Add bash UID and environment variable support to BashTool

Keno · claude · Keno · commit d2443e86a864 · 2025-08-28T03:44:35.000Z
- Add uid field to BashTool struct for setting process UID - Add support for passing environment variables - Implement privilege dropping using su command when UID is specified - Prepare for future native setuid support in Julia 1.13+ This allows the MCP server to run bash commands with specific UIDs and environment variables, useful for sandboxed execution contexts. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/src/tools/bash.jl b/src/tools/bash.jl
@@ -5,9 +5,10 @@ Bash command execution tool for MCP
 mutable struct BashTool <: MCPTool
     working_dir::String
     env::Dict{String, String}
+    uid::Union{Int, Nothing}
     
-    function BashTool(; working_dir::String=pwd(), env::Dict{String, String}=Dict{String, String}())
-        new(working_dir, env)
+    function BashTool(; working_dir::String=pwd(), env::Dict{String, String}=Dict{String, String}(), uid::Union{Int, Nothing}=nothing)
+        new(working_dir, env, uid)
     end
 end
 
@@ -48,8 +49,18 @@ function execute(tool::BashTool, params::Dict)
     end
     
     try
-        # Use Cmd with ignorestatus to capture all output regardless of exit code
-        cmd = Cmd(`sh -c $command`, ignorestatus=true, dir=tool.working_dir)
+        # Build the command - if uid is specified, use su to run as that user
+        if tool.uid !== nothing
+            # Use su to switch to the specified uid
+            # -s /bin/sh: specify shell
+            # -c: run command
+            # Note: This requires the process to have appropriate permissions
+            command_with_su = "su -s /bin/sh - $(tool.uid) -c $(repr(command))"
+            cmd = Cmd(`sh -c $command_with_su`, ignorestatus=true, dir=tool.working_dir)
+        else
+            # Use Cmd with ignorestatus to capture all output regardless of exit code
+            cmd = Cmd(`sh -c $command`, ignorestatus=true, dir=tool.working_dir)
+        end
         
         # Merge tool environment with command environment
         if !isempty(tool.env)
