1 // 2 // Copyright (C) 2001-2013 Graeme Walker <graeme_walker@users.sourceforge.net> 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 // === 17 /// 18 /// \file groot.h 19 /// 20 21 #ifndef G_ROOT_H 22 #define G_ROOT_H 23 24 #include "gdef.h" 25 #include "gidentity.h" 26 #include "gnoncopyable.h" 27 28 /// \namespace G 29 namespace G 30 { 31 class Root ; 32 } 33 34 /// \class G::Root 35 /// A class which acquires the process's 36 /// special privileges on construction and releases 37 /// them on destruction. Despite the name of the class 38 /// the special privileges are not necessarily root 39 /// privileges. 40 /// 41 /// If instances are nested then the inner instances 42 /// have no effect. 43 /// 44 /// The implementation uses G::Process and G::Identity. 45 /// 46 /// The class must be initialised by calling a static 47 /// init() method. 48 /// 49 class G::Root : private G::noncopyable 50 { 51 public: 52 explicit Root( bool change_group = true ) ; 53 ///< Constructor. Acquires special 54 ///< privileges if possible. 55 56 ~Root() ; 57 ///< Desctructor. Releases special privileges 58 ///< if this instance acquired them. 59 60 static void init( const std::string & nobody ) ; 61 ///< Initialises this class on process start-up by 62 ///< releasing root or suid privileges. 63 ///< 64 ///< The parameter gives a non-privileged username 65 ///< which is used if the real user-id is root. 66 67 static Identity nobody() ; 68 ///< Returns the 'nobody' identity. 69 ///< Precondition: init() called 70 71 static Identity start( SignalSafe ) ; 72 ///< A signal-safe alternative to construction. 73 74 static void stop( SignalSafe , Identity ) ; 75 ///< A signal-safe alternative to destruction. 76 77 private: 78 static Root * m_this ; 79 static bool m_initialised ; 80 static Identity m_special ; 81 static Identity m_nobody ; 82 bool m_change_group ; 83 } ; 84 85 #endif 86 87