]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | diff -ur sysklogd-1.4.1-caen-owl-syslogd-bind/sysklogd.8 sysklogd-1.4.1/sysklogd.8 |
2 | --- sysklogd-1.4.1-caen-owl-syslogd-bind/sysklogd.8 Mon Oct 8 07:26:27 2001 | |
3 | +++ sysklogd-1.4.1/sysklogd.8 Mon Oct 8 07:30:31 2001 | |
4 | @@ -32,6 +32,9 @@ | |
5 | .RB [ " \-s " | |
6 | .I domainlist | |
7 | ] | |
8 | +.RB [ " \-u" | |
9 | +.IB username | |
10 | +] | |
11 | .RB [ " \-v " ] | |
12 | .LP | |
13 | .SH DESCRIPTION | |
14 | @@ -159,6 +162,19 @@ | |
15 | is specified and the host logging resolves to satu.infodrom.north.de | |
16 | no domain would be cut, you will have to specify two domains like: | |
17 | .BR "\-s north.de:infodrom.north.de" . | |
18 | +.TP | |
19 | +.BI "\-u " "username" | |
20 | +This causes the | |
21 | +.B syslogd | |
22 | +daemon to become the named user before starting up logging. | |
23 | + | |
24 | +Note that when this option is in use, | |
25 | +.B syslogd | |
26 | +will open all log files as root when the daemon is first started; | |
27 | +however, after a | |
28 | +.B SIGHUP | |
29 | +the files will be reopened as the non-privileged user. You should | |
30 | +take this into account when deciding the ownership of the log files. | |
31 | .TP | |
32 | .B "\-v" | |
33 | Print version and exit. | |
34 | diff -ur sysklogd-1.4.1-caen-owl-syslogd-bind/syslogd.c sysklogd-1.4.1/syslogd.c | |
35 | --- sysklogd-1.4.1-caen-owl-syslogd-bind/syslogd.c Mon Oct 8 07:26:27 2001 | |
36 | +++ sysklogd-1.4.1/syslogd.c Mon Oct 8 07:40:35 2001 | |
37 | @@ -491,6 +491,10 @@ | |
38 | #include <arpa/nameser.h> | |
39 | #include <arpa/inet.h> | |
40 | #include <resolv.h> | |
41 | + | |
42 | +#include <pwd.h> | |
43 | +#include <grp.h> | |
44 | + | |
45 | #ifndef TESTING | |
46 | #include "pidfile.h" | |
47 | #endif | |
48 | @@ -737,6 +741,7 @@ | |
49 | intermediate host. */ | |
50 | ||
51 | char *bind_addr = NULL; /* bind UDP port to this interface only */ | |
52 | +char *server_user = NULL; /* user name to run server as */ | |
53 | ||
54 | extern int errno; | |
55 | ||
56 | @@ -778,6 +783,21 @@ | |
57 | static int create_inet_socket(); | |
58 | #endif | |
59 | ||
60 | +static int drop_root(void) | |
61 | +{ | |
62 | + struct passwd *pw; | |
63 | + | |
64 | + if (!(pw = getpwnam(server_user))) return -1; | |
65 | + | |
66 | + if (!pw->pw_uid) return -1; | |
67 | + | |
68 | + if (initgroups(server_user, pw->pw_gid)) return -1; | |
69 | + if (setgid(pw->pw_gid)) return -1; | |
70 | + if (setuid(pw->pw_uid)) return -1; | |
71 | + | |
72 | + return 0; | |
73 | +} | |
74 | + | |
75 | int main(argc, argv) | |
76 | int argc; | |
77 | char **argv; | |
78 | @@ -831,7 +851,7 @@ | |
79 | funix[i] = -1; | |
80 | } | |
81 | ||
82 | - while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) | |
83 | + while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) | |
84 | switch((char)ch) { | |
85 | case 'a': | |
86 | if (nfunix < MAXFUNIX) | |
87 | @@ -884,6 +904,9 @@ | |
88 | } | |
89 | StripDomains = crunch_list(optarg); | |
90 | break; | |
91 | + case 'u': | |
92 | + server_user = optarg; | |
93 | + break; | |
94 | case 'v': | |
95 | printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); | |
96 | exit (0); | |
97 | @@ -1031,6 +1054,11 @@ | |
98 | kill (ppid, SIGTERM); | |
99 | #endif | |
100 | ||
101 | + if (server_user && drop_root()) { | |
102 | + dprintf("syslogd: failed to drop root\n"); | |
103 | + exit(1); | |
104 | + } | |
105 | + | |
106 | /* Main loop begins here. */ | |
107 | for (;;) { | |
108 | int nfds; | |
109 | @@ -1185,7 +1213,7 @@ | |
110 | int usage() | |
111 | { | |
112 | fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ | |
113 | - " [-s domainlist] [-f conffile] [-i IP address]\n"); | |
114 | + " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); | |
115 | exit(1); | |
116 | } | |
117 |