diff options
-rw-r--r-- | conf/inspircd.conf.example | 10 | ||||
-rw-r--r-- | include/configreader.h | 5 | ||||
-rw-r--r-- | src/configreader.cpp | 3 | ||||
-rw-r--r-- | src/inspircd.cpp | 51 |
4 files changed, 69 insertions, 0 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index 595c97cfd..35c59588c 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -554,6 +554,16 @@ # channels. operspywhois="no" + # runasuser: If this is set, InspIRCd will attempt to setuid + # to run as this user- allows binding of ports under 1024. + # NOT SUPPORTED/NEEDED UNDER WIINDOWS. + #runasuser="" + + # runasgroup: If this is set, InspIRCd will attempt to set group + # to run under this group, which allowsof ports under 1024 + # NOT SUPPORTED/NEEDED UNDER WIINDOWS. + #runasgroup="" + # userstats: /stats commands that users can run (oeprs can run all). userstats="Pu"> diff --git a/include/configreader.h b/include/configreader.h index 89116c5c5..2ccabc5b4 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -406,6 +406,11 @@ class CoreExport ServerConfig : public Extensible */ int WhoWasMaxKeep; + /** Both for set(g|u)id. + */ + char SetUser[MAXBUF]; + char SetGroup[MAXBUF]; + /** Holds the server name of the local server * as defined by the administrator. */ diff --git a/src/configreader.cpp b/src/configreader.cpp index 189146137..5523397f4 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -803,6 +803,9 @@ void ServerConfig::Read(bool bail, const std::string &useruid) {"disabled", "usermodes", "", new ValueContainerChar (disabledumodes), DT_CHARPTR, ValidateDisabledUModes}, {"disabled", "chanmodes", "", new ValueContainerChar (disabledcmodes), DT_CHARPTR, ValidateDisabledCModes}, {"disabled", "fakenonexistant", "0", new ValueContainerBool (&this->DisabledDontExist), DT_BOOLEAN, NoValidation}, + + {"security", "runasuser", "", new ValueContainerChar(this->SetUser), DT_CHARPTR, NoValidation}, + {"security", "runasgroup", "", new ValueContainerChar(this->SetGroup), DT_CHARPTR, NoValidation}, {"security", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation}, {"security", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation}, {"security", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation}, diff --git a/src/inspircd.cpp b/src/inspircd.cpp index 463f9d82f..9a64331b5 100644 --- a/src/inspircd.cpp +++ b/src/inspircd.cpp @@ -35,6 +35,9 @@ #include <stdlib.h> #include <crtdbg.h> #endif + + #include <pwd.h> // setuid + #include <grp.h> // setgid #endif #include <fstream> @@ -726,6 +729,54 @@ InspIRCd::InspIRCd(int argc, char** argv) Logs->Log("STARTUP", DEFAULT, "Startup complete as '%s'[%s], %d max open sockets", Config->ServerName,Config->GetSID().c_str(), SE->GetMaxFds()); +#ifndef WIN32 + if (*(this->Config->SetUser)) + { + // setuid + struct passwd *u; + + errno = 0; + u = getpwnam(this->Config->SetUser); + + if (!u) + { + this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno)); + this->QuickExit(0); + } + + int ret = setuid(u->pw_uid); + + if (ret == -1) + { + this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno)); + this->QuickExit(0); + } + } + + if (*(this->Config->SetGroup)) + { + // setgid + struct group *g; + + errno = 0; + g = getgrnam(this->Config->SetGroup); + + if (!g) + { + this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno)); + this->QuickExit(0); + } + + int ret = setgid(g->gr_gid); + + if (ret == -1) + { + this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno)); + this->QuickExit(0); + } + } +#endif + this->WritePID(Config->PID); } |