add verbose logging for setuid/setgid and abort startup if setuid fails

Sun, 25 Sep 2022 11:00:38 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 25 Sep 2022 11:00:38 +0200
changeset 391
80ee93a7d257
parent 390
144332e23ffd
child 392
0aef555055ee

add verbose logging for setuid/setgid and abort startup if setuid fails

src/server/daemon/webserver.c file | annotate | diff | comparison | revisions
--- a/src/server/daemon/webserver.c	Sun Sep 25 10:51:47 2022 +0200
+++ b/src/server/daemon/webserver.c	Sun Sep 25 11:00:38 2022 +0200
@@ -140,26 +140,30 @@
     // change uid
     if(changeuid && ws_uid == 0) {
         // a webserver user is set and we are root
-        
+        log_ereport(LOG_VERBOSE, "setgid(%d)", vars->Vuserpw->pw_gid);
         if(setgid(vars->Vuserpw->pw_gid) != 0) {
             log_ereport(
                     LOG_FAILURE,
                     "setgid(%d) failed",
                     vars->Vuserpw->pw_gid);
+            return -1;
         } else {
             // setgid was successful
             // we need to call initgroups to have all group permissions
             if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) {
                 log_ereport(LOG_FAILURE, "initgroups failed");
+                return -1;
             }
         }
         
         // change the uid
+        log_ereport(LOG_VERBOSE, "setuid(%d)", vars->Vuserpw->pw_uid);
         if(setuid(vars->Vuserpw->pw_uid)) {
             log_ereport(
                     LOG_FAILURE,
                     "setuid(%d) failed",
                     vars->Vuserpw->pw_uid);
+            return -1;
         }
     } else if(vars->Vuserpw) {
         log_ereport(

mercurial