]>
Commit | Line | Data |
---|---|---|
c9f6ad73 ER |
1 | Patch to make flashpolicyd to run as user nobody/nobody with --user nobody |
2 | argument. | |
3 | ||
4 | -- | |
5 | Signed-off-by: Elan Ruusamäe <glen@delfi.ee> | |
6 | ||
ee211994 ER |
7 | --- flashpolicyd-2.1/flashpolicyd.rb 2009-10-08 00:11:42.000000000 +0300 |
8 | +++ flashpolicyd-2.1/flashpolicyd~ 2010-02-09 19:34:24.850284233 +0200 | |
9 | @@ -60,6 +60,7 @@ | |
10 | [ '--verbose', '-v', GetoptLong::NO_ARGUMENT], | |
11 | [ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT], | |
12 | [ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT], | |
13 | + [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT], | |
14 | [ '--logfile', GetoptLong::REQUIRED_ARGUMENT], | |
15 | [ '--help', '-h', GetoptLong::NO_ARGUMENT] | |
16 | ) | |
17 | @@ -71,6 +72,7 @@ | |
18 | @logfreq = 1800 | |
19 | xmlfile = "" | |
20 | logfile = "" | |
21 | +user = "" | |
22 | ||
23 | opts.each { |opt, arg| | |
24 | case opt | |
25 | @@ -86,6 +88,8 @@ | |
26 | exit | |
27 | when '--xml' | |
28 | xmlfile = arg | |
29 | + when '--user' | |
30 | + user = arg | |
31 | when '--verbose' | |
32 | @verbose = true | |
33 | when '--maxclients' | |
34 | @@ -393,6 +397,17 @@ | |
35 | server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, @verbose) | |
36 | server.start | |
37 | ||
c9f6ad73 ER |
38 | + # change user after binding to port |
39 | + if (user.length > 0) | |
ee211994 | 40 | + require 'etc' |
c9f6ad73 ER |
41 | + uid = Etc.getpwnam(user).uid |
42 | + gid = Etc.getpwnam(user).gid | |
ee211994 ER |
43 | + # Change process ownership |
44 | + Process.initgroups(user, gid) | |
45 | + Process::GID.change_privilege(gid) | |
46 | + Process::UID.change_privilege(uid) | |
47 | + end | |
48 | + | |
49 | # Send HUP to toggle debug mode or not for a running server | |
50 | trap("HUP") { | |
51 | server.toggledebug |