"""Privilege-dropping helpers for spawning processes as non-root users.

Atlus runs as root (systemd service) but user-facing processes — terminal
PTYs and GUI applications — must run as the authenticated user.  This
module provides a ``preexec_fn`` factory that drops privileges after
``fork()`` but before ``exec()``.
"""

import os
import pwd
from typing import Callable


def get_user_info(username: str) -> tuple[int, int, str, str]:
    """Return (uid, gid, home_dir, shell) for *username*.

    Raises ``KeyError`` if the user does not exist on the system.
    """
    pw = pwd.getpwnam(username)
    return pw.pw_uid, pw.pw_gid, pw.pw_dir, pw.pw_shell


def make_preexec_fn(username: str) -> Callable[[], None]:
    """Return a closure suitable for ``preexec_fn`` that drops to *username*.

    The user lookup (``pwd.getpwnam``) happens eagerly in the **parent**
    process so that errors surface immediately.  The ``os.set*`` calls
    execute in the **child** process after ``fork()``.
    """
    uid, gid, home, _shell = get_user_info(username)

    def _drop_privileges() -> None:
        os.setgid(gid)
        os.initgroups(username, gid)  # supplementary groups (sudo, video …)
        os.setuid(uid)                # must be last — can't setgid after this

    return _drop_privileges