From ca526df876ab6171b40883be543c233616458c9a Mon Sep 17 00:00:00 2001 From: Johannes 'josch' Schauer Date: Sun, 25 Oct 2015 19:50:49 +0100 Subject: [PATCH] map the user outside to the root user inside or otherwise the root user insude cannot access the files owned by the user outside --- user-unshare | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/user-unshare b/user-unshare index edf2ac2..bf505aa 100755 --- a/user-unshare +++ b/user-unshare @@ -84,10 +84,11 @@ use Pod::Usage; # read the files /etc/subuid and /etc/subgid and return the mapping of user and # group ids, respectively for the given username -sub read_subuid_subgid($) { - my $username = shift; +sub read_subuid_subgid() { + my $username = getpwuid $<; my ($subid, $num_subid, $fh, $n); - my @result; + # map the current user and group id to the root user by default + my @result = (["u", 0, $<, 1], ["g", 0, $<, 1]); if (-f "/etc/subuid") { open $fh, "<", "/etc/subuid" or die "cannot open /etc/subuid for reading: $!"; @@ -96,7 +97,8 @@ sub read_subuid_subgid($) { last if ($n eq $username); } close $fh; - push @result, ["u", 0, $subid, $num_subid]; + # all other user ids start after root + push @result, ["u", 1, $subid, $num_subid]; } if ( -f "/etc/subgid") { @@ -106,7 +108,8 @@ sub read_subuid_subgid($) { last if ($n eq $username); } close $fh; - push @result, ["g", 0, $subid, $num_subid]; + # all other group ids start after root + push @result, ["g", 1, $subid, $num_subid]; } return @result; @@ -162,7 +165,7 @@ my $origgid = $(; # new[ug]idmap is called with the exact values from /etc/sub[ug]id, # respectively. if (scalar @idmap == 0) { - @idmap = read_subuid_subgid getpwuid $<; + @idmap = read_subuid_subgid; } # Create a pipe for the parent process to signal the child process that it is