diff --git a/documentation/Mainpage.md b/documentation/Mainpage.md index 47fbaa294..51de56a7d 100644 --- a/documentation/Mainpage.md +++ b/documentation/Mainpage.md @@ -35,6 +35,7 @@ Install these via: $ sudo yum install iproute2 or: + $ sudo apt-get install iproute2 ## Configuration @@ -45,9 +46,6 @@ See [configuration](Configuration.md) for more information. The S2SS server (`server`) expects the path to a configuration file as a single argument. -The server requires root privileges during the startup. -Afterwards privileges can be dropped by using the `user` and `group` settings in the config file. - Usage: ./server CONFIG CONFIG is a required path to a configuration file @@ -55,6 +53,12 @@ Afterwards privileges can be dropped by using the `user` and `group` settings in Copyright 2014, Institute for Automation of Complex Power Systems, EONERC Steffen Vogel +The server requires root privileges for: + + - Enable the realtime fifo scheduler + - Increase the task priority + - Configure the network emulator (netem) + - Change the SMP affinity of threads and network interrupts ### Examples diff --git a/server/etc/example.conf b/server/etc/example.conf index 2b775537c..86c563ccd 100644 --- a/server/etc/example.conf +++ b/server/etc/example.conf @@ -5,9 +5,6 @@ name = "s2ss"; # The name of this node affinity = 0x02; # Mask of cores the server should run on priority = 50; # Scheduler priority for the server -user = "acs-admin"; # Drop privileges after initialization -group = "acs-admin"; - nodes = { acs = { id = 1, # Device ID diff --git a/server/src/cfg.c b/server/src/cfg.c index 140ef01e8..c5c712085 100644 --- a/server/src/cfg.c +++ b/server/src/cfg.c @@ -69,30 +69,6 @@ int config_parse_global(config_setting_t *cfg, struct settings *set) config_setting_lookup_int(cfg, "priority", &set->priority); config_setting_lookup_int(cfg, "protocol", &set->protocol); - const char *user = NULL; - const char *group = NULL; - - config_setting_lookup_string(cfg, "user", &user); - config_setting_lookup_string(cfg, "group", &group); - - /* Lookup uid and gid */ - if (user) { - struct passwd *pw = getpwnam(user); - if (!pw) - error("Unknown username: '%s'", user); - - set->uid = pw->pw_uid; - set->gid = pw->pw_gid; - } - - if (group) { - struct group *gr = getgrnam(group); - if (!gr) - error("Unknown group: '%s'", group); - - set->gid = gr->gr_gid; - } - set->cfg = cfg; return CONFIG_TRUE; diff --git a/server/src/server.c b/server/src/server.c index ad0acf72b..d9d20262a 100644 --- a/server/src/server.c +++ b/server/src/server.c @@ -104,9 +104,6 @@ static void stop() node_disconnect(n); } - if (getuid() != 0) - return; /* The following tasks require root privs */ - /* Determine default affinity */ FILE * f = fopen("/proc/irq/default_smp_affinity", "r"); fscanf(f, "%x", &affinity); @@ -187,15 +184,6 @@ int main(int argc, char *argv[]) /* Connect all nodes and start one thread per path */ start(); - /* Process is running as root, drop privileges */ - if (getuid() == 0) { - if (setgid(settings.gid) || setuid(settings.uid)) - perror("Unable to drop privileges"); - else - debug(3, "Dropped privileges to uid = %u, gid = %u", - settings.uid, settings.gid); - } - /* Main thread is sleeping */ pause();