Mercurial > hg > rlgwebd
comparison rlgwebd.js @ 157:e7f809f06c5c
Use posix.getpwnam() to look up UID/GID to drop to.
This is more reliable than hardcoding the numbers.
| author | John "Elwin" Edwards |
|---|---|
| date | Mon, 12 May 2014 08:59:47 -0700 |
| parents | 127f9e256d02 |
| children | 9961a538c00e |
comparison
equal
deleted
inserted
replaced
| 156:127f9e256d02 | 157:e7f809f06c5c |
|---|---|
| 15 /* Configuration variables */ | 15 /* Configuration variables */ |
| 16 // The first file is NOT in the chroot. | 16 // The first file is NOT in the chroot. |
| 17 var ctlsocket = "/var/local/rlgwebd/ctl"; | 17 var ctlsocket = "/var/local/rlgwebd/ctl"; |
| 18 var httpPort = 8080; | 18 var httpPort = 8080; |
| 19 var chrootDir = "/var/dgl/"; | 19 var chrootDir = "/var/dgl/"; |
| 20 var dropToUID = 501; | 20 var dropToUser = "rodney"; |
| 21 var dropToGID = 501; | |
| 22 var serveStaticRoot = "/var/www/"; // inside the chroot | 21 var serveStaticRoot = "/var/www/"; // inside the chroot |
| 23 var playtimeout = 3600000; // Idle time before games are autosaved, in ms | 22 var playtimeout = 3600000; // Idle time before games are autosaved, in ms |
| 24 | 23 |
| 25 /* Data on the games available. */ | 24 /* Data on the games available. */ |
| 26 var games = { | 25 var games = { |
| 503 }); | 502 }); |
| 504 } | 503 } |
| 505 | 504 |
| 506 function checksaved(user, game, callback, args) { | 505 function checksaved(user, game, callback, args) { |
| 507 var savedirc = game.uname + "save"; | 506 var savedirc = game.uname + "save"; |
| 508 var basename = String(dropToUID) + "-" + user + game.suffix; | 507 var basename = String(pwent.uid) + "-" + user + game.suffix; |
| 509 var savefile = path.join("/var/games/roguelike", savedirc, basename); | 508 var savefile = path.join("/var/games/roguelike", savedirc, basename); |
| 510 fs.exists(savefile, function (exist) { | 509 fs.exists(savefile, function (exist) { |
| 511 args.unshift(exist); | 510 args.unshift(exist); |
| 512 callback.apply(null, args); | 511 callback.apply(null, args); |
| 513 }); | 512 }); |
| 1438 | 1437 |
| 1439 var httpServer; // declare here so shutdown() can find it | 1438 var httpServer; // declare here so shutdown() can find it |
| 1440 var wsServer; | 1439 var wsServer; |
| 1441 var progressWatcher; | 1440 var progressWatcher; |
| 1442 | 1441 |
| 1442 var pwent; | |
| 1443 try { | |
| 1444 pwent = posix.getpwnam(dropToUser); | |
| 1445 } | |
| 1446 catch (err) { | |
| 1447 tslog("Could not drop to user %s: user does not exist", dropToUser); | |
| 1448 process.exit(1); | |
| 1449 } | |
| 1450 | |
| 1443 /* This could be nonblocking, but nothing else can start yet anyway. */ | 1451 /* This could be nonblocking, but nothing else can start yet anyway. */ |
| 1444 if (fs.existsSync(ctlsocket)) { | 1452 if (fs.existsSync(ctlsocket)) { |
| 1445 fs.unlinkSync(ctlsocket); | 1453 fs.unlinkSync(ctlsocket); |
| 1446 } | 1454 } |
| 1447 | 1455 |
| 1460 tslog("chroot to %s failed: %s", chrootDir, err); | 1468 tslog("chroot to %s failed: %s", chrootDir, err); |
| 1461 process.exit(1); | 1469 process.exit(1); |
| 1462 } | 1470 } |
| 1463 try { | 1471 try { |
| 1464 // drop gid first, that requires UID=0 | 1472 // drop gid first, that requires UID=0 |
| 1465 process.setgid(dropToGID); | 1473 process.setgid(pwent.gid); |
| 1466 process.setuid(dropToUID); | 1474 process.setuid(pwent.uid); |
| 1467 } | 1475 } |
| 1468 catch (err) { | 1476 catch (err) { |
| 1469 tslog("Could not drop permissions: %s", err); | 1477 tslog("Could not drop permissions: %s", err); |
| 1470 process.exit(1); | 1478 process.exit(1); |
| 1471 } | 1479 } |