.SH SYNOPSIS
.B chkpath
.RB [ \-vqstp ]
+.RB [ \-g
+.IR group ]
.RI [ path ...]
.SH USAGE
The
mean the same as interesting. The default is to report problems with
directories and system errors.
.TP
+.B "\-g, \-\-group " group
+Consider members of
+.I group
+to be trustworthy:
+.B chkpath
+won't warn about a directory being group-writable if its gid matches
+.IR group .
+The
+.I group
+may be a group name (looked up in
+.BR /etc/group )
+or a numeric gid in decimal.
+.TP
.B "\-q, \-\-quiet"
Makes
.B chkpath
#include <stdlib.h>
#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+
#include <mLib/alloc.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
/* --- @usage@ --- */
static void usage(FILE *fp)
- { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+ { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
/* --- @version@ --- */
-s, --sticky Consider sticky directories secure against\n\
modification by world and group (not recommended).\n\
-t, --trust-group Consider other members of your group trustworthy.\n\
+-g, --group NAME Consider members of group NAME trustworthy.\n\
-p, --print Write the secure path elements to standard output.\n\
",
fp);
/* --- Set up path scanning defaults --- */
cp.cp_verbose = 1;
- cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+ cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
cp.cp_report = report;
cp.cp_arg = 0;
- checkpath_setids(&cp);
+ cp.cp_gids = 0;
+ checkpath_setuid(&cp);
/* --- Parse the options --- */
{ "print", 0, 0, 'p' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
if (i < 0)
break;
cp.cp_what |= CP_STICKYOK;
break;
case 't':
- cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+ if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+ die(1, "too many groups");
+ break;
+ case 'g':
+ allowgroup(&cp, optarg);
break;
case 'p':
f |= f_print;