From f100998d091a4d12b724f1a0f6b568e341c3e467 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9E=D0=BB=D0=B5=D0=B3=20=D0=91=D0=BE=D1=80=D0=BE=D0=B4?= =?UTF-8?q?=D0=B8=D0=BD?= Date: Mon, 13 Apr 2026 19:43:19 +0200 Subject: [PATCH] server: now change effective user/group if current user == 0 --- app/server/server.go | 66 ++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/app/server/server.go b/app/server/server.go index ed00faf..1e0d20b 100644 --- a/app/server/server.go +++ b/app/server/server.go @@ -150,43 +150,59 @@ func (srv *Server) Build() error { var err error //srv.logg.Infof("Server building") - usr, err := user.Lookup(srv.conf.RunUser) + currUser, err := user.Current() + if err != nil { + err = fmt.Errorf("Error getting current user: %v\n", err) + return err + } + cuid64, err := strconv.ParseInt(currUser.Uid, 10, 64) if err != nil { return err } - uid64, err := strconv.ParseInt(usr.Uid, 10, 64) + cgid64, err := strconv.ParseInt(currUser.Gid, 10, 64) if err != nil { return err } - gid64, err := strconv.ParseInt(usr.Gid, 10, 64) - if err != nil { - return err + euid := int(cuid64) + egid := int(cgid64) + if cuid64 == 0 { + usr, err := user.Lookup(srv.conf.RunUser) + if err != nil { + return err + } + uid64, err := strconv.ParseInt(usr.Uid, 10, 64) + if err != nil { + return err + } + gid64, err := strconv.ParseInt(usr.Gid, 10, 64) + if err != nil { + return err + } + euid = int(uid64) + egid = int(gid64) } - uid := int(uid64) - gid := int(gid64) - // Creating datadir datadir := srv.conf.Datadir if !auxtool.DirExists(datadir) { // TODO: check access to dir - srv.logg.Infof("Creating data directory %s ", datadir) + //srv.logg.Infof("Creating data directory %s ", datadir) err = os.MkdirAll(datadir, 0750) if err != nil { return err } } - err = os.Chown(datadir, uid, gid) + err = os.Chown(datadir, euid, egid) if err != nil { return err } if srv.conf.AsDaemon { logdir := filepath.Dir(srv.conf.Logpath) - srv.logg.Infof("Creating log directory %s", logdir) + //srv.logg.Infof("Creating log directory %s", logdir) err = os.MkdirAll(logdir, 0750) if err != nil { return err } - err = os.Chown(logdir, uid, gid) + err = os.Chown(logdir, euid, egid) if err != nil { return err } @@ -196,7 +212,7 @@ func (srv *Server) Build() error { if err != nil { return err } - err = os.Chown(rundir, uid, gid) + err = os.Chown(rundir, euid, egid) if err != nil { return err } @@ -239,7 +255,7 @@ func (srv *Server) Build() error { if err != nil { return err } - err = os.Chown(datadir, uid, gid) + err = os.Chown(datadir, euid, egid) if err != nil { return err } @@ -252,22 +268,24 @@ func (srv *Server) Build() error { } srv.listen = listener - // Change effective user amd group - err = syscall.Setuid(uid) - if err != nil { - return err - } - err = syscall.Setgid(gid) - if err != nil { - return err + if cuid64 == 0 { + // Change effective user and group + err = syscall.Setuid(euid) + if err != nil { + return err + } + err = syscall.Setgid(egid) + if err != nil { + return err + } } + uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) - usr, err = user.LookupId(uidstr) + usr, err := user.LookupId(uidstr) if err != nil { return err } srv.logg.Warningf("Now run as user: %s", usr.Username) - // Creating database mdb := maindb.NewDatabase(dbdir) srv.logg.Infof("Opening main database")