From b8a3625690f39e22d8cd699598384bad472b6373 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 5 Aug 2014 13:52:48 +0200 Subject: SSSD: Load a user to run a service as from configuration Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl Reviewed-by: Simo Sorce (cherry picked from commit a10ac1d0a7210def232205a48c53a075930e82f6) --- src/monitor/monitor.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'src/monitor') diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index edd1c2dfc..df1cd5ca1 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -170,6 +170,10 @@ struct mt_ctx { struct sss_sigchild_ctx *sigchld_ctx; bool is_daemon; pid_t parent_pid; + + /* For running unprivileged services */ + uid_t uid; + gid_t gid; }; static int start_service(struct mt_svc *mt_svc); @@ -910,6 +914,29 @@ static char *check_services(char **services) return NULL; } +static int get_service_user(struct mt_ctx *ctx) +{ + errno_t ret; + char *user_str; + + ret = confdb_get_string(ctx->cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_USER_RUNAS, + SSSD_USER, &user_str); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the user to run as\n"); + return ret; + } + + ret = sss_user_by_name_or_uid(user_str, &ctx->uid, &ctx->gid); + talloc_free(user_str); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n"); + return ret; + } + + return EOK; +} + static int get_monitor_config(struct mt_ctx *ctx) { int ret; @@ -955,6 +982,12 @@ static int get_monitor_config(struct mt_ctx *ctx) ctx->num_services++; } + ret = get_service_user(ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to get the unprivileged user\n"); + return ret; + } + ret = confdb_get_domains(ctx->cdb, &ctx->domains); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured.\n"); @@ -1020,6 +1053,14 @@ static errno_t get_ping_config(struct mt_ctx *ctx, const char *path, return EOK; } +/* This is a temporary function that returns false if the service + * being started was only tested when running as root. + */ +static bool svc_supported_as_nonroot(const char *svc_name) +{ + return false; +} + static int get_service_config(struct mt_ctx *ctx, const char *name, struct mt_svc **svc_cfg) { @@ -1027,6 +1068,8 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, char *path; struct mt_svc *svc; time_t now = time(NULL); + uid_t uid = 0; + gid_t gid = 0; *svc_cfg = NULL; @@ -1066,6 +1109,11 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, return ret; } + if (svc_supported_as_nonroot(svc->name)) { + uid = ctx->uid; + gid = ctx->gid; + } + if (!svc->command) { svc->command = talloc_asprintf( svc, "%s/sssd_%s", SSSD_LIBEXEC_PATH, svc->name @@ -1075,6 +1123,14 @@ static int get_service_config(struct mt_ctx *ctx, const char *name, return ENOMEM; } + svc->command = talloc_asprintf_append(svc->command, + " --uid %"SPRIuid" --gid %"SPRIgid, + uid, gid); + if (!svc->command) { + talloc_free(svc); + return ENOMEM; + } + if (cmdline_debug_level != SSSDBG_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " -d %#.4x", cmdline_debug_level -- cgit