summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpsychon <psychon@e03df62e-2008-0410-955e-edbf42e46eb7>2008-10-22 09:14:31 +0000
committerpsychon <psychon@e03df62e-2008-0410-955e-edbf42e46eb7>2008-10-22 09:14:31 +0000
commited70b60ad828d01cc18462cc5f50461ad84ef01c (patch)
treedd3fcdc255f2718af62b90287aa92c69d326e26a
parentf7730d08b695019c84a0b5961d8fb6bdb67365b9 (diff)
First set our group id, then the user id, because we need to be root to set the
group (else it always fails with EPERM). Plus also call setgroups(0, NULL); to get rid of the supplementary groups. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@10684 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--src/inspircd.cpp43
1 files changed, 27 insertions, 16 deletions
diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index 9a64331b5..f1cccab19 100644
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -730,48 +730,59 @@ InspIRCd::InspIRCd(int argc, char** argv)
Logs->Log("STARTUP", DEFAULT, "Startup complete as '%s'[%s], %d max open sockets", Config->ServerName,Config->GetSID().c_str(), SE->GetMaxFds());
#ifndef WIN32
- if (*(this->Config->SetUser))
+ if (*(this->Config->SetGroup))
{
- // setuid
- struct passwd *u;
+ int ret;
+
+ // setgroups
+ ret = setgroups(0, NULL);
+
+ if (ret == -1)
+ {
+ this->Logs->Log("SETGROUPS", DEFAULT, "setgroups() failed (wtf?): %s", strerror(errno));
+ this->QuickExit(0);
+ }
+
+ // setgid
+ struct group *g;
errno = 0;
- u = getpwnam(this->Config->SetUser);
+ g = getgrnam(this->Config->SetGroup);
- if (!u)
+ if (!g)
{
- this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno));
+ this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno));
this->QuickExit(0);
}
- int ret = setuid(u->pw_uid);
+ ret = setgid(g->gr_gid);
if (ret == -1)
{
- this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno));
+ this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno));
this->QuickExit(0);
}
}
- if (*(this->Config->SetGroup))
+ if (*(this->Config->SetUser))
{
- // setgid
- struct group *g;
+ // setuid
+ struct passwd *u;
errno = 0;
- g = getgrnam(this->Config->SetGroup);
+ u = getpwnam(this->Config->SetUser);
- if (!g)
+ if (!u)
{
- this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno));
+ this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno));
this->QuickExit(0);
}
- int ret = setgid(g->gr_gid);
+ int ret = setuid(u->pw_uid);
if (ret == -1)
{
- this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno));
+ this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno));
this->QuickExit(0);
}
}