--- a/src/server/daemon/webserver.c Sun Jun 23 13:49:17 2013 +0200 +++ b/src/server/daemon/webserver.c Sun Jun 23 13:51:49 2013 +0200 @@ -97,7 +97,31 @@ // set global vars conf_global_vars_s *vars = conf_getglobals(); + uid_t ws_uid = geteuid(); setpwent(); + char *pwbuf = malloc(DEF_PWBUF); + vars->Vuserpw = malloc(sizeof(struct passwd)); + if(cfg->user.ptr) { + if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) { + log_ereport( + LOG_MISCONFIG, + "user %s does not exist!", + cfg->user.ptr); + free(vars->Vuserpw); + vars->Vuserpw = NULL; + } + } else { + if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) { + log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data"); + free(vars->Vuserpw); + vars->Vuserpw = NULL; + } + } + free(pwbuf); + if(!vars->Vuserpw) { + log_ereport(LOG_WARN, "globalvars->Vuserpw is null"); + } + if(cfg->user.ptr) { char *pwbuf = malloc(DEF_PWBUF); vars->Vuserpw = malloc(sizeof(struct passwd)); @@ -116,7 +140,7 @@ } // change uid - if(vars->Vuserpw && geteuid() == 0) { + if(vars->Vuserpw && ws_uid == 0) { // a webserver user is set and we are root if(setgid(vars->Vuserpw->pw_gid) != 0) {