diff -r 636e05eb48f6 -r ce9790523346 src/server/daemon/webserver.c --- a/src/server/daemon/webserver.c Sat Jan 12 14:00:47 2013 +0100 +++ b/src/server/daemon/webserver.c Sun Jan 13 14:16:45 2013 +0100 @@ -34,10 +34,12 @@ #include #include #include +#include #include "../public/nsapi.h" #include "../util/systhr.h" #include "../util/io.h" +#include "../util/util.h" #include "func.h" #include "config.h" @@ -68,7 +70,7 @@ fprintf(stderr, "Cannot load configuration\n"); return -1; } - + // create tmp dir and pid file ServerConfiguration *cfg = cfgmgr_get_server_config(); char *mkdir_cmd = NULL; @@ -83,8 +85,56 @@ fprintf(pidfile, "%d", pid); fclose(pidfile); free(pid_file_path); + + // set global vars + conf_global_vars_s *vars = conf_getglobals(); + + if(cfg->user.ptr) { + char *pwbuf = malloc(DEF_PWBUF); + vars->Vuserpw = malloc(sizeof(struct passwd)); + // open user database + setpwent(); + if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) { + log_ereport( + LOG_LEVEL_ERROR, + "user %s does not exist!", + cfg->user.ptr); + free(vars->Vuserpw); + vars->Vuserpw = NULL; + } + free(pwbuf); + endpwent(); + } - // init NSAPI functions + // change uid + if(vars->Vuserpw && geteuid() == 0) { + // a webserver user is set and we are root + + if(setgid(vars->Vuserpw->pw_gid) != 0) { + log_ereport( + LOG_LEVEL_ERROR, + "setgid(%d) failed", + vars->Vuserpw->pw_gid); + } else { + // setgid was successful + // we need to call initgroups to have all group permissions + if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) { + log_ereport(LOG_LEVEL_ERROR, "initgroups failed"); + } + } + + // change the uid + if(setuid(vars->Vuserpw->pw_uid)) { + log_ereport( + LOG_LEVEL_ERROR, + "setuid(%d) failed", + vars->Vuserpw->pw_uid); + } + } else if(vars->Vuserpw) { + log_ereport( + LOG_LEVEL_INFO, + "server must be started as root to change uid"); + } return 0;