diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-06 16:28:13 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 23:30:56 +0200 |
commit | b967aefd1c7463ecad93f63d67c77446584cc829 (patch) | |
tree | 67abe7d33b279e5be473da89fe49ddc26c01ee1d /src/util | |
parent | 7d5eda445b127f4fdb5ff2f680792d46aa82439b (diff) | |
download | sssd-b967aefd1c7463ecad93f63d67c77446584cc829.tar.gz sssd-b967aefd1c7463ecad93f63d67c77446584cc829.tar.xz sssd-b967aefd1c7463ecad93f63d67c77446584cc829.zip |
SSSD: Add the options to specify a UID and GID to run as
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.
So far all code still runs as root.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/server.c | 8 | ||||
-rw-r--r-- | src/util/util.h | 7 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/util/server.c b/src/util/server.c index 51934f8ba..3a84dee0c 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -412,6 +412,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb, } int server_setup(const char *name, int flags, + uid_t uid, gid_t gid, const char *conf_entry, struct main_context **main_ctx) { @@ -426,6 +427,13 @@ int server_setup(const char *name, int flags, struct tevent_signal *tes; struct logrotate_ctx *lctx; + ret = become_user(uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_FUNC_DATA, + "Cannot become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid); + return ret; + } + debug_prg_name = strdup(name); if (!debug_prg_name) { return ENOMEM; diff --git a/src/util/util.h b/src/util/util.h index 0af4db3fe..cc5588c18 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -175,6 +175,12 @@ errno_t set_debug_file_from_fd(const int fd); #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS +#define SSSD_SERVER_OPTS(uid, gid) \ + {"uid", 0, POPT_ARG_INT, &uid, 0, \ + _("The user ID to run the server as"), NULL}, \ + {"gid", 0, POPT_ARG_INT, &gid, 0, \ + _("The group ID to run the server as"), NULL}, + #define FLAGS_NONE 0x0000 #define FLAGS_DAEMON 0x0001 #define FLAGS_INTERACTIVE 0x0002 @@ -242,6 +248,7 @@ errno_t server_common_rotate_logs(struct confdb_ctx *confdb, int die_if_parent_died(void); int pidfile(const char *path, const char *name); int server_setup(const char *name, int flags, + uid_t uid, gid_t gid, const char *conf_entry, struct main_context **main_ctx); void server_loop(struct main_context *main_ctx); |