c9983bc7 |
1 | #!/usr/bin/perl |
2 | use warnings; |
3 | use strict; |
dd7a3814 |
4 | |
c9983bc7 |
5 | sub processline { |
6 | my $user=shift; |
7 | my $setup=shift; |
8 | |
9 | if (! getpwnam("$user")) { |
10 | print STDERR "warning: user $user does not exist\n"; |
11 | return |
12 | } |
13 | if (! -f "$setup") { |
14 | print STDERR "warning: $setup does not exist, skipping\n"; |
15 | return; |
16 | } |
17 | print "Processing $setup as user $user ...\n"; |
18 | # su is not used because it passes arguments through the shell, |
19 | # which is not safe for untrusted setup file names. |
20 | defined(my $pid = fork) or die "Can’t fork: $!"; |
21 | if (! $pid) { |
22 | my ($uuid, $ugid) = (getpwnam($user))[2, 3]; |
23 | $)="$ugid $ugid"; |
24 | $(=$ugid; |
25 | $>=$uuid; |
26 | $<=$uuid; |
27 | if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") { |
28 | die "failed to drop permissions to $user"; |
29 | } |
30 | %ENV=(); |
31 | $ENV{HOME}=(getpwnam($user))[7]; |
32 | exec("ikiwiki", "-setup", $setup, @ARGV); |
33 | die "failed to run ikiwiki: $!"; |
34 | } |
35 | waitpid($pid,0); |
36 | if ($?) { |
37 | print STDERR "Processing $setup as user $user failed with code $?\n"; |
38 | } |
39 | } |
c20c4066 |
40 | |
c9983bc7 |
41 | sub processlist { |
42 | my $file=shift; |
43 | my $forceuser=shift; |
dd7a3814 |
44 | |
c9983bc7 |
45 | my $list; |
46 | open ($list, "<$file") || die "$file: $!"; |
47 | while (<$list>) { |
48 | chomp; |
49 | s/^\s+//; |
50 | s/\s+$//; |
51 | next if /^#/ || ! length; |
52 | |
53 | if (/^([^\s]+)\s+([^\s]+)$/) { |
54 | my $user=$1; |
55 | my $setup=$2; |
56 | if (defined $forceuser && $forceuser ne $user) { |
57 | print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n"; |
58 | } |
59 | processline($user, $setup); |
60 | } |
61 | elsif (/^([^\s]+)$/) { |
62 | my $user=$1; |
63 | my $home=(getpwnam($user))[7]; |
64 | if (defined $home && -d $home) { |
65 | my $dotfile="$home/.ikiwiki/wikilist"; |
66 | if (-e $dotfile) { |
67 | processlist($dotfile, $user); |
68 | } |
69 | } |
70 | } |
71 | } |
72 | close $list; |
73 | } |
74 | |
75 | my $wikilist="/etc/ikiwiki/wikilist"; |
76 | |
77 | if (-e $wikilist) { |
78 | processlist($wikilist); |
dd7a3814 |
79 | } |
80 | |