A program that allows the a specified user to copy files as any other user belonging to a specified group to a specific set of directories.
A setuid binary is required, so we may as well write in C as it isn't that large a program. Will be packaged as an RPM and installed on PHENIX nodes.
Reads a configuration file to determine the allowed user, target-user's group, and target locations.
The program will become the target user to copy files, so the inputs must be readable by that user (likely world-readable). The target directories must be enumerated in the config file and must be underneath this. They also cannot contain any back-references "../" or symbolic links that point outside of this target directory.
The following possible error codes provided by the program all have special meanings documented below:
Error Code--Meaning
-
- NO_ERROR Everything was successful
-
- USAGE_ERROR Commandline-usage error
-
- CONFIG_ERROR Error reading or parsing config file, or missing config section
-
- USERPERM_ERROR User is not authorized in config, target user is in the incorrect group, or the user does not have permission to suid to the target.
-
- USERABSENT_ERROR Target user or the target required-group does not exist
-
- PATHPERM_ERROR Destination target is not in the list of allowed destination directories
-
- FILEPERM_ERROR Error opening input to read or creating output file
-
- PATHRESOLV_ERROR Error fully resolving the output path or any of the configured allowed-paths
-
- IO_ERROR An error occured reading/writing the output file other than disk-quota
-
- QUOTA_ERROR A user's quota was reached while writing output file
-
- NO_ACTION_ERROR Multiple input files were selected and none were valid
Abnormal Errors -- will have bit 5 set
-
- MEMORY_ERROR A memory allocation failed somewhere
-
- LDAP_ERROR A lookup of user or group info failed (library call fail)
-
- INTERNAL_ERROR Something strange that should not happen did