4 Privilege separation - Some projects like a file server need privilege
5 separation to be able to switch to the connnection user and do file operations.
6 uid_wrapper convincingly lies to the application letting it believe it is
7 operating as root and even switching betwen uids and gids as needed.
9 More precise this library intercepts seteuid and related calls, and simulates
10 them in a manner similar to the nss_wrapper and socket_wrapper libraries.
12 This allows you to do user switching when testing e.g. file servers.
14 To use it set the following environment variables:
16 LD_PRELOAD=libuid_wrapper.so
19 If you unset the variable or set it to 0 you can disable uwrap even if it is
20 loaded. If you need the application to think it is root at startup you can set:
24 If you set the environment variable to UID_WRAPPER_MYUID=1 before you call
25 geteuid() then it will return the real uid.
27 To find out if uid_wrapper is enabled, we suggest to implment the following
28 function in a library your application loads:
30 int uid_wrapper_enabled(void)
37 if (uid_wrapper_enabled()) {
38 /* special uid_wrapper handling code */
41 uid_wrapper implements this funciton too and it will be loaded before your