.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/doveadm-server/type", "tcp" },
{ "unix_listener/doveadm-server/mode", "0600" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_login_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "login",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_login_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "token-login",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/"IMAP_URLAUTH_WORKER_SOCKET"/mode", "0600" },
{ "unix_listener/"IMAP_URLAUTH_WORKER_SOCKET"/user", "$SET:default_internal_user" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/srv.imap\\s%{pid}/type", "admin" },
{ "unix_listener/srv.imap\\s%{pid}/mode", "0600" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/srv.indexer-worker\\s%{pid}/type", "admin" },
{ "unix_listener/srv.indexer-worker\\s%{pid}/mode", "0600" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
const char *user;
const char *group;
const char *privileged_group;
- const char *extra_groups;
+ ARRAY_TYPE(const_string) extra_groups;
const char *chroot;
bool drop_priv_before_exec;
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/lmtp/path", "lmtp" },
{ "unix_listener/lmtp/mode", "0666" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
DEF(STR, user),
DEF(STR, group),
DEF(STR, privileged_group),
- DEF(STR, extra_groups),
+ DEF(BOOLLIST, extra_groups),
DEF(STR, chroot),
DEF(BOOL, drop_priv_before_exec),
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
*group = set->default_internal_group;
}
+static void
+expand_groups(ARRAY_TYPE(const_string) *groups, const struct master_settings *set)
+{
+ const char **group;
+ if (array_is_empty(groups))
+ return;
+ array_foreach_modifiable(groups, group)
+ expand_group(group, set);
+}
+
static bool
fix_file_listener_paths(ARRAY_TYPE(file_listener_settings) *l,
pool_t pool, const struct master_settings *master_set,
}
}
expand_user(&service->user, &service->user_default, set);
- expand_group(&service->extra_groups, set);
+ expand_groups(&service->extra_groups, set);
service_set_login_dump_core(service);
}
return 0;
}
-static int service_get_groups(const char *groups, pool_t pool,
+static int service_get_groups(const ARRAY_TYPE(const_string) *groups, pool_t pool,
const char **gids_r, const char **error_r)
{
const char *const *tmp;
gid_t gid;
str = t_str_new(64);
- for (tmp = t_strsplit(groups, ","); *tmp != NULL; tmp++) {
+ for (tmp = settings_boollist_get(groups); *tmp != NULL; tmp++) {
if (get_gid(*tmp, &gid, error_r) < 0)
return -1;
return NULL;
}
- if (*set->extra_groups != '\0') {
- if (service_get_groups(set->extra_groups, pool,
+ if (array_not_empty(&set->extra_groups)) {
+ if (service_get_groups(&set->extra_groups, pool,
&service->extra_gids, error_r) < 0) {
*error_r = t_strdup_printf(
"%s (See service %s { extra_groups } setting)",
.user = "$SET:default_login_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "login",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/srv.pop3\\s%{pid}/type", "admin" },
{ "unix_listener/srv.pop3\\s%{pid}/mode", "0600" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = FALSE,
.user = "$SET:default_login_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "login",
.drop_priv_before_exec = FALSE,
.user = "",
.group = "",
.privileged_group = "",
- .extra_groups = "$SET:default_internal_group",
.chroot = "",
.drop_priv_before_exec = FALSE,
{ "unix_listener/srv.submission\\s%{pid}/type", "admin" },
{ "unix_listener/srv.submission\\s%{pid}/mode", "0600" },
+ { "service_extra_groups", "$SET:default_internal_group" },
+
{ NULL, NULL }
};
.user = "$SET:default_internal_user",
.group = "",
.privileged_group = "",
- .extra_groups = "",
+ .extra_groups = ARRAY_INIT,
.chroot = "",
.drop_priv_before_exec = TRUE,
projects / thirdparty / dovecot / core.git / commitdiff
