mirror of
https://git.rwth-aachen.de/acs/public/villas/node/
synced 2025-03-09 00:00:00 +01:00
drop root privileges as asap
git-svn-id: https://zerberus.eonerc.rwth-aachen.de:8443/svn/s2ss/trunk@66 8ec27952-4edc-4aab-86aa-e87bb2611832
This commit is contained in:
parent
ee57014ec4
commit
f4767d6814
4 changed files with 43 additions and 1 deletions
|
|
@ -5,6 +5,9 @@ name = "s2ss"; # The name of this node
|
|||
affinity = 0x02; # Mask of cores the server should run on
|
||||
priority = 50; # Scheduler priority for the server
|
||||
|
||||
user = "acs-admin"; # Drop privileges after initialization
|
||||
group = "acs-admin";
|
||||
|
||||
nodes = {
|
||||
acs = {
|
||||
id = 1, # Device ID
|
||||
|
|
|
|||
|
|
@ -23,6 +23,10 @@ struct settings {
|
|||
int affinity;
|
||||
/** Protocol version of UDP packages */
|
||||
int protocol;
|
||||
/** User for the server process */
|
||||
int uid;
|
||||
/** Group for the server process */
|
||||
int gid;
|
||||
|
||||
/** A libconfig object pointing to the root of the config file */
|
||||
config_setting_t *cfg;
|
||||
|
|
|
|||
28
src/cfg.c
28
src/cfg.c
|
|
@ -5,10 +5,12 @@
|
|||
* @copyright 2014, Institute for Automation of Complex Power Systems, EONERC
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <netdb.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <stdlib.h>
|
||||
#include <grp.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#include "cfg.h"
|
||||
#include "node.h"
|
||||
|
|
@ -86,6 +88,30 @@ int config_parse_global(config_setting_t *cfg, struct settings *set)
|
|||
config_setting_lookup_int(cfg, "priority", &set->priority);
|
||||
config_setting_lookup_int(cfg, "protocol", &set->protocol);
|
||||
|
||||
const char *user = NULL;
|
||||
const char *group = NULL;
|
||||
|
||||
config_setting_lookup_string(cfg, "user", &user);
|
||||
config_setting_lookup_string(cfg, "group", &group);
|
||||
|
||||
/* Lookup uid and gid */
|
||||
if (user) {
|
||||
struct passwd *pw = getpwnam(user);
|
||||
if (!pw)
|
||||
error("Unknown username: '%s'", user);
|
||||
|
||||
set->uid = pw->pw_uid;
|
||||
set->gid = pw->pw_gid;
|
||||
}
|
||||
|
||||
if (group) {
|
||||
struct group *gr = getgrnam(group);
|
||||
if (!gr)
|
||||
error("Unknown group: '%s'", group);
|
||||
|
||||
set->gid = gr->gr_gid;
|
||||
}
|
||||
|
||||
set->cfg = cfg;
|
||||
|
||||
return CONFIG_TRUE;
|
||||
|
|
|
|||
|
|
@ -120,6 +120,15 @@ int main(int argc, char *argv[])
|
|||
/* Connect all nodes and start one thread per path */
|
||||
start();
|
||||
|
||||
/* Process is running as root, drop privileges */
|
||||
if (getuid() == 0) {
|
||||
if (setgid(settings.gid) || setuid(settings.uid))
|
||||
perror("Unable to drop privileges");
|
||||
else
|
||||
debug(3, "Dropped privileges to uid = %u, gid = %u",
|
||||
settings.uid, settings.gid);
|
||||
}
|
||||
|
||||
/* Main thread is sleeping */
|
||||
pause();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue