4 releases
Uses old Rust 2015
0.2.3 | Apr 11, 2018 |
---|---|
0.2.1 | Apr 11, 2018 |
0.1.1 | Apr 1, 2018 |
0.1.0 | Apr 1, 2018 |
#692 in Operating systems
8KB
118 lines
NAME
rwog - run without groups
SYNOPSIS
rwog -g <groups>... [-- command-with-args...]
DESCRIPTION
rwog lets you run a given command while temporarily reducing your group membership. It does not modify /etc/group
or /etc/passwd
, and cannot grant you permissions you don't already have. Possible use cases for rwog
include:
- In a shared system for which you are a privileged user, pretending that you are an unprivileged user without logging in as one.
- Testing a program's behavior when it doesn't have the group memberships it needs.
OPTIONS
-h, --help
Display the help.
-g, --groups
Run the given command without these groups, given by name (not number). You cannot drop your primary group membership (which is output by id -gn
). Groups that don't exit or that you're not already a member of are ignored.
SEE ALSO
id
(1), getent
(1), groups
(1), group
(5)
BUGS
- Does not support
gid
s given by number. When it does, suchgid
s will be given of the form+gid_number
, as is the case with mostcoreutils
programs.
CAVEATS
rwog
must have the capability CAP_SETGID
in order to be used. Grant it with setcap $(which rwog) cap_setgid=pe
if your package manager hasn't done so already. You could run it as root, but given that rwog
is supposed to reduce privileges you'd be missing the point entirely.
I cannot promise that rwog
is entirely secure. I'm not doing anything blatantly wrong, but it's possible that there's something I missed. Do not let untrusted users run rwog
.
LICENSE
MIT.
Dependencies
~3MB
~49K SLoC