mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_posix: Remove ancient undocumented user switching

Browse source 
User switching has been done by prosodyctl or init scripts for a very
long time now, so this is not needed.

Using this would not have worked with module reloading (e.g. to reload
certificates) since ports are closed and re-bound, which would then not
be allowed.

Today there exists better ways to grant low ports, i.e. capabilities(7)

<Zash> Why do we have this?
<MattJ> Remove it
This commit is contained in:
Kim Alvefur 2020-08-24 19:48:47 +02:00
parent 21ecc6ca39
commit f25f4bb11a
1 changed files with 4 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

35
plugins/mod_posix.lua
View file

@ -30,39 +30,12 @@ module:set_global(); -- we're a global module
local umask = module:get_option_string("umask", "027");
pposix.umask(umask);
-- Allow switching away from root, some people like strange ports.
module:hook("server-started", function ()
local uid = module:get_option("setuid");
local gid = module:get_option("setgid");
if gid then
local success, msg = pposix.setgid(gid);
if success then
module:log("debug", "Changed group to %s successfully.", gid);
else
module:log("error", "Failed to change group to %s. Error: %s", gid, msg);
prosody.shutdown("Failed to change group to %s", gid);
end
end
if uid then
local success, msg = pposix.setuid(uid);
if success then
module:log("debug", "Changed user to %s successfully.", uid);
else
module:log("error", "Failed to change user to %s. Error: %s", uid, msg);
prosody.shutdown("Failed to change user to %s", uid);
end
end
end);
-- Don't even think about it!
if not prosody.start_time then -- server-starting
local suid = module:get_option("setuid");
if not suid or suid == 0 or suid == "root" then
if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
prosody.shutdown("Refusing to run as root");
end
if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
prosody.shutdown("Refusing to run as root");
end
end