ziggi/mstore
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Wiki Activity

server: now change effective user/group if current user == 0

Browse Source
This commit is contained in:
Олег Бородин
2026-04-13 19:43:19 +02:00
parent 414093242d
commit f100998d09
1 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/server/server.go
+32 -14
View File
@@ -150,6 +150,22 @@ func (srv *Server) Build() error {
var err error var err error
//srv.logg.Infof("Server building") //srv.logg.Infof("Server building")
currUser, err := user.Current()
if err != nil {
err = fmt.Errorf("Error getting current user: %v\n", err)
return err
}
cuid64, err := strconv.ParseInt(currUser.Uid, 10, 64)
if err != nil {
return err
}
cgid64, err := strconv.ParseInt(currUser.Gid, 10, 64)
if err != nil {
return err
}
euid := int(cuid64)
egid := int(cgid64)
if cuid64 == 0 {
usr, err := user.Lookup(srv.conf.RunUser) usr, err := user.Lookup(srv.conf.RunUser)
if err != nil { if err != nil {
return err return err
@@ -162,31 +178,31 @@ func (srv *Server) Build() error {
if err != nil { if err != nil {
return err return err
} }
uid := int(uid64) euid = int(uid64)
gid := int(gid64) egid = int(gid64)
}
// Creating datadir // Creating datadir
datadir := srv.conf.Datadir datadir := srv.conf.Datadir
if !auxtool.DirExists(datadir) { // TODO: check access to dir if !auxtool.DirExists(datadir) { // TODO: check access to dir
srv.logg.Infof("Creating data directory %s ", datadir) //srv.logg.Infof("Creating data directory %s ", datadir)
err = os.MkdirAll(datadir, 0750) err = os.MkdirAll(datadir, 0750)
if err != nil { if err != nil {
return err return err
} }
} }
err = os.Chown(datadir, uid, gid) err = os.Chown(datadir, euid, egid)
if err != nil { if err != nil {
return err return err
} }
if srv.conf.AsDaemon { if srv.conf.AsDaemon {
logdir := filepath.Dir(srv.conf.Logpath) logdir := filepath.Dir(srv.conf.Logpath)
srv.logg.Infof("Creating log directory %s", logdir) //srv.logg.Infof("Creating log directory %s", logdir)
err = os.MkdirAll(logdir, 0750) err = os.MkdirAll(logdir, 0750)
if err != nil { if err != nil {
return err return err
} }
err = os.Chown(logdir, uid, gid) err = os.Chown(logdir, euid, egid)
if err != nil { if err != nil {
return err return err
} }
@@ -196,7 +212,7 @@ func (srv *Server) Build() error {
if err != nil { if err != nil {
return err return err
} }
err = os.Chown(rundir, uid, gid) err = os.Chown(rundir, euid, egid)
if err != nil { if err != nil {
return err return err
} }
@@ -239,7 +255,7 @@ func (srv *Server) Build() error {
if err != nil { if err != nil {
return err return err
} }
err = os.Chown(datadir, uid, gid) err = os.Chown(datadir, euid, egid)
if err != nil { if err != nil {
return err return err
} }
@@ -252,22 +268,24 @@ func (srv *Server) Build() error {
} }
srv.listen = listener srv.listen = listener
// Change effective user amd group if cuid64 == 0 {
err = syscall.Setuid(uid) // Change effective user and group
err = syscall.Setuid(euid)
if err != nil { if err != nil {
return err return err
} }
err = syscall.Setgid(gid) err = syscall.Setgid(egid)
if err != nil { if err != nil {
return err return err
} }
}
uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
usr, err = user.LookupId(uidstr) usr, err := user.LookupId(uidstr)
if err != nil { if err != nil {
return err return err
} }
srv.logg.Warningf("Now run as user: %s", usr.Username) srv.logg.Warningf("Now run as user: %s", usr.Username)
// Creating database // Creating database
mdb := maindb.NewDatabase(dbdir) mdb := maindb.NewDatabase(dbdir)
srv.logg.Infof("Opening main database") srv.logg.Infof("Opening main database")