restrict-access.h revision 7f97ca94363c9e38fbbaaef204d6d01c54af6fc4
9a583c7a827f7a4d89ee43774f2d51ea6a214543Timo Sirainen/* set environment variables so they can be read with
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen restrict_access_by_env(). If privileged_gid != (gid_t)-1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen the privileged GID can be temporarily enabled/disabled. */
5e40ed3f0a2c2acddc9b8eab59670c7a850114c5Timo Sirainenvoid restrict_access_set_env(const char *user, uid_t uid,
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen/* chroot, setuid() and setgid() based on environment variables.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen If disallow_roots is TRUE, we'll kill ourself if we didn't have the
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen environment settings and we have root uid or gid. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid restrict_access_by_env(bool disallow_root);
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen/* If privileged_gid was set, these functions can be used to temporarily
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen gain access to the group. */
5e40ed3f0a2c2acddc9b8eab59670c7a850114c5Timo Sirainen/* Returns TRUE if privileged GID exists for this process. */