X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=daemon.c;h=d3a43b9a2de32fe50f2a42009cbcfb7830972985;hp=616fd2c2f9adf7f9afb927ce840a00a0ae01aa97;hb=b7cbaf0b4dc832e8277b5867505dac59bb803d44;hpb=2ed89c59f0efcd0a2763f47c7d3455663241e623

diff --git a/daemon.c b/daemon.c
index 616fd2c2..d3a43b9a 100644
--- a/daemon.c
+++ b/daemon.c
@@ -20,6 +20,11 @@
 #include "para.h"
 #include "daemon.h"
 #include <pwd.h>
+
+/* getgrnam() */
+#include <sys/types.h>
+#include <grp.h>
+
 #include "string.h"
 
 /**
@@ -61,15 +66,17 @@ void daemon_init(void)
  *
  * Either calls exit() or returns a valid file handle.
  */
-/* might be called from para_log, so we must not use para_log */
 FILE *open_log(const char *logfile_name)
 {
 	FILE *logfile;
 
 	if (!logfile_name)
 		return NULL;
-	if (!(logfile = fopen(logfile_name, "a")))
+	if (!(logfile = fopen(logfile_name, "a"))) {
+		PARA_EMERG_LOG("can not open %s, uid: %d\n", logfile_name,
+			getuid());
 		exit(EXIT_FAILURE);
+	}
 	setlinebuf(logfile);
 	return logfile;
 }
@@ -101,20 +108,33 @@ void log_welcome(const char *whoami, int loglevel)
 /**
  * give up superuser privileges
  *
- * This function returns immediately if not invoked with EUID zero.  Otherwise,
- * it tries to obtain the UID for the user specified by \a username and exits
- * if this user was not found. On success, effective and real UID and the saved
- * set-user-ID are all set to the UID of \a username.
+ * This function returns immediately if not invoked with EUID zero. Otherwise,
+ * it tries to obtain the GID of \a groupname and the UID of \a username.  On
+ * success, effective and real GID/UID and the saved set-group-ID/set-user-ID
+ * are all set accordingly. On errors, an appropriate message is logged and exit()
+ * is called to terminate the process.
  *
- * \sa getpwnam(3), getuid(2), setuid(2)
+ * \sa getpwnam(3), getuid(2), setuid(2), getgrnam(2), setgid(2)
  */
-void para_drop_privileges(const char *username)
+void para_drop_privileges(const char *username, const char *groupname)
 {
 	struct passwd *p;
 	char *tmp;
 
 	if (geteuid())
 		return;
+	if (groupname) {
+		struct group *g = getgrnam(groupname);
+		if (!g) {
+			PARA_EMERG_LOG("failed to get group %s\n", groupname);
+			exit(EXIT_FAILURE);
+		}
+		if (setgid(g->gr_gid) < 0) {
+			PARA_EMERG_LOG("failed to set group id %d (%s)\n",
+				g->gr_gid, strerror(errno));
+			exit(EXIT_FAILURE);
+		}
+	}
 	if (!username) {
 		PARA_EMERG_LOG("%s", "root privileges, but no user option given\n");
 		exit(EXIT_FAILURE);
@@ -126,7 +146,7 @@ void para_drop_privileges(const char *username)
 		PARA_EMERG_LOG("%s", "no such user\n");
 		exit(EXIT_FAILURE);
 	}
-	PARA_NOTICE_LOG("%s", "dropping root privileges\n");
+	PARA_INFO_LOG("%s", "dropping root privileges\n");
 	setuid(p->pw_uid);
 	PARA_DEBUG_LOG("uid: %d, euid: %d\n", getuid(), geteuid());
 	setuid(p->pw_uid);
@@ -170,4 +190,3 @@ __malloc char *uptime_str(void)
 	return make_message("%li:%02li:%02li", t / 86400,
 		(t / 3600) % 24, (t / 60) % 60);
 }
-