adding initial version
This commit is contained in:
parent
84230329cc
commit
e52e95905d
1 changed files with 89 additions and 0 deletions
89
limitcheck.c
Normal file
89
limitcheck.c
Normal file
|
|
@ -0,0 +1,89 @@
|
||||||
|
/*
|
||||||
|
limitcheck.c - given a user, drop privileges and check ulimits
|
||||||
|
|
||||||
|
Compile: gcc -o limitcheck limitcheck.c
|
||||||
|
Use: sudo ./limitcheck <user>
|
||||||
|
|
||||||
|
Author: Troy Engel
|
||||||
|
License: APL 2.0
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/resource.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <grp.h>
|
||||||
|
|
||||||
|
static int drop_privileges(const char *user) {
|
||||||
|
struct passwd *pw = NULL;
|
||||||
|
pw = getpwnam(user);
|
||||||
|
if (pw) {
|
||||||
|
if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
|
||||||
|
setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
|
||||||
|
fprintf(stdout, "Couldn't change to '%.32s' uid=%lu gid=%lu\n",
|
||||||
|
user, (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid);
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
|
fprintf(stdout, "Successfully changed to '%.32s' uid=%lu gid=%lu\n",
|
||||||
|
user, (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
fprintf(stdout, "Couldn't find user '%.32s'\n", user);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void print_limits() {
|
||||||
|
struct rlimit rl;
|
||||||
|
|
||||||
|
fprintf(stdout, " %11s %11s\n", "soft", "hard");
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_CORE, &rl);
|
||||||
|
fprintf(stdout, "core file size: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_CPU, &rl);
|
||||||
|
fprintf(stdout, "cpu time: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_DATA, &rl);
|
||||||
|
fprintf(stdout, "data seg size: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_FSIZE, &rl);
|
||||||
|
fprintf(stdout, "file size: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_NOFILE, &rl);
|
||||||
|
fprintf(stdout, "open files: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_STACK, &rl);
|
||||||
|
fprintf(stdout, "stack size: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
getrlimit(RLIMIT_AS, &rl);
|
||||||
|
fprintf(stdout, "memory size: %11d %11d\n", (long long int)rl.rlim_cur,
|
||||||
|
(long long int)rl.rlim_max);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
int main(int argc, char **argv) {
|
||||||
|
|
||||||
|
/* we only accept one argument - the user to check */
|
||||||
|
if (argc == 2) {
|
||||||
|
if (drop_privileges(argv[1]) == 0) {
|
||||||
|
print_limits();
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
fprintf(stdout, "Usage: %s <name of system user>\n", argv[0]);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue