Suggestion: Implement `setresuid` in Node prcoess API
Is your feature request related to a problem? Please describe.
I am trying to drop privileges for parts of my program. Usually this is achieved using the setresuid
syscall (at least on Linux). Many programming languages implement this call (such as Ruby, Python, C/C++, Rust or Go) and it basically always works like this:
#!/usr/bin/env python3
# run this as root (i.e. through sudo)
import os
# switch to userid 1000
os.setresuid(1000, 1000, -1)
os.system("id")
# switch back to root
os.setresuid(0, 0, -1)
os.system("id")
Hoever when using setuid
/seteuid
there is no way to get back root privileges (see https://man7.org/linux/man-pages/man2/setuid.2.html).
Describe the solution you'd like
I would love the Node process API to implement not only setuid
and seeteuid
but also the setresuid
syscall to be able to change the EUID and the UID at the same time, while leaving the saved user set ID untouched (-1).
Describe alternatives you've considered
I played around with process.setuid
and process.seteuid
without success though. Once root privileges are dropped, there is no way back ...
#!/usr/bin/env node
// Note: Run with root privileges.
// Note: This does NOT work.
const process = require('process')
const { spawn } = require('child_process')
const gid = 1000
const uid = 1000
if (process.getuid && process.setuid) {
console.log(`Current uid: ${process.getuid()}`)
try {
process.seteuid(uid)
process.setuid(uid)
console.log(`New uid: ${process.getuid()}`)
} catch (err) {
console.log(`Failed to set uid: ${err}`)
}
try {
process.seteuid(0) // order does not matter here,
process.setuid(0) // won't work, no matter what's first.
console.log(`New uid: ${process.getuid()}`)
} catch (err) {
console.log(`Failed to set uid: ${err}`)
}
}