libauth: add procsetuser() function to change user id of the calling process

Provide a central function to change the user id
of the calling process.

This is mostly used by programs to become the none
user, followed by a call to newns().

1 files changed, 14 insertions, 2 deletions

diff --git a/sys/man/2/auth b/sys/man/2/auth
index 739d5b965..1583d7bc1 100644
--- a/sys/man/2/auth
+++ b/sys/man/2/auth
@@ -1,6 +1,6 @@
 .TH AUTH 2
 .SH NAME
-amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
+amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
 .SH SYNOPSIS
 .nf
 .PP
@@ -27,6 +27,9 @@ int		login(char *user, char *password, char *namespace);
 int		noworld(char *user);
 .PP
 .B
+int		procsetuser(char *user);
+.PP
+.B
 AuthInfo*	auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
 .PP
 .B
@@ -130,7 +133,7 @@ and
 .IR amount .
 .PP
 .I Login
-changes the user id of the process
+changes the user id of the process to
 .I user
 and recreates the namespace using the file
 .I namespace
@@ -151,6 +154,15 @@ Otherwise, it returns 0.
 is used by telnetd and ftpd to provide sandboxed
 access for some users.
 .PP
+.I Procsetuser
+changes the user id of the process to
+.I user
+but keeps the namespace unchanged.
+Only hostowner can change the user to
+anything other than the
+.B none
+user.
+.PP
 The following routines use the
 .B AuthInfo
 structure returned after a successful authentication by