dehydrated/0001-Add-optional-user-and-group-configuration.patch

From 700040068e3c08025f206e06ba5cfa76a124d805 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Thu, 21 Sep 2017 19:07:54 +0200
Subject: [PATCH] Add optional user and group configuration

when DEHYDRATED_USER is set, dehydrated will refuse to run as root,
and instead launch itself as the user in DEHYDRATED_USER (and
DEHYDRATED_GROUP if set).
---
 dehydrated           | 15 +++++++++++++++
 docs/examples/config |  6 ++++++
 2 files changed, 21 insertions(+)

diff --git a/dehydrated b/dehydrated
index 8b31ee1..39c717f 100755
--- a/dehydrated
+++ b/dehydrated
@@ -126,6 +126,8 @@ load_config() {
   LOCKFILE=
   OCSP_MUST_STAPLE="no"
   IP_VERSION=
+  DEHYDRATED_USER=
+  DEHYDRATED_GROUP=
 
   if [[ -z "${CONFIG:-}" ]]; then
     echo "#" >&2
@@ -159,6 +161,19 @@ load_config() {
    done
   fi
 
+  # Check if we are running & are allowed to run as root
+  if [[ ! -z "$DEHYDRATED_USER" && $EUID == 0 ]]; then
+    if [ ! -z "$DEHYDRATED_GROUP" ]; then
+        group="-g $DEHYDRATED_GROUP"
+    fi
+    echo "# INFO: Running $0 as $DEHYDRATED_USER"
+    su -c "$0" $group "$DEHYDRATED_USER"
+    exit
+  fi
+
+  # Check for missing dependencies
+  check_dependencies
+
   # Remove slash from end of BASEDIR. Mostly for cleaner outputs, doesn't change functionality.
   BASEDIR="${BASEDIR%%/}"
 
diff --git a/docs/examples/config b/docs/examples/config
index 1b1b3d8..9a890f4 100644
--- a/docs/examples/config
+++ b/docs/examples/config
@@ -10,6 +10,12 @@
 # Default values of this config are in comments        #
 ########################################################
 
+# Which user should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_USER=
+
+# Which group should dehydrated run as? This will be implictly enforced when running as root
+#DEHYDRATED_GROUP=
+
 # Resolve names to addresses of IP version only. (curl)
 # supported values: 4, 6
 # default: <unset>
-- 
2.12.3