The s6-setuidgid program
s6-setuidgid executes a program as another user.
s6-setuidgid account prog...
- If account is the empty string, then s6-setuidgid directly execs
into prog... without any state changes.
- If account contains a colon, it is interpreted as uid:gid,
else it is interpreted as a username and looked up by name in the account
- If account is unknown, s6-setuidgid exits 1.
- s6-setuidgid sets its (real and effective) uid and gid to those of account.
It also sets the list of supplementary groups to the correct one for account
according to the group database.
- Then it executes into prog....
- Unless account is empty, s6-setuidgid can only be run as root. Its main use
is to drop root privileges before starting a daemon.