├── .travis.yml
├── LICENSE
├── README.md
├── index.js
├── package.json
└── test
    └── basic.js


/.travis.yml:
--------------------------------------------------------------------------------
1 | language: node_js
2 | sudo: true
3 | node_js:
4 |   - lts/*
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) Feross Aboukhadijeh
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 6 | this software and associated documentation files (the "Software"), to deal in
 7 | the Software without restriction, including without limitation the rights to
 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # downgrade [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url]
 2 | 
 3 | [travis-image]: https://img.shields.io/travis/feross/downgrade/master.svg
 4 | [travis-url]: https://travis-ci.org/feross/downgrade
 5 | [npm-image]: https://img.shields.io/npm/v/downgrade.svg
 6 | [npm-url]: https://npmjs.org/package/downgrade
 7 | [downloads-image]: https://img.shields.io/npm/dm/downgrade.svg
 8 | [downloads-url]: https://npmjs.org/package/downgrade
 9 | [standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
10 | [standard-url]: https://standardjs.com
11 | 
12 | ### Sets the user identity of the process to `www-data`
13 | 
14 | ## install
15 | 
16 | ```
17 | npm install downgrade
18 | ```
19 | 
20 | ## usage
21 | 
22 | To attempt to set the user identity of the process to `www-data` (a good default on most
23 | linux systems):
24 | 
25 | ```js
26 | var downgrade = require('downgrade')
27 | 
28 | downgrade()
29 | ```
30 | 
31 | Or, to set the user identity to a specific ID:
32 | 
33 | ```js
34 | downgrade('username', 'group')
35 | ```
36 | 
37 | The arguments can be either a numerical ID or a username/group string. If a string is
38 | specified, this method blocks while resolving it to a numerical ID.
39 | 
40 | If the current user's permissions do not allow the user identity to be changed, this
41 | function will do nothing (no-op).
42 | 
43 | For best results, start your node process as `root`, run actions that require `root`
44 | privileges, then downgrade the user permissions.
45 | 
46 | On non-posix platforms (e.g. Windows), this module does nothing.
47 | 
48 | ## license
49 | 
50 | MIT. Copyright (c) [Feross Aboukhadijeh](http://feross.org).
51 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | /*! downgrade. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 2 | var debug = require('debug')('downgrade')
 3 | 
 4 | module.exports = function downgrade (uid, gid) {
 5 |   if (!uid) uid = 'www-data'
 6 |   if (!gid) gid = uid
 7 | 
 8 |   try {
 9 |     process.setgid(gid)
10 |     process.setuid(uid)
11 |     debug(
12 |       'Downgraded gid: uid=%s (desired=%s); gid=%s (desired=%s)',
13 |       process.getuid(), uid, process.getgid(), gid
14 |     )
15 |   } catch (err) {
16 |     var currentUid = (process.getuid && process.getuid()) || 'none'
17 |     var currentGid = (process.getgid && process.getgid()) || 'none'
18 |     if (process.env.NODE_ENV === 'production') {
19 |       throw new Error(
20 |         'Failed to downgrade: uid=' + currentUid + ' (desired=' + uid + '); ' +
21 |         'gid=' + currentGid + ' (desired=' + gid + ')'
22 |       )
23 |     } else {
24 |       debug(
25 |         'Failed to downgrade: uid=%s (desired=%s); gid=%s (desired=%s)',
26 |         currentUid, uid, currentGid, gid
27 |       )
28 |     }
29 |   }
30 | }
31 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "downgrade",
 3 |   "description": "Sets the user identity of the process to `www-data`",
 4 |   "version": "1.1.4",
 5 |   "author": {
 6 |     "name": "Feross Aboukhadijeh",
 7 |     "email": "feross@feross.org",
 8 |     "url": "https://feross.org"
 9 |   },
10 |   "bugs": {
11 |     "url": "https://github.com/feross/downgrade/issues"
12 |   },
13 |   "dependencies": {
14 |     "debug": "^4.2.0"
15 |   },
16 |   "devDependencies": {
17 |     "standard": "*",
18 |     "tape": "^5.0.1"
19 |   },
20 |   "homepage": "https://github.com/feross/downgrade",
21 |   "keywords": [
22 |     "downgrade",
23 |     "lower permission",
24 |     "setuid",
25 |     "setgid",
26 |     "process.setuid",
27 |     "process.setgid",
28 |     "downgrade user",
29 |     "server",
30 |     "www-data",
31 |     "user identity",
32 |     "posix",
33 |     "set user identity",
34 |     "set server user",
35 |     "set user",
36 |     "change user",
37 |     "change uid",
38 |     "change gid",
39 |     "uid",
40 |     "gid",
41 |     "user id",
42 |     "group id"
43 |   ],
44 |   "license": "MIT",
45 |   "main": "index.js",
46 |   "repository": {
47 |     "type": "git",
48 |     "url": "git://github.com/feross/downgrade.git"
49 |   },
50 |   "scripts": {
51 |     "test": "standard",
52 |     "test-local": "sudo tape test/*.js"
53 |   },
54 |   "funding": [
55 |     {
56 |       "type": "github",
57 |       "url": "https://github.com/sponsors/feross"
58 |     },
59 |     {
60 |       "type": "patreon",
61 |       "url": "https://www.patreon.com/feross"
62 |     },
63 |     {
64 |       "type": "consulting",
65 |       "url": "https://feross.org/support"
66 |     }
67 |   ]
68 | }
69 | 


--------------------------------------------------------------------------------
/test/basic.js:
--------------------------------------------------------------------------------
 1 | var test = require('tape')
 2 | var downgrade = require('../')
 3 | 
 4 | test('basic usage', function (t) {
 5 |   var currentUser = process.getuid()
 6 |   t.doesNotThrow(function () {
 7 |     downgrade('nobody')
 8 |     downgrade()
 9 |   })
10 |   t.ok(process.getuid() !== currentUser)
11 |   t.end()
12 | })
13 | 


--------------------------------------------------------------------------------