Sun, 25 Sep 2022 11:00:38 +0200
add verbose logging for setuid/setgid and abort startup if setuid fails
src/server/daemon/webserver.c | file | annotate | diff | comparison | revisions |
--- a/src/server/daemon/webserver.c Sun Sep 25 10:51:47 2022 +0200 +++ b/src/server/daemon/webserver.c Sun Sep 25 11:00:38 2022 +0200 @@ -140,26 +140,30 @@ // change uid if(changeuid && ws_uid == 0) { // a webserver user is set and we are root - + log_ereport(LOG_VERBOSE, "setgid(%d)", vars->Vuserpw->pw_gid); if(setgid(vars->Vuserpw->pw_gid) != 0) { log_ereport( LOG_FAILURE, "setgid(%d) failed", vars->Vuserpw->pw_gid); + return -1; } else { // setgid was successful // we need to call initgroups to have all group permissions if(initgroups(vars->Vuserpw->pw_name, vars->Vuserpw->pw_gid)!=0) { log_ereport(LOG_FAILURE, "initgroups failed"); + return -1; } } // change the uid + log_ereport(LOG_VERBOSE, "setuid(%d)", vars->Vuserpw->pw_uid); if(setuid(vars->Vuserpw->pw_uid)) { log_ereport( LOG_FAILURE, "setuid(%d) failed", vars->Vuserpw->pw_uid); + return -1; } } else if(vars->Vuserpw) { log_ereport(