perm os.FileMode) error

MkdirAll wraps os.MkdirAll under the target user context. If userName is empty, the operation runs as the current user without privilege drop. userName cannot be "root" or "condor" - use MkdirAllAsRoot for root operations.

func (*Manager) MkdirAllAsRoot 

func (m *Manager) MkdirAllAsRoot(path string, perm os.FileMode) error

MkdirAllAsRoot creates directories as root user. WARNING: This bypasses all user validation. Use only when root access is required.

func (*Manager) Open 

func (m *Manager) Open(userName, path string) (*os.File, error)

Open wraps os.Open under the target user context. If userName is empty, the operation runs as the current user without privilege drop. userName cannot be "root" or "condor" - use OpenAsRoot for root operations.

func (*Manager) OpenAsRoot 

func (m *Manager) OpenAsRoot(path string) (*os.File, error)

OpenAsRoot opens a file as root user. WARNING: This bypasses all user validation. Use only when root access is required.

func (*Manager) OpenFile 

func (m *Manager) OpenFile(userName, path string, flag int, perm os.FileMode) (*os.File, error)

OpenFile wraps os.OpenFile under the target user context. If userName is empty, the operation runs as the current user without privilege drop. userName cannot be "root" or "condor" - use OpenFileAsRoot for root operations.

func (*Manager) OpenFileAsRoot 

func (m *Manager) OpenFileAsRoot(path string, flag int, perm os.FileMode) (*os.File, error)

OpenFileAsRoot opens a file as root user with specified flags and permissions. WARNING: This bypasses all user validation. Use only when root access is required.

func (*Manager) Start 

func (m *Manager) Start() error

Start drops the manager's effective privileges to the condor user if enabled.

func (*Manager) Stop 

func (m *Manager) Stop() error

Stop restores the manager's original privileges if it was started with privileges dropped.

type NSSSwitchMethod added in v0.0.8 

type NSSSwitchMethod string

NSSSwitchMethod represents a method in nsswitch.conf. 

const (
	// NSSSwitchMethodSSS represents the SSSD method.
	NSSSwitchMethodSSS NSSSwitchMethod = "sss"
	// NSSSwitchMethodFiles represents the files method (traditional /etc/passwd).
	NSSSwitchMethodFiles NSSSwitchMethod = "files"
)

func ParseNSSwitch added in v0.0.8 

func ParseNSSwitch(path string) ([]NSSSwitchMethod, error)

ParseNSSwitch parses /etc/nsswitch.conf and returns the methods for the passwd database. It returns a slice of methods in the order they appear in the configuration. Only "sss" and "files" methods are supported; other methods are ignored.

type SystemdUserDBLookupStrategy 

type SystemdUserDBLookupStrategy struct {
	// contains filtered or unexported fields
}

SystemdUserDBLookupStrategy uses systemd-userdbd via varlink protocol.

func NewSystemdUserDBLookup 

func NewSystemdUserDBLookup() (*SystemdUserDBLookupStrategy, error)

NewSystemdUserDBLookup creates a new systemd-userdbd lookup strategy.

func (*SystemdUserDBLookupStrategy) LookupUser 

func (s *SystemdUserDBLookupStrategy) LookupUser(ctx context.Context, username string) (*UserInfo, error)

LookupUser looks up a user using systemd-userdbd varlink protocol.

func (*SystemdUserDBLookupStrategy) Name 

func (s *SystemdUserDBLookupStrategy) Name() string

Name returns the strategy name.

type UserInfo 

type UserInfo struct {
	UID       uint32
	GID       uint32
	Username  string
	Groupname string
	HomeDir   string
	Shell     string
}

UserInfo contains user and group information.

func LookupUser 

func LookupUser(ctx context.Context, username string) (*UserInfo, error)

LookupUser is a convenience function using the default lookup strategy.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.