blessing the root user

diff --git a/developer/machine/x86_64/man_in_grey_apply b/developer/machine/x86_64/man_in_grey_apply
index ee431ab..48dfade 100755 (executable)
Binary files a/developer/machine/x86_64/man_in_grey_apply and b/developer/machine/x86_64/man_in_grey_apply differ

diff --git a/developer/source/Man_In_Grey_apply.c b/developer/source/Man_In_Grey_apply.c
index 9cd35f3..0b8f386 100644 (file)
--- a/developer/source/Man_In_Grey_apply.c
+++ b/developer/source/Man_In_Grey_apply.c
@@ -116,13 +116,13 @@ int main(int argc ,char **argv) {
     return 0;
   }
 
-  /* policy: if privileged but user is not in sudo group, explain and abort */
-  if (privileged && !in_sudo) {
-    struct passwd *pw = getpwuid(getuid());
+  /* policy: if privileged but real user is neither root nor in sudo, abort */
+  uid_t ruid = getuid();
+  if (privileged && ruid != 0 && !in_sudo) {
+    struct passwd *pw = getpwuid(ruid);
     const char *name = pw ? pw->pw_name : "unknown";
     fprintf(stderr,
-      "refusing privileged apply: real user '%s' is not a member of group 'sudo'\n"
-      "hint: either add user to sudo, or remove setuid bit from man_in_grey_apply to test unprivileged.\n",
+      "refusing privileged apply: real user '%s' is not root and not in group 'sudo'\n",
       name
     );
     return 1;

diff --git a/release/x86_64/man_in_grey_apply b/release/x86_64/man_in_grey_apply
index ee431ab..48dfade 100755 (executable)
Binary files a/release/x86_64/man_in_grey_apply and b/release/x86_64/man_in_grey_apply differ