VideoTools
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Public Member Functions | Static Public Member Functions | List of all members
G::Root Class Reference

A class which acquires the process's special privileges on construction and releases them on destruction. More...

#include <groot.h>

Public Member Functions

 Root ()
 Default constructor. More...
 
 Root (bool change_group)
 Constructor overload with explicit control over whether to change the group-id or not. More...
 
 ~Root ()
 Desctructor. More...
 

Static Public Member Functions

static void init (const std::string &non_root, bool default_change_group=true)
 Initialises this class on process start-up by releasing root (or suid) privileges. More...
 
static Identity nobody ()
 Returns the 'nobody' identity corresponding to the init() user name. More...
 
static Identity start (SignalSafe)
 A signal-safe alternative to construction.
 
static void stop (SignalSafe, Identity)
 A signal-safe alternative to destruction.
 

Detailed Description

A class which acquires the process's special privileges on construction and releases them on destruction.

Despite the name of the class the special privileges are not necessarily root privileges; they can be suid privileges.

The class must be initialised by calling a static init() method. If instances are nested then the inner instances have no effect.

The effect of this class depends on whether the process's real-id is root or not. If the real-id is root then the effective-id is switched to some named 'ordinary' user's id at startup, and then back to what it was (ie. root or the suid id) for the critical sections. Otherwise, the effective-id is switched to the real-id at startup and switched back to what it was for the critical sections.

The implementation uses G::Process and G::Identity.

Definition at line 49 of file groot.h.

Constructor & Destructor Documentation

G::Root::Root ( )

Default constructor.

Acquires special privileges by switching the user-id and possibly the group-id (see init()).

Does nothing if the class has not been initialised by a call to init(). Does nothing if there is another instance at an outer scope.

The implementation uses G::Process::beSpecial().

Definition at line 34 of file groot.cpp.

G::Root::Root ( bool  change_group)
explicit

Constructor overload with explicit control over whether to change the group-id or not.

Definition at line 47 of file groot.cpp.

G::Root::~Root ( )

Desctructor.

Releases special privileges if this instance acquired them.

The implementation uses G::Process::beOrdinary().

Definition at line 60 of file groot.cpp.

Member Function Documentation

void G::Root::init ( const std::string &  non_root,
bool  default_change_group = true 
)
static

Initialises this class on process start-up by releasing root (or suid) privileges.

The string parameter gives a non-privileged username which is used if the real user-id is root.

The group-id behaviour of the default constructor is modified by the boolean parameter.

Definition at line 92 of file groot.cpp.

G::Identity G::Root::nobody ( )
static

Returns the 'nobody' identity corresponding to the init() user name.

Precondition: init() called

Definition at line 102 of file groot.cpp.

The documentation for this class was generated from the following files: