From: Moritz Bunkus Date: Wed, 12 Jan 2011 10:17:54 +0000 (+0100) Subject: Gruppe und Benutzer beim Starten des Task-Servers ändern, sofern gewünscht X-Git-Tag: release-2.6.3~61^2~7^2~1^2~2^2~109 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=7056eb314ec1b4686239a4001564e7b0eb081183;p=kivitendo-erp.git Gruppe und Benutzer beim Starten des Task-Servers ändern, sofern gewünscht Conflicts: config/emmvee.conf.default --- diff --git a/config/task_server.conf.default b/config/task_server.conf.default index 688b70221..d72e63d29 100644 --- a/config/task_server.conf.default +++ b/config/task_server.conf.default @@ -3,3 +3,5 @@ login = # Set to 1 for debug messages in /tmp/lx-office-debug.log debug = 0 +# Chose a system user the daemon should run under when started as root. +run_as = www diff --git a/scripts/task_server.pl b/scripts/task_server.pl index 2519f2d81..470272b75 100755 --- a/scripts/task_server.pl +++ b/scripts/task_server.pl @@ -14,6 +14,7 @@ use Daemon::Generic; use Data::Dumper; use DateTime; use English qw(-no_match_vars); +use POSIX qw(setuid setgid); use SL::Auth; use SL::DB::BackgroundJob; use SL::BackgroundJob::ALL; @@ -58,6 +59,34 @@ sub lxinit { die "cannot find locale for user $login" unless $::locale = Locale->new('de'); } +sub drop_privileges { + my $user = $::emmvee_conf{task_server}->{run_as}; + return unless $user; + + my ($uid, $gid); + while (my @details = getpwent()) { + next unless $details[0] eq $user; + ($uid, $gid) = @details[2, 3]; + last; + } + endpwent(); + + if (!$uid) { + print "Error: Cannot drop privileges to ${user}: user does not exist\n"; + exit 1; + } + + if (!setgid($gid)) { + print "Error: Cannot drop group privileges to ${user} (group ID $gid): $!\n"; + exit 1; + } + + if (!setuid($uid)) { + print "Error: Cannot drop user privileges to ${user} (user ID $uid): $!\n"; + exit 1; + } +} + sub gd_preconfig { my $self = shift; @@ -66,6 +95,7 @@ sub gd_preconfig { die "Missing section [task_server] in config file" unless $config{task_server}; die "Missing key 'login' in section [task_server] in config file" unless $config{task_server}->{login}; + drop_privileges(); lxinit(); return ();