summaryrefslogtreecommitdiffstats
path: root/src/util
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-10-06 16:28:13 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-10-20 21:43:40 +0200
commitac40d2f2b2b2fc35c95389f5e28febd580bd2b7a (patch)
tree865e8082df8d8c40208ed7db21fd4c29707daac3 /src/util
parent9c47c8c59b5c9078f342f82367cd0ad7857acef8 (diff)
downloadsssd-ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a.tar.gz
sssd-ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a.tar.xz
sssd-ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a.zip
SSSD: Add the options to specify a UID and GID to run as
Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r--src/util/server.c8
-rw-r--r--src/util/util.h7
2 files changed, 15 insertions, 0 deletions
diff --git a/src/util/server.c b/src/util/server.c
index 51934f8ba..3a84dee0c 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -412,6 +412,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
}
int server_setup(const char *name, int flags,
+ uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx)
{
@@ -426,6 +427,13 @@ int server_setup(const char *name, int flags,
struct tevent_signal *tes;
struct logrotate_ctx *lctx;
+ ret = become_user(uid, gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FUNC_DATA,
+ "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid);
+ return ret;
+ }
+
debug_prg_name = strdup(name);
if (!debug_prg_name) {
return ENOMEM;
diff --git a/src/util/util.h b/src/util/util.h
index 0af4db3fe..cc5588c18 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -175,6 +175,12 @@ errno_t set_debug_file_from_fd(const int fd);
#define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS
+#define SSSD_SERVER_OPTS(uid, gid) \
+ {"uid", 0, POPT_ARG_INT, &uid, 0, \
+ _("The user ID to run the server as"), NULL}, \
+ {"gid", 0, POPT_ARG_INT, &gid, 0, \
+ _("The group ID to run the server as"), NULL},
+
#define FLAGS_NONE 0x0000
#define FLAGS_DAEMON 0x0001
#define FLAGS_INTERACTIVE 0x0002
@@ -242,6 +248,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb,
int die_if_parent_died(void);
int pidfile(const char *path, const char *name);
int server_setup(const char *name, int flags,
+ uid_t uid, gid_t gid,
const char *conf_entry,
struct main_context **main_ctx);
void server_loop(struct main_context *main_ctx);
generated by cgit (git 2.34.1) at 2024-04-30 09:06:24 +0000