diff options
| -rw-r--r-- | plugins/mod_posix.lua | 2 | ||||
| -rwxr-xr-x | prosodyctl | 5 | ||||
| -rw-r--r-- | util-src/pposix.c | 59 |
3 files changed, 63 insertions, 3 deletions
diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 77b2f2a4..38195b13 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -7,7 +7,7 @@ -- -local want_pposix_version = "0.3.3"; +local want_pposix_version = "0.3.4"; local pposix = assert(require "util.pposix"); if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end @@ -79,7 +79,7 @@ require "util.datamanager".set_data_path(data_path); -- Switch away from root and into the prosody user -- local switched_user, current_uid; -local want_pposix_version = "0.3.3"; +local want_pposix_version = "0.3.4"; local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then @@ -91,6 +91,9 @@ if ok and pposix then local desired_group = config.get("*", "core", "prosody_group") or desired_user; local ok, err = pposix.setgid(desired_group); if ok then + ok, err = pposix.initgroups(desired_user); + end + if ok then ok, err = pposix.setuid(desired_user); if ok then -- Yay! diff --git a/util-src/pposix.c b/util-src/pposix.c index 9f16f178..1b1f85fd 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -13,7 +13,7 @@ * POSIX support functions for Lua */ -#define MODULE_VERSION "0.3.3" +#define MODULE_VERSION "0.3.4" #include <stdlib.h> #include <math.h> @@ -359,6 +359,62 @@ int lc_setgid(lua_State* L) return 2; } +int lc_initgroups(lua_State* L) +{ + int ret; + gid_t gid; + struct passwd *p; + + if(!lua_isstring(L, 1)) + { + lua_pushnil(L); + lua_pushstring(L, "invalid-username"); + return 2; + } + p = getpwnam(lua_tostring(L, 1)); + if(!p) + { + lua_pushnil(L); + lua_pushstring(L, "no-such-user"); + return 2; + } + if(lua_gettop(L) < 2) + lua_pushnil(L); + switch(lua_type(L, 2)) + { + case LUA_TNIL: + gid = p->pw_gid; + break; + case LUA_TNUMBER: + gid = lua_tointeger(L, 2); + break; + default: + lua_pushnil(L); + lua_pushstring(L, "invalid-gid"); + return 2; + } + ret = initgroups(lua_tostring(L, 1), gid); + switch(errno) + { + case 0: + lua_pushboolean(L, 1); + lua_pushnil(L); + break; + case ENOMEM: + lua_pushnil(L); + lua_pushstring(L, "no-memory"); + break; + case EPERM: + lua_pushnil(L); + lua_pushstring(L, "permission-denied"); + break; + default: + lua_pushnil(L); + lua_pushstring(L, "unknown-error"); + } + return 2; +} + int lc_umask(lua_State* L) { char old_mode_string[7]; @@ -517,6 +573,7 @@ int luaopen_util_pposix(lua_State *L) { "setuid", lc_setuid }, { "setgid", lc_setgid }, + { "initgroups", lc_initgroups }, { "umask", lc_umask }, |