Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
However, we still want to initialize supplementary group ids
(including the default one), thus we have to store the specific
one in a dedicated structure element.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
INSTANCE_ATTR_WATCH,
INSTANCE_ATTR_ERROR,
INSTANCE_ATTR_USER,
INSTANCE_ATTR_WATCH,
INSTANCE_ATTR_ERROR,
INSTANCE_ATTR_USER,
INSTANCE_ATTR_STDOUT,
INSTANCE_ATTR_STDERR,
INSTANCE_ATTR_NO_NEW_PRIVS,
INSTANCE_ATTR_STDOUT,
INSTANCE_ATTR_STDERR,
INSTANCE_ATTR_NO_NEW_PRIVS,
[INSTANCE_ATTR_WATCH] = { "watch", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_ERROR] = { "error", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_USER] = { "user", BLOBMSG_TYPE_STRING },
[INSTANCE_ATTR_WATCH] = { "watch", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_ERROR] = { "error", BLOBMSG_TYPE_ARRAY },
[INSTANCE_ATTR_USER] = { "user", BLOBMSG_TYPE_STRING },
+ [INSTANCE_ATTR_GROUP] = { "group", BLOBMSG_TYPE_STRING },
[INSTANCE_ATTR_STDOUT] = { "stdout", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_STDERR] = { "stderr", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_NO_NEW_PRIVS] = { "no_new_privs", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_STDOUT] = { "stdout", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_STDERR] = { "stderr", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_NO_NEW_PRIVS] = { "no_new_privs", BLOBMSG_TYPE_BOOL },
- if (in->user && in->gid && initgroups(in->user, in->gid)) {
+ if (in->user && in->pw_gid && initgroups(in->user, in->pw_gid)) {
ERROR("failed to initgroups() for user %s: %m\n", in->user);
exit(127);
}
ERROR("failed to initgroups() for user %s: %m\n", in->user);
exit(127);
}
- if (in->gid && setgid(in->gid)) {
- ERROR("failed to set group id %d: %m\n", in->gid);
+ if (in->gr_gid && setgid(in->gr_gid)) {
+ ERROR("failed to set group id %d: %m\n", in->gr_gid);
exit(127);
}
if (in->uid && setuid(in->uid)) {
exit(127);
}
if (in->uid && setuid(in->uid)) {
if (string_changed(in->user, in_new->user))
return true;
if (string_changed(in->user, in_new->user))
return true;
+ if (string_changed(in->group, in_new->group))
+ return true;
+
if (in->uid != in_new->uid)
return true;
if (in->uid != in_new->uid)
return true;
- if (in->gid != in_new->gid)
+ if (in->pw_gid != in_new->pw_gid)
return true;
if (string_changed(in->pidfile, in_new->pidfile))
return true;
if (string_changed(in->pidfile, in_new->pidfile))
if (p) {
in->user = strdup(user);
in->uid = p->pw_uid;
if (p) {
in->user = strdup(user);
in->uid = p->pw_uid;
+ in->gr_gid = in->pw_gid = p->pw_gid;
+ }
+ }
+
+ if (tb[INSTANCE_ATTR_GROUP]) {
+ const char *group = blobmsg_get_string(tb[INSTANCE_ATTR_GROUP]);
+ struct group *p = getgrnam(group);
+ if (p) {
+ in->group = strdup(group);
+ in->gr_gid = p->gr_gid;
instance_config_cleanup(in);
free(in->config);
free(in->user);
instance_config_cleanup(in);
free(in->config);
free(in->user);
+ gid_t pw_gid;
+ char *group;
+ gid_t gr_gid;