Convert Figma logo to code with AI

ncopa logosu-exec

switch user and group id and exec

1,000
103
1,000
24
View on GitHub

Top Related Projects

apenwarr's avatar

sshuttle

8,886

Wrong project! You should head over to http://github.com/sshuttle/sshuttle

krallin's avatar

tini

10,444

A tiny but valid `init` for containers

Yelp's avatar

dumb-init

7,155

A minimal init system for Linux containers

jordansissel's avatar

fpm

11,355

Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

vishnubob's avatar

wait-for-it

9,732

Pure bash script to test and wait on the availability of a TCP host and port

jwilder's avatar

dockerize

5,097

Utility to simplify running applications in docker containers

Quick Overview

The su-exec project is a simple tool that allows you to execute a command as another user. It is designed to be a lightweight and efficient alternative to the su and sudo commands, with a focus on security and ease of use.

Pros

  • Lightweight: su-exec is a small, single-binary executable that has no external dependencies, making it easy to distribute and use.
  • Secure: su-exec uses the setuid and setgid system calls to switch user and group IDs, which is a more secure approach than using su or sudo.
  • Easy to use: su-exec has a simple command-line interface, making it easy to integrate into scripts and other applications.
  • Cross-platform: su-exec is available for multiple platforms, including Linux, macOS, and Windows.

Cons

  • Limited functionality: su-exec is a relatively simple tool, and may not provide all the features and functionality of more complex tools like su or sudo.
  • Requires root/admin privileges: To use su-exec, the user must have the necessary permissions to switch user and group IDs.
  • No interactive mode: su-exec does not provide an interactive shell, and can only be used to execute a single command.
  • No support for environment variables: su-exec does not currently support passing environment variables to the executed command.

Code Examples

N/A (this is not a code library)

Getting Started

To use su-exec, you can download the pre-built binary from the project's GitHub repository:

wget https://github.com/ncopa/su-exec/releases/download/v2.3.0/su-exec-v2.3.0-linux-amd64
chmod +x su-exec-v2.3.0-linux-amd64

Then, you can use su-exec to execute a command as a different user:

./su-exec user command [args...]

For example, to execute the ls command as the www-data user:

./su-exec www-data ls -l

You can also use su-exec in scripts to execute commands as a different user:

#!/bin/bash

su-exec www-data /usr/bin/php /var/www/app/index.php

In this example, the su-exec command is used to execute the PHP script as the www-data user, which may be necessary for the script to access certain files or resources.

Competitor Comparisons

apenwarr logo

sshuttle

8,886

Wrong project! You should head over to http://github.com/sshuttle/sshuttle

Pros of sshuttle

  • sshuttle provides a simple and effective way to create a VPN-like tunnel without the need for a VPN server, making it a convenient solution for remote access.
  • sshuttle supports a wide range of platforms, including Linux, macOS, and Windows, making it a versatile tool.
  • sshuttle can be used to bypass firewalls and access resources that might otherwise be restricted.

Cons of sshuttle

  • sshuttle requires the installation of Python and its dependencies, which may not be available on all systems.
  • sshuttle's performance may be affected by network latency and bandwidth limitations, as it relies on a proxy-based approach.
  • sshuttle may not provide the same level of security and encryption as a traditional VPN solution.

Code Comparison

su-exec:

int main(int argc, char *argv[]) {
    if (argc < 2) {
        fprintf(stderr, "usage: %s <user> [args...]\n", argv[0]);
        return 1;
    }

    const char *user = argv[1];
    char **args = argv + 2;

    if (setgid(getpwnam(user)->pw_gid) != 0) {
        fprintf(stderr, "setgid(%s): %s\n", user, strerror(errno));
        return 1;
    }
    if (setuid(getpwnam(user)->pw_uid) != 0) {
        fprintf(stderr, "setuid(%s): %s\n", user, strerror(errno));
        return 1;
    }

    execvp(args[0], args);
    fprintf(stderr, "exec(%s): %s\n", args[0], strerror(errno));
    return 1;
}

sshuttle:

def main():
    parser = OptionParser()
    parser.add_option("-r", "--remote", dest="remote", default=None,
                      help="Remote host to connect to (user@host:port)")
    parser.add_option("-H", "--auto-hosts", action="store_true",
                      dest="auto_hosts", default=False,
                      help="Automatically add new hosts to /etc/hosts")
    parser.add_option("-N", "--auto-nets", action="store_true",
                      dest="auto_nets", default=False,
                      help="Automatically add new routes")
    parser.add_option("-x", "--exclude", action="append", dest="exclude",
                      default=[], help="Exclude these networks")
    parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
                      default=False, help="Verbose mode")
    (options, args) = parser.parse_args()
krallin logo

tini

10,444

A tiny but valid `init` for containers

Pros of Tini

  • Tini is a lightweight and simple init system that helps with signal forwarding and process management in Docker containers.
  • Tini provides a simple and effective way to handle signals and ensure that all child processes are properly terminated when the main process exits.
  • Tini is widely used and well-supported, with a large community and active development.

Cons of Tini

  • Tini may have a slightly higher overhead compared to su-exec, as it is a separate process that runs alongside the main application.
  • Tini may not be as lightweight as su-exec, which is a single-purpose utility.

Code Comparison

su-exec:

int main(int argc, char *argv[]) {
    if (argc < 3) {
        fprintf(stderr, "usage: %s user[:group] command [args...]\n", argv[0]);
        return 1;
    }

    const char *user = argv[1];
    char *command = argv[2];
    char **args = argv + 3;
    return su_exec(user, command, args);
}

Tini:

int main(int argc, char *argv[]) {
    if (argc < 2) {
        fprintf(stderr, "usage: %s [--] [COMMAND [ARG...]]\n", argv[0]);
        return 1;
    }

    int tini_argc = argc - 1;
    char **tini_argv = argv + 1;

    return tini_main(tini_argc, tini_argv);
}
Yelp logo

dumb-init

7,155

A minimal init system for Linux containers

Pros of Yelp/dumb-init

  • Provides a simple and lightweight init system for Docker containers, ensuring proper signal handling and process management.
  • Supports running multiple processes within a single container, making it easier to manage complex applications.
  • Offers a straightforward and easy-to-use interface, with minimal configuration required.

Cons of Yelp/dumb-init

  • May not provide the same level of flexibility and control as more feature-rich init systems like ncopa/su-exec.
  • Lacks some of the advanced features and customization options available in ncopa/su-exec.
  • May not be suitable for highly complex or specialized use cases that require more advanced process management capabilities.

Code Comparison

Here's a brief comparison of the code for ncopa/su-exec and Yelp/dumb-init:

ncopa/su-exec:

int main(int argc, char *argv[]) {
    if (argc < 2) {
        fprintf(stderr, "usage: %s <user[:group]> command [args...]\n", argv[0]);
        return 1;
    }

    char *user = argv[1];
    char *cmd = argv[2];
    char **args = argv + 2;

    return su_exec(user, cmd, args);
}

Yelp/dumb-init:

def run_child(args):
    try:
        os.execvp(args[0], args)
    except OSError as e:
        sys.stderr.write('dumb-init: exec() failed: {}\n'.format(e))
        sys.exit(1)

def main():
    args = sys.argv[1:]
    if not args:
        sys.stderr.write('dumb-init: no command given\n')
        sys.exit(1)

    try:
        signal.signal(signal.SIGTERM, handle_signal)
        signal.signal(signal.SIGINT, handle_signal)
        run_child(args)
    except KeyboardInterrupt:
        pass
jordansissel logo

fpm

11,355

Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

Pros of FPM

  • FPM supports a wide range of package formats, including RPM, DEB, Solaris, and more, making it a versatile tool for packaging applications.
  • FPM provides a simple and intuitive command-line interface, allowing users to quickly create packages without complex configuration.
  • FPM includes features like dependency management, package versioning, and metadata customization, which can simplify the packaging process.

Cons of FPM

  • FPM may have a steeper learning curve compared to su-exec, as it offers more advanced features and configuration options.
  • FPM's flexibility can also lead to increased complexity, which may be a drawback for users who require a more streamlined packaging solution.

Code Comparison

su-exec:

int main(int argc, char *argv[]) {
    if (argc < 2) {
        fprintf(stderr, "usage: %s <user[:group]> <command> [args...]\n", argv[0]);
        return 1;
    }

    char *user = argv[1];
    char *cmd = argv[2];
    char **args = argv + 3;

FPM:

def input(name)
  @inputs[name.to_sym] || @inputs[name.to_s]
end

def output(name)
  @outputs[name.to_sym] || @outputs[name.to_s]
end

def filter(name)
  @filters[name.to_sym] || @filters[name.to_s]
end
vishnubob logo

wait-for-it

9,732

Pure bash script to test and wait on the availability of a TCP host and port

Pros of wait-for-it

  • Flexibility: wait-for-it provides a flexible and customizable way to wait for a TCP host/port to become available, making it suitable for a variety of use cases.
  • Portability: The script is written in POSIX-compliant Bash, ensuring it can be used on a wide range of Unix-like systems.
  • Timeout Handling: wait-for-it includes a built-in timeout mechanism, allowing you to specify a maximum wait time before the script exits.

Cons of wait-for-it

  • Limited Functionality: wait-for-it is primarily focused on waiting for a TCP host/port, and may not provide the same level of functionality as su-exec for tasks like user switching or privilege escalation.
  • Dependency on Bash: The script requires Bash, which may not be available on all systems, particularly Windows environments.
  • Lack of Active Maintenance: The wait-for-it project appears to have less active maintenance compared to su-exec, with the last commit being over a year ago.

Code Comparison

su-exec:

int main(int argc, char *argv[]) {
    if (argc < 3) {
        fprintf(stderr, "usage: %s user[:group] command [args...]\n", argv[0]);
        return 1;
    }

    const char *user = argv[1];
    char *cmd = argv[2];
    char **args = argv + 2;

wait-for-it:

#!/usr/bin/env bash
# Use this script to test if a given TCP host/port are available

WAITFORIT_cmdname=${0##*/}

echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
jwilder logo

dockerize

5,097

Utility to simplify running applications in docker containers

Pros of jwilder/dockerize

  • Provides a more comprehensive set of features, including support for environment variable substitution, template rendering, and command execution.
  • Allows for more complex configuration and customization of the container environment.
  • Offers a wider range of use cases beyond just switching user IDs.

Cons of jwilder/dockerize

  • May have a larger footprint and dependencies compared to the more lightweight ncopa/su-exec.
  • Can be more complex to configure and use, especially for simpler use cases.
  • May have a steeper learning curve compared to the more straightforward ncopa/su-exec.

Code Comparison

ncopa/su-exec:

int main(int argc, char *argv[]) {
    if (argc < 2) {
        fprintf(stderr, "usage: %s <uid> [<gid>] [--] <program> [args...]\n", argv[0]);
        return 1;
    }

    uid_t uid = atoi(argv[1]);

jwilder/dockerize:

func main() {
    flag.Parse()

    if *version {
        fmt.Printf("dockerize version %s\n", Version)
        os.Exit(0)
    }

    if len(flag.Args()) < 1 {
        fmt.Fprintf(os.Stderr, "Usage: dockerize [options] <command> [args ...]\n")
        os.Exit(1)
    }

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

su-exec

switch user and group id, setgroups and exec

Purpose

This is a simple tool that will simply execute a program with different privileges. The program will be executed directly and not run as a child, like su and sudo does, which avoids TTY and signal issues (see below).

Notice that su-exec depends on being run by the root user, non-root users do not have permission to change uid/gid.

Usage

su-exec user-spec command [ arguments... ]

user-spec is either a user name (e.g. nobody) or user name and group name separated with colon (e.g. nobody:ftp). Numeric uid/gid values can be used instead of names. Example:

$ su-exec apache:1000 /usr/sbin/httpd -f /opt/www/httpd.conf

TTY & parent/child handling

Notice how su will make ps be a child of a shell while su-exec just executes ps directly.

$ docker run -it --rm alpine:edge su postgres -c 'ps aux'
PID   USER     TIME   COMMAND
    1 postgres   0:00 ash -c ps aux
   12 postgres   0:00 ps aux
$ docker run -it --rm -v $PWD/su-exec:/sbin/su-exec:ro alpine:edge su-exec postgres ps aux
PID   USER     TIME   COMMAND
    1 postgres   0:00 ps aux

Why reinvent gosu?

This does more or less exactly the same thing as gosu but it is only 10kb instead of 1.8MB.