afppasswd: Can't change own password

[rdmark]

At least on macOS, a non-root user cannot update their own password with afppasswd

% afppasswd
afppasswd: can't open /opt/homebrew/etc/netatalk/afppasswd

We might need to elevate the privileges in the code when opening the afppasswd "shadow" file.

% ls -al /opt/homebrew/etc/netatalk/afppasswd
-rw-------  1 root  admin  8816 May  1 23:17 /opt/homebrew/etc/netatalk/afppasswd

[rdmark]

I'm not entirely sure how this was supposed to work originally. The code is clearly written with the assumption that this is a valid use case. The afppasswd file is created with 0600 permission flags. The afppasswd file can only be created by root, so the file is effectively read/write by root only. So when a regular user tries to update their own password, they obviously are not allowed to modify the afppasswd file.

I read up on how to elevate to root privileges in a non-privileged process, but this is practically not possible, except for having another process with root privileges that does the operations and then pass back to the non-privileged process. This is not feasible for our application.

So the only solution I can think of off the top of my head, would be to have the afppasswd file be created with something like 0666 privileges, which is obviously not ideal.

It's really odd, because the man page talks very prominently about this use case. So it must have functioned at some point in the past.

@dgsga Do you have any suggestions?

[rdmark]

I figured it out. The afppasswd binary has to have the setuid (u+s) bit.

Autotools sets this bit when installing it. We need to do the same in Meson.