From 0a0f75413597a0db818ad618efcd8b9739862ed0 Mon Sep 17 00:00:00 2001 From: "John \"Elwin\" Edwards" Date: Mon, 12 May 2014 08:59:47 -0700 Subject: [PATCH] Use posix.getpwnam() to look up UID/GID to drop to. This is more reliable than hardcoding the numbers. --- rlgwebd.js | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/rlgwebd.js b/rlgwebd.js index 13dfa53..821e774 100755 --- a/rlgwebd.js +++ b/rlgwebd.js @@ -17,8 +17,7 @@ var WebSocketServer = require("websocket").server; var ctlsocket = "/var/local/rlgwebd/ctl"; var httpPort = 8080; var chrootDir = "/var/dgl/"; -var dropToUID = 501; -var dropToGID = 501; +var dropToUser = "rodney"; var serveStaticRoot = "/var/www/"; // inside the chroot var playtimeout = 3600000; // Idle time before games are autosaved, in ms @@ -505,7 +504,7 @@ function checkprogress(user, game, callback, args) { function checksaved(user, game, callback, args) { var savedirc = game.uname + "save"; - var basename = String(dropToUID) + "-" + user + game.suffix; + var basename = String(pwent.uid) + "-" + user + game.suffix; var savefile = path.join("/var/games/roguelike", savedirc, basename); fs.exists(savefile, function (exist) { args.unshift(exist); @@ -1440,6 +1439,15 @@ var httpServer; // declare here so shutdown() can find it var wsServer; var progressWatcher; +var pwent; +try { + pwent = posix.getpwnam(dropToUser); +} +catch (err) { + tslog("Could not drop to user %s: user does not exist", dropToUser); + process.exit(1); +} + /* This could be nonblocking, but nothing else can start yet anyway. */ if (fs.existsSync(ctlsocket)) { fs.unlinkSync(ctlsocket); @@ -1462,8 +1470,8 @@ ctlServer.listen(ctlsocket, function () { } try { // drop gid first, that requires UID=0 - process.setgid(dropToGID); - process.setuid(dropToUID); + process.setgid(pwent.gid); + process.setuid(pwent.uid); } catch (err) { tslog("Could not drop permissions: %s", err);