From 7056eb314ec1b4686239a4001564e7b0eb081183 Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Wed, 12 Jan 2011 11:17:54 +0100
Subject: [PATCH] =?utf8?q?Gruppe=20und=20Benutzer=20beim=20Starten=20des?=
 =?utf8?q?=20Task-Servers=20=C3=A4ndern,=20sofern=20gew=C3=BCnscht?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Conflicts:

	config/emmvee.conf.default
---
 config/task_server.conf.default |  2 ++
 scripts/task_server.pl          | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/config/task_server.conf.default b/config/task_server.conf.default
index 688b70221..d72e63d29 100644
--- a/config/task_server.conf.default
+++ b/config/task_server.conf.default
@@ -3,3 +3,5 @@
 login =
 # Set to 1 for debug messages in /tmp/lx-office-debug.log
 debug = 0
+# Chose a system user the daemon should run under when started as root.
+run_as = www
diff --git a/scripts/task_server.pl b/scripts/task_server.pl
index 2519f2d81..470272b75 100755
--- a/scripts/task_server.pl
+++ b/scripts/task_server.pl
@@ -14,6 +14,7 @@ use Daemon::Generic;
 use Data::Dumper;
 use DateTime;
 use English qw(-no_match_vars);
+use POSIX qw(setuid setgid);
 use SL::Auth;
 use SL::DB::BackgroundJob;
 use SL::BackgroundJob::ALL;
@@ -58,6 +59,34 @@ sub lxinit {
   die "cannot find locale for user $login" unless $::locale   = Locale->new('de');
 }
 
+sub drop_privileges {
+  my $user = $::emmvee_conf{task_server}->{run_as};
+  return unless $user;
+
+  my ($uid, $gid);
+  while (my @details = getpwent()) {
+    next unless $details[0] eq $user;
+    ($uid, $gid) = @details[2, 3];
+    last;
+  }
+  endpwent();
+
+  if (!$uid) {
+    print "Error: Cannot drop privileges to ${user}: user does not exist\n";
+    exit 1;
+  }
+
+  if (!setgid($gid)) {
+    print "Error: Cannot drop group privileges to ${user} (group ID $gid): $!\n";
+    exit 1;
+  }
+
+  if (!setuid($uid)) {
+    print "Error: Cannot drop user privileges to ${user} (user ID $uid): $!\n";
+    exit 1;
+  }
+}
+
 sub gd_preconfig {
   my $self = shift;
 
@@ -66,6 +95,7 @@ sub gd_preconfig {
   die "Missing section [task_server] in config file"                unless $config{task_server};
   die "Missing key 'login' in section [task_server] in config file" unless $config{task_server}->{login};
 
+  drop_privileges();
   lxinit();
 
   return ();
-- 
2.20.1