summaryrefslogtreecommitdiff
path: root/tests/priv-check
blob: 6de80fe50ee0cec61eda64c3517f3715abbf7da0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# -*- sh -*-
# Source this file at the beginning of a test that works
# only when run as root or as non-root.

case "$PRIV_CHECK_ARG" in
  require-root) who='as root';;
  require-non-root) who='by an unprivileged user';;
  *) echo "Usage: PRIV_CHECK_ARG={require-root|require-non-root} . priv-check"\
     1>&2; exit 1;;
esac

# Make sure id -u succeeds.
my_uid=`id -u`
test $? = 0 || {
  echo "$0: cannot run \`id -u'" 1>&2
  (exit 1); exit 1
}

# Make sure it gives valid output.
case $my_uid in
  *[!0-9]*)
    echo "$0: invalid output (\`$my_uid') from \`id -u'" 1>&2
    (exit 1); exit 1
    ;;
  *) ;;
esac

test $my_uid = 0 && \
{
  # When running as root, always ensure that we have a valid non-root username.
  # As non-root, don't do anything, since we won't be running setuidgid.
  : ${NON_ROOT_USERNAME=nobody}

  # Ensure that the supplied username is valid and with UID != 0.
  coreutils_non_root_uid=`id -u $NON_ROOT_USERNAME`
  test $? = 0 || \
    {
      echo "$0: This command failed: \`id -u $NON_ROOT_USERNAME'" 1>&2
      echo "$0: Skipping this test.  To enable it, set the envvar" 1>&2
      echo "$0: NON_ROOT_USERNAME to a non-root user name." 1>&2
      (exit 77); exit 77
    }
  test "$coreutils_non_root_uid" = 0 && \
    {
      echo "$0: The specified NON_ROOT_USERNAME ($NON_ROOT_USERNAME)" 1>&2
      echo "$0: is invalid because its UID is 0." 1>&2
      (exit 1); exit 1
    }
}

give_msg=no
case $PRIV_CHECK_ARG:$my_uid in
  require-root:0) ;;
  require-root:*) give_msg=yes ;;
  require-non-root:0)
    # `.' must be writable by $NON_ROOT_USERNAME
    setuidgid $NON_ROOT_USERNAME test -w . ||
      {
	echo "$0: `pwd`: not writable by user \`$NON_ROOT_USERNAME'" 1>&2
	echo "$0: skipping this test" 1>&2
	(exit 77); exit 77
      }
    exec setuidgid $NON_ROOT_USERNAME env PATH="$PATH" $0
    ;;
  require-non-root:*) ;;
esac

test $give_msg = yes && {
  cat <<EOF
***************************
NOTICE:
$0: This test is being skipped, since it works only
when run $who.
***************************
EOF
  (exit 77); exit 77
}