diff rlgwebd.js @ 157:e7f809f06c5c

Use posix.getpwnam() to look up UID/GID to drop to. This is more reliable than hardcoding the numbers.
author John "Elwin" Edwards
date Mon, 12 May 2014 08:59:47 -0700
parents 127f9e256d02
children 9961a538c00e
line wrap: on
line diff
--- a/rlgwebd.js	Tue Apr 01 16:43:35 2014 -0700
+++ b/rlgwebd.js	Mon May 12 08:59:47 2014 -0700
@@ -17,8 +17,7 @@
 var ctlsocket = "/var/local/rlgwebd/ctl";
 var httpPort = 8080;
 var chrootDir = "/var/dgl/";
-var dropToUID = 501;
-var dropToGID = 501;
+var dropToUser = "rodney";
 var serveStaticRoot = "/var/www/"; // inside the chroot
 var playtimeout = 3600000; // Idle time before games are autosaved, in ms
 
@@ -505,7 +504,7 @@
 
 function checksaved(user, game, callback, args) {
   var savedirc = game.uname + "save";
-  var basename = String(dropToUID) + "-" + user + game.suffix;
+  var basename = String(pwent.uid) + "-" + user + game.suffix;
   var savefile = path.join("/var/games/roguelike", savedirc, basename);
   fs.exists(savefile, function (exist) {
     args.unshift(exist);
@@ -1440,6 +1439,15 @@
 var wsServer;
 var progressWatcher;
 
+var pwent; 
+try {
+  pwent = posix.getpwnam(dropToUser);
+}
+catch (err) {
+  tslog("Could not drop to user %s: user does not exist", dropToUser);
+  process.exit(1);
+}
+
 /* This could be nonblocking, but nothing else can start yet anyway. */
 if (fs.existsSync(ctlsocket)) {
   fs.unlinkSync(ctlsocket);
@@ -1462,8 +1470,8 @@
   }
   try {
     // drop gid first, that requires UID=0
-    process.setgid(dropToGID);
-    process.setuid(dropToUID);
+    process.setgid(pwent.gid);
+    process.setuid(pwent.uid);
   }
   catch (err) {
     tslog("Could not drop permissions: %s", err);