From: root <root@deleuze.hcoop.net>
Date: Sun, 23 Sep 2007 02:49:58 +0000 (-0400)
Subject: Make get-token deal with case where it is called as root
X-Git-Url: https://git.hcoop.net/hcoop/zz_old/config/exim4-hopper.git/commitdiff_plain/7a82fe65f9c74df829dda4645ce638fd470f24d4

Make get-token deal with case where it is called as root
---

diff --git a/get-token b/get-token
index 2bac468..3a28140 100755
--- a/get-token
+++ b/get-token
@@ -2,19 +2,47 @@
 # Get an AFS token for the given user.
 #
 # This is used to deliver mail with the appropriate credentials.
+#
+# Usage:
+#
+# get-token $USER
+# - If user is root, call this script as $USER
+#
+# get-token $USER norecurse
+# - Don't recursively call this script, even if user if root
+
+REALUSER=$(whoami)
+USER=$1
+LOGFILE=/tmp/exim4/get-token-log.$USER
+
+if [ "$REALUSER" = "root" ]; then
+    if [ -n "$2" ]; then
+        echo "Error: running as root even after trying to change to $USER" \
+            > $LOGFILE
+        exit 1
+    fi
+
+    # Decide whether the user exists: getent returns 0 error code if so
+    getent passwd "$USER" >/dev/null
+    if [ $? -ne 0 ]; then
+        echo "$USER is not a local user, so ignoring them"
+        exit 1
+    else
+        exec su $USER -c "$0 $1 norecurse"
+    fi
+fi
 
 # fuse stdin and stderr
 exec 2>&1
-USER=$1
 
 # all future output goes to this file
-exec >&/tmp/get-token-log.$USER
+exec >& $LOGFILE
 
-# check that setuid happened
-whoami
+# print name of user
+echo "Running as user $REALUSER"
 
 # set the credentials cache
-export KRB5CCNAME=FILE:/tmp/krb5cc_$USER.email.$$
+export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email
 
 # eliminate any previous tokens
 kdestroy