potato2003 · March 27, 2019 08:36
diff --git a/setusergroups b/setusergroups
 #!/usr/bin/env ruby

 # usage: setusergroups [-h|--help] username child
 #
 # setuidgid w. support for supplementary groups
 # ruby porting of https://gist.github.com/kazuho/6181648
 #
 # see: http://d.hatena.ne.jp/hirose31/20130808/1375965331
 # see: https://gist.github.com/kazuho/6181648

 require 'etc'

 will_show_help  = false
 will_show_help |= ARGV.size < 2
 will_show_help |= ["-h", "--help"].include? ARGV[0]

 if will_show_help
  puts "usage: setusergroups [-h|--help] username child"
  exit 1
 end

 username = ARGV.shift

 # get uid, gid
 userent = Etc.getpwnam(username) \
  or fail "unknown user: #{username}"

 # get supplementary groups
 supp_groups = []
 while e = Etc.getgrent
  supp_groups << e.name if e.mem.include?(username)
 end

 # setuid, setgid, setgroups
 Process::Sys.setgid userent.gid
 Process.groups = supp_groups
 Process::Sys.setuid userent.uid

 # run given program
 program = ARGV.shift
 exec(program, *ARGV)
	#!/usr/bin/env ruby

	# usage: setusergroups [-h\|--help] username child
	#
	# setuidgid w. support for supplementary groups
	# ruby porting of https://gist.github.com/kazuho/6181648
	#
	# see: http://d.hatena.ne.jp/hirose31/20130808/1375965331
	# see: https://gist.github.com/kazuho/6181648

	require 'etc'

	will_show_help = false
	will_show_help \|= ARGV.size < 2
	will_show_help \|= ["-h", "--help"].include? ARGV[0]

	if will_show_help
	puts "usage: setusergroups [-h\|--help] username child"
	exit 1
	end

	username = ARGV.shift

	# get uid, gid
	userent = Etc.getpwnam(username) \
	or fail "unknown user: #{username}"

	# get supplementary groups
	supp_groups = []
	while e = Etc.getgrent
	supp_groups << e.name if e.mem.include?(username)
	end

	# setuid, setgid, setgroups
	Process::Sys.setgid userent.gid
	Process.groups = supp_groups
	Process::Sys.setuid userent.uid

	# run given program
	program = ARGV.shift
	exec(program, *ARGV)