1 //
2 // Copyright (C) 2001-2013 Graeme Walker <graeme_walker@users.sourceforge.net>
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 // ===
17 ///
18 /// \file groot.h
19 ///
20 
21 #ifndef G_ROOT_H
22 #define G_ROOT_H
23 
24 #include "gdef.h"
25 #include "gidentity.h"
26 #include "gnoncopyable.h"
27 
28 /// \namespace G
29 namespace G
30 {
31 	class Root ;
32 }
33 
34 /// \class G::Root
35 /// A class which acquires the process's
36 /// special privileges on construction and releases
37 /// them on destruction. Despite the name of the class
38 /// the special privileges are not necessarily root
39 /// privileges.
40 ///
41 /// If instances are nested then the inner instances
42 /// have no effect.
43 ///
44 /// The implementation uses G::Process and G::Identity.
45 ///
46 /// The class must be initialised by calling a static
47 /// init() method.
48 ///
49 class G::Root : private G::noncopyable
50 {
51 public:
52 	explicit Root( bool change_group = true ) ;
53 		///< Constructor. Acquires special
54 		///< privileges if possible.
55 
56 	~Root() ;
57 		///< Desctructor. Releases special privileges
58 		///< if this instance acquired them.
59 
60 	static void init( const std::string & nobody ) ;
61 		///< Initialises this class on process start-up by
62 		///< releasing root or suid privileges.
63 		///<
64 		///< The parameter gives a non-privileged username
65 		///< which is used if the real user-id is root.
66 
67 	static Identity nobody() ;
68 		///< Returns the 'nobody' identity.
69 		///< Precondition: init() called
70 
71 	static Identity start( SignalSafe ) ;
72 		///< A signal-safe alternative to construction.
73 
74 	static void stop( SignalSafe , Identity ) ;
75 		///< A signal-safe alternative to destruction.
76 
77 private:
78 	static Root * m_this ;
79 	static bool m_initialised ;
80 	static Identity m_special ;
81 	static Identity m_nobody ;
82 	bool m_change_group ;
83 } ;
84 
85 #endif
86 
87