I'm running this program in root and I have the following result with the command id mike:
uid=1001(mike) gid=1002(mike) groups=1002(mike),1005(mynewgroup)
I'm using the following code to get the groups:
setgid(1002)
setuid(1001)
if ((count = getgroups(NGROUPS_MAX, groupIDs)) == -1)
perror("getgroups error");
else
for (i = 0; i < count; i++)
printf("Group ID %d = %d\n", i + 1, (int) groupIDs[i]);
The result I need is to list group 1002 and 1005. its just giving me
Group ID 1 = 1002
How do I get all the groups of a user with getgroups?
It's unclear what you are doing here. Is your process root, then you setgid + setuid and expect getgroups to give you a list similar to what id provided?
First off, getgroups deals with credentials of the current process which must not be confused with credentials configured in /etc/group or other places. E.g. when the user in question logs in whatever deals with it has to explicitly set all the groups by hand, something you did not do. In particular that program does setuid and setgid, but also does other stuff to properly set credentials.
So you need to run a func which provides groups configured for given user. You already know a tool which does the job - it is id. Since this is opensource, you can just check what it does.
In this particular case the keyword you are looking for is getgrouplist. Note there is 0 use for setuid/setgid to find out what the group list is.
Related
I know that you can remove certain roles from users, and remove all roles from a user, but I was thinking of doing the reverse. I looked at this guide, which provides a way to retrieve all of the people who have a specific role. It seems like you could manipulate the collection/map to go through each member and remove the role. However, I cannot seem to achieve this.
I've hard-coded the one specific role that I am targeting as well as the message that should trigger the command.
Current code that I've been trying out (only seems to be working if there's just one person assigned the role):
if (msg.startsWith('!new round')) {
//check for everyone and remove the role
//roleID is just the roleID number string; I've stated it outside the if loop, for other command use cases as well
let membersWithRole = message.guild.roles.cache.get(roleID).members;
console.log(membersWithRole);
for (let member of membersWithRole) {
let mem = member[1]
mem.roles.remove(role).catch(console.error);
message.reply("Everyone with the jail role is now back in the game!");
}
}
Bottom line: Given a collection of the list of "guild" members that have the specified role (provided in the guide), could I iterate through a list* in order to remove the role from each member?
*I haven't found said list containing the members, but it's probably the objects themselves, so the whole collection
you need to learn documentation of discord.js
and yes you can do it by looping through all members.
if(msg.startsWith('!new round')){
console.log('command used by '+msg.author);
let role =msg.guild.roles.cache.get(roleId);
role.members.each(member=>{
member.roles.remove(role);
});
console.log('removed role from all members');
}
and also if you want to remove role from all members, so why you are not just deleting the role?
delete role:
msg.guild.roles.cache.get(roleId).delete();
How can I get the highest role name of a mentioned member? I tried something like this but it doesn't work. Thanks! :) btw this is a ban command and I need this bc my bot is crashing when someone is trying to ban a user with a higher rank than bot.
if(message.member.hasPermission('BAN_MEMBERS')){
const user = message.mentions.users.first()
console.log(user.roles.highest.name)
if(!user) return console.log("test1")
if(!args[2]) return console.log("test2")
const ddays = args[1]
What you could do is:
Getting a user's highest role:
Get the UserId from the Mention inside of the Message
Get the Cache from the RoleManager of the Guild in which the Message was sent in
(I don't know if the roles in RoleCache are sorted by position, so sort if needed)
Iterate through the roles in RoleCache and check if the UserId is contained inside a specific role
Get the position of the role
Getting the bot's highest role:
Repeat steps 2-5 for your bot (or integrate them within the previous iteration of the RoleCache)
Then compare both numbers and find out if the bot's "role number" is higher than the one of the user's.
I am looking at files under /prod/$pid/attr
current exec fscreate keycreate prev sockcreate
anybody know what do these files do ?
Proc = process information for pseudofilesystem
/proc/[pid]/attr = Security attributes
/exec = represents the attributes assigned to the process / this is needed to support role/domain transitions
/fscreate = represents the attributes to assign files created by subsequent calls - mkdir - symlink
/keycreate = if/when a process writes a security context into this file all previous keys will be labelled with this context
/prev = shows previous values /proc/[PID]/attr/current
/sockcreate = if/when a process writes security context into this file all the previously created sockets will be labelled with this context
I'm trying to determine if the current user has delete rights. I can check the ACLEntry for the person, but if they are getting their access privileges fro one or more groups this will mean cycling through the group names in the ACL and checking if they have delete right then see if the user is a member of the group. This could be a fairly intensive process. I have heard that there might be a method in the ext Lib but have not been able to find anything.
What is the best way to determine if the user can delete documents?
Adapting this example slightly, here's a function that would allow you to query this privilege (and a few others, for good measure):
function getUserPrivileges() {
var privileges = database.queryAccessPrivileges(context.getUser().getDistinguishedName());
return {
createDocuments: ((privileges & NotesDatabase.DBACL_CREATE_DOCS) > 0),
deleteDocuments: ((privileges & NotesDatabase.DBACL_DELETE_DOCS) > 0),
readPublicDocuments: ((privileges & NotesDatabase.DBACL_READ_PUBLIC_DOCS) > 0),
writePublicDocuments: ((privileges & NotesDatabase.DBACL_WRITE_PUBLIC_DOCS) > 0)
};
}
If you add the above to a script library, then any code that references that library could include logic like the following:
if (getUserPrivileges().deleteDocuments) {
// delete something…
}
For additional flexibility, you could adjust the getUserPrivileges() function to be passed a handle on the specific database the user is trying to delete from instead of always assuming it's the current.
So a user has a primary group and may belong to other supplementary group.
suppose user A primary group is G and supplementary groups G+1,G+2
User A runs a program is it possible to change group id to G+1
by default i know the group id will be set to G but an error is thrown when i run below program .erroris: Operation not permitted,where 4 is supplemental group a user belongs too.
According to the Manual ERRORS
EPERM The calling process is not privileged (does not have the CAP_SETGID capability), and gid does not match the real group ID or saved set-group-ID ofthe calling process.
How to list capability of a process ?
what does the saved set-group-id means ?
int
main ()
{
int x = 0;
char *error = "erroris";
x = setgid (4);
printf ("%d", x);
perror (error);
}
Too many questions in one question!
Problem 1: cannot use setgid to change to a different goup id
Reasons for failure: User is not root, User is not euid 0, User does not have CAP_SETGID
Problem 2: How do I list the capabilities of a process
Answer 2: Use cap_get_proc and cap_to_text to list the capabilities of a process
Problem 3: What does the saved set-group-id mean
Answer 3: When you use one of the sete*id() calls successfully, it records the old one in the saved id. This allows you to revert back to the saved value because this is one of the ids you're permitted to change to using the set call.