From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Wed, 12 Jan 2011 10:17:54 +0000 (+0100)
Subject: Gruppe und Benutzer beim Starten des Task-Servers ändern, sofern gewünscht
X-Git-Tag: release-2.6.3~61^2~7^2~1^2~2^2~109
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=7056eb314ec1b4686239a4001564e7b0eb081183;p=kivitendo-erp.git

Gruppe und Benutzer beim Starten des Task-Servers ändern, sofern gewünscht

Conflicts:

	config/emmvee.conf.default
---

diff --git a/config/task_server.conf.default b/config/task_server.conf.default
index 688b70221..d72e63d29 100644
--- a/config/task_server.conf.default
+++ b/config/task_server.conf.default
@@ -3,3 +3,5 @@
 login =
 # Set to 1 for debug messages in /tmp/lx-office-debug.log
 debug = 0
+# Chose a system user the daemon should run under when started as root.
+run_as = www
diff --git a/scripts/task_server.pl b/scripts/task_server.pl
index 2519f2d81..470272b75 100755
--- a/scripts/task_server.pl
+++ b/scripts/task_server.pl
@@ -14,6 +14,7 @@ use Daemon::Generic;
 use Data::Dumper;
 use DateTime;
 use English qw(-no_match_vars);
+use POSIX qw(setuid setgid);
 use SL::Auth;
 use SL::DB::BackgroundJob;
 use SL::BackgroundJob::ALL;
@@ -58,6 +59,34 @@ sub lxinit {
   die "cannot find locale for user $login" unless $::locale   = Locale->new('de');
 }
 
+sub drop_privileges {
+  my $user = $::emmvee_conf{task_server}->{run_as};
+  return unless $user;
+
+  my ($uid, $gid);
+  while (my @details = getpwent()) {
+    next unless $details[0] eq $user;
+    ($uid, $gid) = @details[2, 3];
+    last;
+  }
+  endpwent();
+
+  if (!$uid) {
+    print "Error: Cannot drop privileges to ${user}: user does not exist\n";
+    exit 1;
+  }
+
+  if (!setgid($gid)) {
+    print "Error: Cannot drop group privileges to ${user} (group ID $gid): $!\n";
+    exit 1;
+  }
+
+  if (!setuid($uid)) {
+    print "Error: Cannot drop user privileges to ${user} (user ID $uid): $!\n";
+    exit 1;
+  }
+}
+
 sub gd_preconfig {
   my $self = shift;
 
@@ -66,6 +95,7 @@ sub gd_preconfig {
   die "Missing section [task_server] in config file"                unless $config{task_server};
   die "Missing key 'login' in section [task_server] in config file" unless $config{task_server}->{login};
 
+  drop_privileges();
   lxinit();
 
   return ();