Pass uid/gid instead of user name to the root dropping function.
const char *conf_file = DEFAULT_CONF_FILE;
const char *progname = argv[0];
char *user = NULL;
+ struct passwd *pw;
int debug = 0, nofork = 0, address_family = IPADDR_UNSPEC;
int do_init_rtc = 0, restarted = 0;
int other_pid;
if (!user) {
user = CNF_GetUser();
}
+
if (user && strcmp(user, "root")) {
- SYS_DropRoot(user);
+ if ((pw = getpwnam(user)) == NULL)
+ LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
+
+ SYS_DropRoot(pw->pw_uid, pw->pw_gid);
}
LOG_CreateLogFileDir();
#include "config.h"
+#include "sysincl.h"
+
#include "sys.h"
#include "logging.h"
/* ================================================== */
-void SYS_DropRoot(char *user)
+void SYS_DropRoot(uid_t uid, gid_t gid)
{
#if defined(LINUX) && defined (FEAT_PRIVDROP)
- SYS_Linux_DropRoot(user);
+ SYS_Linux_DropRoot(uid, gid);
#else
LOG_FATAL(LOGF_Sys, "dropping root privileges not supported");
#endif
/* Called at the end of the run to do final clean-up */
extern void SYS_Finalise(void);
-/* Drop root privileges to the specified user */
-extern void SYS_DropRoot(char *user);
+/* Drop root privileges to the specified user and group */
+extern void SYS_DropRoot(uid_t uid, gid_t gid);
extern void SYS_SetScheduler(int SchedPriority);
extern void SYS_LockMemory(void);
#endif
#ifdef FEAT_PRIVDROP
-#include <sys/types.h>
-#include <pwd.h>
#include <sys/prctl.h>
#include <sys/capability.h>
#include <grp.h>
#ifdef FEAT_PRIVDROP
void
-SYS_Linux_DropRoot(char *user)
+SYS_Linux_DropRoot(uid_t uid, gid_t gid)
{
- struct passwd *pw;
cap_t cap;
- if (user == NULL)
- return;
-
- if ((pw = getpwnam(user)) == NULL) {
- LOG_FATAL(LOGF_SysLinux, "getpwnam(%s) failed", user);
- }
-
if (prctl(PR_SET_KEEPCAPS, 1)) {
LOG_FATAL(LOGF_SysLinux, "prctl() failed");
}
LOG_FATAL(LOGF_SysLinux, "setgroups() failed");
}
- if (setgid(pw->pw_gid)) {
- LOG_FATAL(LOGF_SysLinux, "setgid(%d) failed", pw->pw_gid);
+ if (setgid(gid)) {
+ LOG_FATAL(LOGF_SysLinux, "setgid(%d) failed", gid);
}
- if (setuid(pw->pw_uid)) {
- LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", pw->pw_uid);
+ if (setuid(uid)) {
+ LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", uid);
}
if ((cap = cap_from_text("cap_net_bind_service,cap_sys_time=ep")) == NULL) {
cap_free(cap);
- DEBUG_LOG(LOGF_SysLinux, "Privileges dropped to user %s", user);
+ DEBUG_LOG(LOGF_SysLinux, "Root dropped to uid %d gid %d", uid, gid);
}
#endif
extern void SYS_Linux_Finalise(void);
-extern void SYS_Linux_DropRoot(char *user);
+extern void SYS_Linux_DropRoot(uid_t uid, gid_t gid);
extern void SYS_Linux_MemLockAll(int LockAll);
#include <math.h>
#include <netdb.h>
#include <netinet/in.h>
+#include <pwd.h>
#include <resolv.h>
#include <signal.h>
#include <stdarg.h>
projects / thirdparty / chrony.git / commitdiff
