summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--conf/inspircd.conf.example10
-rw-r--r--include/configreader.h5
-rw-r--r--src/configreader.cpp3
-rw-r--r--src/inspircd.cpp51
4 files changed, 69 insertions, 0 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example
index 595c97cfd..35c59588c 100644
--- a/conf/inspircd.conf.example
+++ b/conf/inspircd.conf.example
@@ -554,6 +554,16 @@
# channels.
operspywhois="no"
+ # runasuser: If this is set, InspIRCd will attempt to setuid
+ # to run as this user- allows binding of ports under 1024.
+ # NOT SUPPORTED/NEEDED UNDER WIINDOWS.
+ #runasuser=""
+
+ # runasgroup: If this is set, InspIRCd will attempt to set group
+ # to run under this group, which allowsof ports under 1024
+ # NOT SUPPORTED/NEEDED UNDER WIINDOWS.
+ #runasgroup=""
+
# userstats: /stats commands that users can run (oeprs can run all).
userstats="Pu">
diff --git a/include/configreader.h b/include/configreader.h
index 89116c5c5..2ccabc5b4 100644
--- a/include/configreader.h
+++ b/include/configreader.h
@@ -406,6 +406,11 @@ class CoreExport ServerConfig : public Extensible
*/
int WhoWasMaxKeep;
+ /** Both for set(g|u)id.
+ */
+ char SetUser[MAXBUF];
+ char SetGroup[MAXBUF];
+
/** Holds the server name of the local server
* as defined by the administrator.
*/
diff --git a/src/configreader.cpp b/src/configreader.cpp
index 189146137..5523397f4 100644
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@@ -803,6 +803,9 @@ void ServerConfig::Read(bool bail, const std::string &useruid)
{"disabled", "usermodes", "", new ValueContainerChar (disabledumodes), DT_CHARPTR, ValidateDisabledUModes},
{"disabled", "chanmodes", "", new ValueContainerChar (disabledcmodes), DT_CHARPTR, ValidateDisabledCModes},
{"disabled", "fakenonexistant", "0", new ValueContainerBool (&this->DisabledDontExist), DT_BOOLEAN, NoValidation},
+
+ {"security", "runasuser", "", new ValueContainerChar(this->SetUser), DT_CHARPTR, NoValidation},
+ {"security", "runasgroup", "", new ValueContainerChar(this->SetGroup), DT_CHARPTR, NoValidation},
{"security", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation},
{"security", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation},
{"security", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation},
diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index 463f9d82f..9a64331b5 100644
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -35,6 +35,9 @@
#include <stdlib.h>
#include <crtdbg.h>
#endif
+
+ #include <pwd.h> // setuid
+ #include <grp.h> // setgid
#endif
#include <fstream>
@@ -726,6 +729,54 @@ InspIRCd::InspIRCd(int argc, char** argv)
Logs->Log("STARTUP", DEFAULT, "Startup complete as '%s'[%s], %d max open sockets", Config->ServerName,Config->GetSID().c_str(), SE->GetMaxFds());
+#ifndef WIN32
+ if (*(this->Config->SetUser))
+ {
+ // setuid
+ struct passwd *u;
+
+ errno = 0;
+ u = getpwnam(this->Config->SetUser);
+
+ if (!u)
+ {
+ this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno));
+ this->QuickExit(0);
+ }
+
+ int ret = setuid(u->pw_uid);
+
+ if (ret == -1)
+ {
+ this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno));
+ this->QuickExit(0);
+ }
+ }
+
+ if (*(this->Config->SetGroup))
+ {
+ // setgid
+ struct group *g;
+
+ errno = 0;
+ g = getgrnam(this->Config->SetGroup);
+
+ if (!g)
+ {
+ this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno));
+ this->QuickExit(0);
+ }
+
+ int ret = setgid(g->gr_gid);
+
+ if (ret == -1)
+ {
+ this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno));
+ this->QuickExit(0);
+ }
+ }
+#endif
+
this->WritePID(Config->PID);
}