#include <sys/socket.h>
#include <arpa/inet.h>
#include <pwd.h>
+#include <grp.h>
#include "util.h"
#include "conffile.h"
bool_t just_check_config=False;
static char *userid=NULL;
static uid_t uid=0;
+static gid_t gid;
bool_t background=True;
static char *pidfile=NULL;
bool_t require_root_privileges=False;
{"nodetach", 0, 0, 'n'},
{"silent", 0, 0, 'f'},
{"quiet", 0, 0, 'f'},
- {"debug", 1, 0, 'd'},
+ {"debug", 0, 0, 'd'},
{"config", 1, 0, 'c'},
{"just-check-config", 0, 0, 'j'},
{"sites-key", 1, 0, 's'},
" -s, --sites-key=name configuration key that "
"specifies active sites\n"
" -n, --nodetach do not run in background\n"
- " -d, --debug=item,... set debug options\n"
+ " -d, --debug output debug messages\n"
" --help display this help and exit\n"
" --version output version information "
"and exit\n"
break;
case '?':
+ exit(1);
break;
default:
/* Who are we supposed to run as? */
userid=dict_read_string(system,"userid",False,"system",loc);
if (userid) {
- do {
- pw=getpwent();
- if (pw && strcmp(pw->pw_name,userid)==0) {
- uid=pw->pw_uid;
- break;
- }
- } while(pw);
- endpwent();
- if (uid==0) {
+ if(!(pw=getpwnam(userid)))
fatal("userid \"%s\" not found",userid);
- }
+ uid=pw->pw_uid;
+ gid=pw->pw_gid;
}
/* Pidfile name */
((uint64_t)tv_now_global.tv_usec/(uint64_t)1000);
idx=0;
for (i=reg; i; i=i->next) {
- if(fds[idx].revents & POLLNVAL) {
- fatal("run: poll (%s) set POLLNVAL", i->desc);
+ int check;
+ for (check=0; check<i->nfds; check++) {
+ if(fds[idx+check].revents & POLLNVAL) {
+ fatal("run: poll (%s#%d) set POLLNVAL", i->desc, check);
+ }
}
i->after(i->state, fds+idx, i->nfds);
idx+=i->nfds;
}
/* Now drop privileges */
- if (uid!=0) {
+ if (userid) {
+ if (setgid(gid)!=0)
+ fatal_perror("can't set gid to %ld",(long)gid);
+ if(initgroups(userid, gid) < 0)
+ fatal_perror("initgroups");
if (setuid(uid)!=0) {
fatal_perror("can't set uid to \"%s\"",userid);
}
+ assert(getuid() == uid);
+ assert(geteuid() == uid);
+ assert(getgid() == gid);
+ assert(getegid() == gid);
}
if (background) {
p=fork();