From f40228208c910147bf972b98fcdc4b3a3f6d200c Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Wed, 12 May 2010 15:23:48 +0200
Subject: [PATCH] lmtp: Set user/group at startup as specified in service
 block.

--HG--
branch : HEAD
---
 src/lmtp/main.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/lmtp/main.c b/src/lmtp/main.c
index 3a502b1c9c..09d90e2b78 100644
--- a/src/lmtp/main.c
+++ b/src/lmtp/main.c
@@ -33,6 +33,21 @@ static void client_connected(const struct master_service_connection *conn)
 	(void)client_create(conn->fd, conn->fd, conn);
 }
 
+static void drop_privileges(void)
+{
+	struct restrict_access_settings set;
+	const char *error;
+
+	/* by default we don't drop any privileges, but keep running as root. */
+	restrict_access_get_env(&set);
+	if (set.uid != 0) {
+		/* open config connection before dropping privileges */
+		(void)master_service_settings_read_simple(master_service,
+							  NULL, &error);
+	}
+	restrict_access_by_env(NULL, FALSE);
+}
+
 static void main_init(void)
 {
 	struct master_service_connection conn;
@@ -84,6 +99,8 @@ int main(int argc, char *argv[])
 			return FATAL_DEFAULT;
 		}
 	}
+
+	drop_privileges();
 	master_service_init_finish(master_service);
 	master_service_init_log(master_service,
 				t_strdup_printf("lmtp(%s): ", my_pid));
-- 
2.47.3