summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2004-07-15 04:13:35 (UTC)
committer Michael Krelin <hacker@klever.net>2004-07-15 04:13:35 (UTC)
commit5e437102c59f4544e3803598eabcb643d403272d (patch) (side-by-side diff)
tree7703657f2dac2fd9fb2b2a1f453ca2f30227efa1
parent4f8a6f291a231410a03c438bc9d63a7beb861e7b (diff)
downloaddudki-5e437102c59f4544e3803598eabcb643d403272d.zip
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.gz
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.bz2
initgroups() call added when changing uid
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--src/process.cc17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc
index fda35e8..bfab311 100644
--- a/src/process.cc
+++ b/src/process.cc
@@ -37,88 +37,91 @@ void process::check(const string& id,configuration& config) {
syslog(LOG_NOTICE,"The process '%s' is down, trying to launch.",id.c_str());
do_notify(id,"Starting up",
"The named process seems to be down. Dudki will try\n"
"to revive it by running the specified command.\n",
config);
try {
launch(id,config);
}catch(exception& e) {
syslog(LOG_ERR,"Error trying to launch process '%s': %s",id.c_str(),e.what());
}
}else if(patience==10){ // TODO: configurable like the above
syslog(LOG_NOTICE,"Giving up on process '%s' for a while",id.c_str());
do_notify(id,"Giving up",
"After a number of attempts to relaunch the named process\n"
"It still seems to be down. Dudki is giving up attempts\n"
"to revive the process for a while.\n",
config);
}
patience++;
}
}
}
void process::launch(const string& id,configuration& config) {
- uid_t uid = 0;
+ uid_t uid = (uid_t)-1;
+ gid_t gid = (gid_t)-1;
if(!user.empty()) {
struct passwd *ptmp = getpwnam(user.c_str());
if(ptmp) {
uid = ptmp->pw_uid;
+ gid = ptmp->pw_gid;
}else{
errno=0;
uid = strtol(user.c_str(),NULL,0);
if(errno)
throw runtime_error("Failed to resolve User value to uid");
}
}
- gid_t gid = 0;
if(!group.empty()) {
struct group *gtmp = getgrnam(group.c_str());
if(gtmp) {
gid = gtmp->gr_gid;
}else{
errno = 0;
gid = strtol(group.c_str(),NULL,0);
if(errno)
throw runtime_error("Failed to reslove Group value to gid");
}
}
pid_t p = fork();
if(p<0)
throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to fork()");
if(!p) {
// child
try {
setsid();
+ if(user.empty()) {
+ if((getgid()!=gid) && setgid(gid))
+ throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
+ }else{
+ if(initgroups(user.c_str(),gid))
+ throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()");
+ }
if(!chroot.empty()) {
if(::chroot(chroot.c_str()))
throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()");
}
- if(!group.empty()) {
- // TODO: initgroups()?
- if((getgid()!=gid) && setgid(gid))
- throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
- }
if(!user.empty()) {
if((getuid()!=uid) && setuid(uid))
throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()");
}
char *argv[] = { "/bin/sh", "-c", (char*)restart_cmd.c_str(), NULL };
close(0); close(1); close(2);
execv("/bin/sh",argv);
}catch(exception& e) {
syslog(LOG_ERR,"Error trying to launch process '%s': %s",id.c_str(),e.what());
}
_exit(-1);
}
// parent
int rv;
if(waitpid(p,&rv,0)<0)
throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to waitpid()");
}
void process::do_notify(const string& id,const string& event,const string& description,configuration& config) {
string the_notify;
if(!notify.empty())
the_notify=notify;
else if(!config.notify.empty())
the_notify=config.notify;