I am writing a program in golang that will need to perform tasks with ICMP. It will also be running a webserver on port 80. To do this I need certain privileges on Linux.
I'm looking to emulate the way SystemD gains privileges with the systemctl
command when ran by an unprivileged user. The behaviour I want to emulate is reproducible if you run for example: systemctl stop sshd
as an admin user that's not root
My question is; how can I use policykit to escalate the privileges of a program that is currently running without a program restart the way SystemD's systemctl
command appears to. I have already pseudo-accomplished this task by rebinding stdin,stdout,and stderr to a command from
exec.Command("pkexec", ...)
but this approach simply run's the program again as a child process while leaving the parent process to hang waiting for the child to exit. This feels unnecessary and over complicated. It seems to me that the better solution would be to change permissions of the process as it runs, interactively, and I think policykit allows for this.
I am leaving the parent process hanging on the child so that the shell will stay waiting on a process.
I don't want users of this program to deal with having to run sudo or other control schemas, I just want them to be able to download the program's binary, ./ the executable and then the program do the thing. Prompting for a password for polkit, etc. inside of the program seems reasonable to me.