#!/usr/bin/perl
# @(#)$Id: munchies_admin 1318 2012-04-22 17:10:47Z pjf $

use strict;
use warnings;
use version; our $VERSION = qv( sprintf '0.7.%d', q$Rev: 1318 $ =~ /\d+/gmx );
# Using FindBin is incompatible with taint mode and suid programs
# This path is edited by Bob the Module::Builder on installation
use lib q(/opt/app-munchies/default/lib);

use Carp;
use App::Munchies::Admin;
use English qw(-no_match_vars);

$ENV{ENV}  = q();
$ENV{PATH} = q(/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin); # For taint mode

my $prog = App::Munchies::Admin->new( appclass => q(App::Munchies),
                                      arglist  => q(e) );

if (exists $prog->args->{h} or exists $prog->args->{H} or not $prog->method) {
   $prog->method( undef ); exit $prog->run;
}

$REAL_USER_ID != 0 and $ENV{USER} = $ENV{LOGNAME} = getpwuid $REAL_USER_ID;

$EFFECTIVE_USER_ID  = 0; $REAL_USER_ID  = 0;
$EFFECTIVE_GROUP_ID = 0; $REAL_GROUP_ID = 0;

exists $prog->args->{e} or exec $prog->untaint_self or croak "Exec failed\n";

# Running as root not suid root during install
if ($prog->is_setuid and not $prog->is_authorised) {
   $prog->error( 'Access denied to '.$prog->method.' for '.$prog->logname );
   exit 1;
}

$prog->mode( oct q(007) ); exit $prog->run;

__END__

=pod

=head1 NAME

munchies_admin - Run subroutines as the super user

=head1 SYNOPSIS

=over 3

=item B<munchies_admin> B<-c> I<subroutine> [B<-o> I<var=value,...>]

Run subroutine as the super user only if the excuting user is permitted

=item B<munchies_admin> B<-H>|B<-h>

Display man page/usage string

=back

=head1 VERSION

0.7.$Rev: 1318 $

=head1 DESCRIPTION

This program exposes the subroutines in the L<App::Munchies::Admin>
module. Runs suid root. Only executes the subroutine as the super user
if the subroutine name appears in a secure list belonging to one of the
user's groups

=head1 REQUIRED ARGUMENTS

=over 3

=item B<-c> I<subroutine>

=back

=head1 OPTIONS

=over 3

=item B<-D>

Turn debugging on

=item B<-n>

Do not prompt for debugging

=back

=head1 DIAGNOSTICS

Prints errors to stderr

=head1 EXIT STATUS

Returns zero on success, non zero on failure

=head1 CONFIGURATION

Uses the constructor's I<appclass> attribute to locate a configuration file

=head1 DEPENDENCIES

=over 3

=item L<App::Munchies::Admin>

=back

=head1 INCOMPATIBILITIES

None

=head1 BUGS AND LIMITATIONS

Send reports to Support at RoxSoft.co.uk

=head1 AUTHOR

Peter Flanigan

=head1 LICENSE AND COPYRIGHT

Copyright (c) 2012 Peter Flanigan

This is free software; you can redistribute it and/or modify
it under the same terms as Perl itself

=cut

# Local Variables:
# mode: perl
# tab-width: 3
# End:
