tests: use "daemon" user/group in Test{PrivilegeHelper,GeneralConfigSection}

Change-Id: I40ff8317a11e8fb88555f6c85dae3430295ac435
Refs: #3403
diff --git a/.jenkins.d/20-tests.sh b/.jenkins.d/20-tests.sh
index 151172f..c75b60a 100755
--- a/.jenkins.d/20-tests.sh
+++ b/.jenkins.d/20-tests.sh
@@ -56,6 +56,4 @@
 sudo_preserve_env ASAN_OPTIONS BOOST_TEST_COLOR_OUTPUT -- \
     ./build/unit-tests-daemon -t Face/*Ethernet* $(ut_log_args daemon-ethernet)
 sudo_preserve_env ASAN_OPTIONS BOOST_TEST_COLOR_OUTPUT -- \
-    ./build/unit-tests-daemon -t Face/TestUdpFactory $(ut_log_args daemon-udp-factory)
-sudo_preserve_env ASAN_OPTIONS BOOST_TEST_COLOR_OUTPUT -- \
-    ./build/unit-tests-daemon -t Mgmt/TestGeneralConfigSection/UserAndGroupConfig,NoUserConfig $(ut_log_args daemon-user-config)
+    ./build/unit-tests-daemon -t Face/TestUdpFactory $(ut_log_args daemon-udp)
diff --git a/core/privilege-helper.cpp b/core/privilege-helper.cpp
index 923efa4..112d971 100644
--- a/core/privilege-helper.cpp
+++ b/core/privilege-helper.cpp
@@ -45,13 +45,13 @@
 PrivilegeHelper::initialize(const std::string& userName, const std::string& groupName)
 {
 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE
-  static const size_t MAX_GROUP_BUFFER_SIZE = 16384; // 16kB
+  static const size_t MAX_GROUP_BUFFER_SIZE = 16384; // 16 KiB
   static const size_t MAX_PASSWD_BUFFER_SIZE = 16384;
 
   static const size_t FALLBACK_GROUP_BUFFER_SIZE = 1024;
   static const size_t FALLBACK_PASSWD_BUFFER_SIZE = 1024;
 
-  NFD_LOG_TRACE("initializing privilege helper with user \"" << userName << "\""
+  NFD_LOG_TRACE("initializing with user \"" << userName << "\""
                 << " group \"" << groupName << "\"");
 
   // workflow from man getpwnam_r
@@ -62,21 +62,20 @@
     if (groupSize == -1)
       groupSize = FALLBACK_GROUP_BUFFER_SIZE;
 
-    std::vector<char> groupBuffer(groupSize);
+    std::vector<char> groupBuffer(static_cast<size_t>(groupSize));
     struct group group;
     struct group* groupResult = nullptr;
 
     int errorCode = getgrnam_r(groupName.data(), &group,
-                               &groupBuffer[0], groupBuffer.size(), &groupResult);
+                               groupBuffer.data(), groupBuffer.size(), &groupResult);
 
     while (errorCode == ERANGE) {
       if (groupBuffer.size() * 2 > MAX_GROUP_BUFFER_SIZE)
         throw Error("Cannot allocate large enough buffer for struct group");
 
       groupBuffer.resize(groupBuffer.size() * 2);
-
       errorCode = getgrnam_r(groupName.data(), &group,
-                             &groupBuffer[0], groupBuffer.size(), &groupResult);
+                             groupBuffer.data(), groupBuffer.size(), &groupResult);
     }
 
     if (errorCode != 0 || !groupResult)
@@ -91,21 +90,20 @@
     if (passwdSize == -1)
       passwdSize = FALLBACK_PASSWD_BUFFER_SIZE;
 
-    std::vector<char> passwdBuffer(passwdSize);
+    std::vector<char> passwdBuffer(static_cast<size_t>(passwdSize));
     struct passwd passwd;
     struct passwd* passwdResult = nullptr;
 
     int errorCode = getpwnam_r(userName.data(), &passwd,
-                               &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
+                               passwdBuffer.data(), passwdBuffer.size(), &passwdResult);
 
     while (errorCode == ERANGE) {
       if (passwdBuffer.size() * 2 > MAX_PASSWD_BUFFER_SIZE)
         throw Error("Cannot allocate large enough buffer for struct passwd");
 
       passwdBuffer.resize(passwdBuffer.size() * 2);
-
       errorCode = getpwnam_r(userName.data(), &passwd,
-                             &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
+                             passwdBuffer.data(), passwdBuffer.size(), &passwdResult);
     }
 
     if (errorCode != 0 || !passwdResult)
diff --git a/docs/FAQ.rst b/docs/FAQ.rst
index 4415ef1..842a45b 100644
--- a/docs/FAQ.rst
+++ b/docs/FAQ.rst
@@ -1,8 +1,8 @@
 FAQ
 ===
 
-How to change default paths?
-----------------------------
+How to change the default paths?
+--------------------------------
 
 Paths to where NFD is installed can be configured during ``./waf
 configure``:
@@ -48,10 +48,10 @@
 
 .. note::
 
-    **IMPORTANT:** NFD may regain elevated permissions as needed during normal
+    **IMPORTANT:** NFD may regain elevated privileges as needed during normal
     execution. Dropping privileges in this manner should not be considered a security
     mechanism (a compromised NFD that was started as root can trivially return to
-    root). However, reducing privileges may limit any damaged caused by well intentioned,
+    root). However, reducing privileges may limit any damage caused by well intentioned,
     but buggy, code.
 
 How to enable Ethernet Face Support?
diff --git a/tests/core/privilege-helper.t.cpp b/tests/core/privilege-helper.t.cpp
index ce024e9..594f42f 100644
--- a/tests/core/privilege-helper.t.cpp
+++ b/tests/core/privilege-helper.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016,  Regents of the University of California,
+/*
+ * Copyright (c) 2014-2018,  Regents of the University of California,
  *                           Arizona Board of Regents,
  *                           Colorado State University,
  *                           University Pierre & Marie Curie, Sorbonne University,
@@ -37,28 +37,37 @@
 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE
   SKIP_IF_NOT_SUPERUSER();
 
-  // The following assumes that nobody/nogroup is present on the test system
-  BOOST_CHECK_NO_THROW(PrivilegeHelper::initialize("nobody", "nogroup"));
+  // The following assumes that daemon:daemon is present on the test system
+  PrivilegeHelper::initialize("daemon", "daemon");
   BOOST_CHECK_EQUAL(::geteuid(), 0);
+  BOOST_CHECK_EQUAL(::getegid(), 0);
 
-  BOOST_CHECK_NO_THROW(PrivilegeHelper::drop());
+  PrivilegeHelper::drop();
   BOOST_CHECK_NE(::geteuid(), 0);
+  BOOST_CHECK_NE(::getegid(), 0);
 
-  // separate runElevated case to improve log reporting (otherwise output is unreadable)
-  BOOST_CHECK_NO_THROW(PrivilegeHelper::runElevated([]{}));
   PrivilegeHelper::runElevated([] {
     BOOST_CHECK_EQUAL(::geteuid(), 0);
+    BOOST_CHECK_EQUAL(::getegid(), 0);
   });
   BOOST_CHECK_NE(::geteuid(), 0);
+  BOOST_CHECK_NE(::getegid(), 0);
 
-  BOOST_CHECK_NO_THROW(PrivilegeHelper::raise());
+  BOOST_CHECK_THROW(PrivilegeHelper::runElevated(std::function<void()>{}),
+                    std::bad_function_call);
+  BOOST_CHECK_NE(::geteuid(), 0);
+  BOOST_CHECK_NE(::getegid(), 0);
+
+  PrivilegeHelper::raise();
   BOOST_CHECK_EQUAL(::geteuid(), 0);
+  BOOST_CHECK_EQUAL(::getegid(), 0);
+
 #else
   BOOST_TEST_MESSAGE("Dropping/raising privileges not supported on this platform, skipping");
 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE
 }
 
-BOOST_AUTO_TEST_SUITE_END()
+BOOST_AUTO_TEST_SUITE_END() // TestPrivilegeHelper
 
 } // namespace tests
 } // namespace nfd
diff --git a/tests/daemon/mgmt/general-config-section.t.cpp b/tests/daemon/mgmt/general-config-section.t.cpp
index 226a541..a12b09b 100644
--- a/tests/daemon/mgmt/general-config-section.t.cpp
+++ b/tests/daemon/mgmt/general-config-section.t.cpp
@@ -40,6 +40,11 @@
 class GeneralConfigSectionFixture : public BaseFixture
 {
 public:
+  GeneralConfigSectionFixture()
+  {
+    setConfigFile(configFile);
+  }
+
 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE
   ~GeneralConfigSectionFixture()
   {
@@ -48,85 +53,86 @@
     PrivilegeHelper::s_normalGid = ::getegid();
   }
 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE
+
+protected:
+  ConfigFile configFile;
 };
 
 BOOST_AUTO_TEST_SUITE(Mgmt)
 BOOST_FIXTURE_TEST_SUITE(TestGeneralConfigSection, GeneralConfigSectionFixture)
 
-BOOST_AUTO_TEST_CASE(DefaultConfig)
+BOOST_AUTO_TEST_CASE(EmptyConfig)
 {
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "}\n";
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+    }
+  )CONFIG";
 
-  ConfigFile configFile;
+  configFile.parse(CONFIG, true, "test-general-config-section");
 
-  general::setConfigFile(configFile);
-  BOOST_CHECK_NO_THROW(configFile.parse(CONFIG, true, "test-general-config-section"));
+  BOOST_CHECK_EQUAL(PrivilegeHelper::s_normalUid, PrivilegeHelper::s_privilegedUid);
+  BOOST_CHECK_EQUAL(PrivilegeHelper::s_normalGid, PrivilegeHelper::s_privilegedGid);
 }
 
 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE
 
+BOOST_AUTO_TEST_CASE(UserConfig)
+{
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+      user daemon
+    }
+  )CONFIG";
+
+  configFile.parse(CONFIG, true, "test-general-config-section");
+
+  BOOST_CHECK_NE(PrivilegeHelper::s_normalUid, PrivilegeHelper::s_privilegedUid);
+  BOOST_CHECK_EQUAL(PrivilegeHelper::s_normalGid, PrivilegeHelper::s_privilegedGid);
+}
+
+BOOST_AUTO_TEST_CASE(GroupConfig)
+{
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+      group daemon
+    }
+  )CONFIG";
+
+  configFile.parse(CONFIG, true, "test-general-config-section");
+
+  BOOST_CHECK_EQUAL(PrivilegeHelper::s_normalUid, PrivilegeHelper::s_privilegedUid);
+  BOOST_CHECK_NE(PrivilegeHelper::s_normalGid, PrivilegeHelper::s_privilegedGid);
+}
+
 BOOST_AUTO_TEST_CASE(UserAndGroupConfig)
 {
-  SKIP_IF_NOT_SUPERUSER();
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+      user daemon
+      group daemon
+    }
+  )CONFIG";
 
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "  user nobody\n"
-    "  group nogroup\n"
-    "}\n";
+  configFile.parse(CONFIG, true, "test-general-config-section");
 
-  ConfigFile configFile;
-
-  general::setConfigFile(configFile);
-  BOOST_CHECK_NO_THROW(configFile.parse(CONFIG, true, "test-general-config-section"));
-}
-
-BOOST_AUTO_TEST_CASE(NoUserConfig)
-{
-  SKIP_IF_NOT_SUPERUSER();
-
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "  group nogroup\n"
-    "}\n";
-
-  ConfigFile configFile;
-
-  general::setConfigFile(configFile);
-  BOOST_CHECK_NO_THROW(configFile.parse(CONFIG, true, "test-general-config-section"));
-}
-
-BOOST_AUTO_TEST_CASE(NoGroupConfig)
-{
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "  user nobody\n"
-    "}\n";
-
-  ConfigFile configFile;
-
-  general::setConfigFile(configFile);
-  BOOST_CHECK_NO_THROW(configFile.parse(CONFIG, true, "test-general-config-section"));
+  BOOST_CHECK_NE(PrivilegeHelper::s_normalUid, PrivilegeHelper::s_privilegedUid);
+  BOOST_CHECK_NE(PrivilegeHelper::s_normalGid, PrivilegeHelper::s_privilegedGid);
 }
 
 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE
 
 BOOST_AUTO_TEST_CASE(InvalidUserConfig)
 {
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "  user\n"
-    "}\n";
-
-  ConfigFile configFile;
-  general::setConfigFile(configFile);
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+      user
+    }
+  )CONFIG";
 
   BOOST_CHECK_EXCEPTION(configFile.parse(CONFIG, true, "test-general-config-section"),
                         ConfigFile::Error,
@@ -138,14 +144,12 @@
 
 BOOST_AUTO_TEST_CASE(InvalidGroupConfig)
 {
-  const std::string CONFIG =
-    "general\n"
-    "{\n"
-    "  group\n"
-    "}\n";
-
-  ConfigFile configFile;
-  general::setConfigFile(configFile);
+  const std::string CONFIG = R"CONFIG(
+    general
+    {
+      group
+    }
+  )CONFIG";
 
   BOOST_CHECK_EXCEPTION(configFile.parse(CONFIG, true, "test-general-config-section"),
                         ConfigFile::Error,