5 sub supplemental_groups {
9 while (my @fields=getgrent()) {
10 if (grep { $_ eq $user } split(' ', $fields[3])) {
11 push @list, $fields[2];
22 if (! getpwnam("$user")) {
23 print STDERR "warning: user $user does not exist\n";
27 print STDERR "warning: $setup does not exist, skipping\n";
30 print "Processing $setup as user $user ...\n";
31 # su is not used because it passes arguments through the shell,
32 # which is not safe for untrusted setup file names.
33 defined(my $pid = fork) or die "Can’t fork: $!";
35 my ($uuid, $ugid) = (getpwnam($user))[2, 3];
36 my $grouplist=join(" ", $ugid, sort {$a <=> $b} $ugid, supplemental_groups($user));
37 if (($)=$grouplist) ne $grouplist) {
38 die "failed to set egid $grouplist (got back $))";
43 if ($< != $uuid || $> != $uuid || $( != $ugid) {
44 die "failed to drop permissions to $user";
48 HOME => (getpwnam($user))[7],
50 exec("ikiwiki", "-setup", $setup, @ARGV);
51 die "failed to run ikiwiki: $!";
55 print STDERR "Processing $setup as user $user failed with code $?\n";
64 open ($list, "<$file") || die "$file: $!";
69 next if /^#/ || ! length;
71 if (/^([^\s]+)\s+([^\s]+)$/) {
74 if (defined $forceuser && $forceuser ne $user) {
75 print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n";
77 processline($user, $setup);
79 elsif (/^([^\s]+)$/) {
81 my $home=(getpwnam($user))[7];
82 if (defined $home && -d $home) {
83 my $dotfile="$home/.ikiwiki/wikilist";
85 processlist($dotfile, $user);
93 my $wikilist="/etc/ikiwiki/wikilist";
96 processlist($wikilist);