From a14cb37d199fec9227f668fe107bf38f99b8b842 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Sun, 22 Dec 2013 16:13:56 -0500
Subject: Add support for dropping privileges
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the 'proxy user' configuation option is set in the [gssproxy] section then
GSS Proxy will drop privileges to the specified after setting up all the
sockets.

Care must be taken to make sure all the resources the daemon need access to
(keytabs, ccache directories, etc..) are accessible as the proxy user.

Implements: https://fedorahosted.org/gss-proxy/ticket/102

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
---
 proxy/src/gssproxy.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'proxy/src/gssproxy.c')

diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
index 1fca922..1bf0a0b 100644
--- a/proxy/src/gssproxy.c
+++ b/proxy/src/gssproxy.c
@@ -142,6 +142,11 @@ int main(int argc, const char *argv[])
     /* special call to tell the Linux kernel gss-proxy is available */
     init_proc_nfsd(gpctx->config);
 
+    ret = drop_privs(gpctx->config);
+    if (ret) {
+        exit(EXIT_FAILURE);
+    }
+
     ret = gp_workers_init(gpctx);
     if (ret) {
         exit(EXIT_FAILURE);
-- 
cgit