From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Thu, 18 Feb 2016 14:04:22 +0000 (+0100)
Subject: Allow to configure the owner of the UNIX socket.
X-Git-Tag: 2.0~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6bd7c58888fd87cc816f2ddb983eefe3a63b11fa;p=people%2Fstevee%2Fguardian.git

Allow to configure the owner of the UNIX socket.

Add option to configure an alternative owner of the created
UNIX socket, by using "SocketOwner = user:group" in the config
file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/guardian b/guardian
index 9b57114..148f50e 100644
--- a/guardian
+++ b/guardian
@@ -279,7 +279,7 @@ sub Worker ($) {
 #
 sub Socket () {
 	# Create the Server socket by calling the responsible function.
-	my $server = &Guardian::Socket::Server();
+	my $server = &Guardian::Socket::Server($mainsettings{SocketOwner});
 
 	# Log successfull creation of socket.
 	$logger->Log("debug", "Listening to Socket...");
diff --git a/modules/Config.pm b/modules/Config.pm
index 8da587c..75f1ab0 100644
--- a/modules/Config.pm
+++ b/modules/Config.pm
@@ -162,6 +162,17 @@ sub CheckConfig (\%) {
 		return "Invalid LogLevel: $config{LogLevel}";
 	}
 
+	# Check if an optional configured SocketOwner is valid.
+	if (exists($config{SocketOwner})) {
+		my ($user, $group) = split(/:/, $config{SocketOwner});
+
+		# Get the ID for the given user name.
+		my $uid = getpwnam($user) or return "The user $user does not exist.";
+
+		# Get the ID for given group name.
+		my $gid = getgrnam($group) or return "The group $group does not exist.";
+	} 
+
 	# The config looks good, so return nothing (no error message).
 	return undef
 }
diff --git a/modules/Socket.pm b/modules/Socket.pm
index 9c1985c..637a17e 100644
--- a/modules/Socket.pm
+++ b/modules/Socket.pm
@@ -29,7 +29,9 @@ my %supported_commands = (
 ## mechanism for guardian.  The server function creates an UNIX
 ## socket.
 #
-sub Server () {
+sub Server ($) {
+	my $socket_owner = shift;
+
 	# If the path for the socketfile does not exist, try to
 	# create it.
 	unless (-d "$socketpath") {
@@ -49,6 +51,22 @@ sub Server () {
 		Type => SOCK_STREAM,
 	) or die "Could not create socket: $!";
 
+	
+	# Translate the given user/group name into ID values.
+	if (defined ($socket_owner)) {
+		# Splitt provided user/group into single arguments.
+		my ($username, $groupname) = split(/:/, $socket_owner);
+
+		# Get the ID for the given user name.
+		my $uid = getpwnam($username) or die "Could not get an UID for $username: $!";
+
+		# Get the ID for given group name.
+		my $gid = getgrnam($groupname) or die "Could not get a GID for $groupname: $!";
+
+		# Set new ownership for the socket file.
+		chown($uid, $gid, "$socketfile") or die "Could not change ownership to ($uid:$gid) for $socketfile: $!";
+	}
+
 	# Return the server object.
 	return $server;
 }