warden/rlgwebd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use posix.getpwnam() to look up UID/GID to drop to.

Browse source 
This is more reliable than hardcoding the numbers.
This commit is contained in:
John "Elwin" Edwards 2014-05-12 08:59:47 -07:00
parent 2e5e5d02da
commit 0a0f754135
1 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
rlgwebd.js
View file

@ -17,8 +17,7 @@ var WebSocketServer = require("websocket").server;
var ctlsocket = "/var/local/rlgwebd/ctl"; var ctlsocket = "/var/local/rlgwebd/ctl";
var httpPort = 8080; var httpPort = 8080;
var chrootDir = "/var/dgl/"; var chrootDir = "/var/dgl/";
var dropToUID = 501; var dropToUser = "rodney";
var dropToGID = 501;
var serveStaticRoot = "/var/www/"; // inside the chroot var serveStaticRoot = "/var/www/"; // inside the chroot
var playtimeout = 3600000; // Idle time before games are autosaved, in ms var playtimeout = 3600000; // Idle time before games are autosaved, in ms
@ -505,7 +504,7 @@ function checkprogress(user, game, callback, args) {
function checksaved(user, game, callback, args) { function checksaved(user, game, callback, args) {
var savedirc = game.uname + "save"; var savedirc = game.uname + "save";
var basename = String(dropToUID) + "-" + user + game.suffix; var basename = String(pwent.uid) + "-" + user + game.suffix;
var savefile = path.join("/var/games/roguelike", savedirc, basename); var savefile = path.join("/var/games/roguelike", savedirc, basename);
fs.exists(savefile, function (exist) { fs.exists(savefile, function (exist) {
args.unshift(exist); args.unshift(exist);
@ -1440,6 +1439,15 @@ var httpServer; // declare here so shutdown() can find it
var wsServer; var wsServer;
var progressWatcher; var progressWatcher;
var pwent;
try {
pwent = posix.getpwnam(dropToUser);
}
catch (err) {
tslog("Could not drop to user %s: user does not exist", dropToUser);
process.exit(1);
}
/* This could be nonblocking, but nothing else can start yet anyway. */ /* This could be nonblocking, but nothing else can start yet anyway. */
if (fs.existsSync(ctlsocket)) { if (fs.existsSync(ctlsocket)) {
fs.unlinkSync(ctlsocket); fs.unlinkSync(ctlsocket);
@ -1462,8 +1470,8 @@ ctlServer.listen(ctlsocket, function () {
} }
try { try {
// drop gid first, that requires UID=0 // drop gid first, that requires UID=0
process.setgid(dropToGID); process.setgid(pwent.gid);
process.setuid(dropToUID); process.setuid(pwent.uid);
} }
catch (err) { catch (err) {
tslog("Could not drop permissions: %s", err); tslog("Could not drop permissions: %s", err);