<?php var_dump(posix_initgroups('foo', 'bar')); var_dump(posix_initgroups(NULL, NULL));
/** * Set unix user and group for current process. * @return void */ public function setUserAndGroup() { // Get uid. $user_info = posix_getpwnam($this->user); if (!$user_info) { return self::log("Waring: User {$this->user} not exsits", true); } $uid = $user_info['uid']; // Get gid. if ($this->group) { $group_info = posix_getgrnam($this->group); if (!$group_info) { return self::log("Waring: Group {$this->group} not exsits", true); } $gid = $group_info['gid']; } else { $gid = $user_info['gid']; } // Set uid and gid. if ($uid != posix_getuid() || $gid != posix_getgid()) { if (!posix_setgid($gid) || !posix_initgroups($user_info['name'], $gid) || !posix_setuid($uid)) { self::log("Waring: change gid or uid fail.", true); } } }
/** * Calculate the group access list * * @param string $name The user to calculate the list for. * @param int $baseGroupId Typically the group number from the password file. * * @return bool */ public function initgroups(string $name, int $baseGroupId) : bool { return posix_initgroups($name, $baseGroupId); }
/** * 尝试设置运行当前进程的用户、用户组、文件系统根目录 * * @param $user_name */ public function setProcessUserAndRoot() { // set chroot if ($this->chroot) { if (posix_getuid() != 0) { self::log('Waring: You must have the root privileges to change root.', true); } else { if (!chroot($this->chroot)) { return self::log("Notice: chroot({$this->chroot}) fail.", true); } } } // get uid $user_info = posix_getpwnam($this->user); if (!$user_info) { return self::log("Waring: User {$this->user} not exsits", true); } $uid = $user_info['uid']; // get gid if ($this->group) { $group_info = posix_getgrnam($this->group); if (!$group_info) { return self::log("Waring: Group {$this->group} not exsits", true); } $gid = $group_info['gid']; } else { $gid = $user_info['gid']; } // set uid and gid if ($uid != posix_getuid() || $gid != posix_getgid()) { if (posix_getuid() != 0) { self::log('Waring: You must have the root privileges to change uid and gid.', true); } elseif (!posix_setgid($gid) || !posix_initgroups($user_info['name'], $gid) || !posix_setuid($uid)) { self::log("Waring: change gid or uid fail.", true); } } }
/** * Initializes the group access list by reading the group database /etc/group and using all groups of which user is a member. The additional group is also added to the list. * * @param string $name The user to calculate the list for. * @param int $baseGroupId Typically the group number from the password file. * * @return bool */ public function initgroups($name, $baseGroupId) { return posix_initgroups($name, $baseGroupId); }