Ticket #7832: drop_permissions.patch
File drop_permissions.patch, 3.9 KB (added by , 16 years ago) |
---|
-
libs/libmythdb/exitcodes.h
60 60 #define BACKEND_EXIT_NO_CAP_CARD GENERIC_EXIT_START-11 61 61 #define BACKEND_EXIT_NO_CHAN_DATA GENERIC_EXIT_START-12 62 62 #define BACKEND_EXIT_START GENERIC_EXIT_START-12 63 #define BACKEND_EXIT_PERMISSIONS_ERROR GENERIC_EXIT_START-13 63 64 64 65 // mythtranscode 65 66 #define TRANSCODE_EXIT_OK GENERIC_EXIT_OK -
programs/mythbackend/main.cpp
17 17 #include <fstream> 18 18 #include <cstdlib> 19 19 #include <cerrno> 20 #include <pwd.h> 20 21 using namespace std; 21 22 22 23 #ifndef _WIN32 … … 472 473 "-d or --daemon Runs mythbackend as a daemon" << endl << 473 474 "-v or --verbose debug-level Use '-v help' for level info" << endl << 474 475 "--setverbose debug-level Change debug level of running master backend" << endl << 476 "--user username Drop permissions to username after starting" << endl << 475 477 476 478 "--printexpire List of auto-expire programs" << endl << 477 479 "--printsched Upcoming scheduled programs" << endl << … … 547 549 bool testsched = false; 548 550 bool setverbose = false; 549 551 QString newverbose = ""; 552 QString username = ""; 550 553 bool resched = false; 551 554 bool nosched = false; 552 555 bool noupnp = false; … … 630 633 cerr << "Missing argument to --setverbose option\n"; 631 634 return BACKEND_EXIT_INVALID_CMDLINE; 632 635 } 633 } 636 } 637 else if (!strcmp(a.argv()[argpos],"--user")) 638 { 639 if (a.argc()-1 > argpos) 640 { 641 username = a.argv()[argpos+1]; 642 ++argpos; 643 } 644 else 645 { 646 cerr << "Missing argument to --user option\n"; 647 return BACKEND_EXIT_INVALID_CMDLINE; 648 } 649 } 634 650 else if (!strcmp(a.argv()[argpos],"--printsched")) 635 651 { 636 652 printsched = true; … … 835 851 return BACKEND_EXIT_DAEMONIZING_ERROR; 836 852 } 837 853 854 if (username.length() > 0) 855 { 856 struct passwd *user_info; 857 uid_t user_id = geteuid(); 858 char c_username[username.length()+1]; 838 859 860 strcpy(c_username, username.toAscii().data()); 861 user_info = getpwnam(c_username); 862 863 if (user_id && (!user_info || user_id != user_info->pw_uid)) 864 { 865 VERBOSE(VB_IMPORTANT, "The --user switch only works if running as root."); 866 return BACKEND_EXIT_PERMISSIONS_ERROR; 867 } 868 else if (user_info && user_id == user_info->pw_uid) 869 VERBOSE(VB_IMPORTANT, QString("Already running as '%1'").arg(username)); 870 else if (!user_id && user_info) 871 { 872 if (setenv("HOME",user_info->pw_dir,1) == -1) 873 { 874 VERBOSE(VB_IMPORTANT, "Error setting home directory."); 875 return BACKEND_EXIT_PERMISSIONS_ERROR; 876 } 877 if (setgid(user_info->pw_gid) == -1) 878 { 879 VERBOSE(VB_IMPORTANT, "Error setting effective group."); 880 return BACKEND_EXIT_PERMISSIONS_ERROR; 881 } 882 if (setuid(user_info->pw_uid) == -1) 883 { 884 VERBOSE(VB_IMPORTANT, "Error setting effective user."); 885 return BACKEND_EXIT_PERMISSIONS_ERROR; 886 } 887 } 888 else 889 { 890 VERBOSE(VB_IMPORTANT, QString("Invalid user '%1' specified in arguments").arg(username)); 891 return BACKEND_EXIT_PERMISSIONS_ERROR; 892 } 893 } 894 839 895 if (pidfs) 840 896 { 841 897 pidfs << getpid() << endl;