diff --git a/README.md b/README.md index 1cbe477..a0263bf 100644 --- a/README.md +++ b/README.md @@ -115,13 +115,15 @@ http://domain.com/abcdef/ #### User name #### -If you use fiche as service (see details below) you may want to save files as other user, to do that use `-u` option, -there's example: +Set the user that fiche runs as using the `-u` option, example: ``` -fiche -u http +fiche -u _fiche ``` +This option has effect only if fiche was started by root, otherwise it is ignored and fiche runs under the +current user id. + ----------------- #### Buffersize #### @@ -221,7 +223,7 @@ You can run fiche as service, there is simple systemd example: Description=FICHE-SERVER [Service] -ExecStart=/usr/local/bin/fiche -d code.solusipse.net -o /home/www/code/ -l /home/www/log.txt +ExecStart=/usr/local/bin/fiche -d code.solusipse.net -o /home/www/code/ -l /home/www/log.txt -u _fiche [Install] WantedBy=multi-user.target diff --git a/fiche.c b/fiche.c index c4f9c4c..514d5ae 100644 --- a/fiche.c +++ b/fiche.c @@ -36,6 +36,17 @@ int main(int argc, char **argv) time_seed = time(0); parse_parameters(argc, argv); + + if (getuid() == 0) + { + if (UID == -1) + error("ERROR: user not set"); + if (setgid(GID) != 0) + error("ERROR: Unable to drop group privileges"); + if (setuid(UID) != 0) + error("ERROR: Unable to drop user privileges"); + } + if (BASEDIR == NULL) set_basedir(); @@ -255,12 +266,11 @@ void load_list(char *file_path, int type) int create_socket() { int lsocket = socket(AF_INET, SOCK_STREAM, 0); + if (lsocket < 0) - { error("ERROR: Couldn't open socket"); - return 0; - } - else return lsocket; + + return lsocket; } struct sockaddr_in set_address(struct sockaddr_in server_address) @@ -317,8 +327,6 @@ int create_directory(char *slug) mkdir(BASEDIR, S_IRWXU | S_IRGRP | S_IROTH | S_IXOTH | S_IXGRP); int result = mkdir(directory, S_IRWXU | S_IRGRP | S_IROTH | S_IXOTH | S_IXGRP); - change_owner(directory); - free(directory); return result; @@ -335,18 +343,11 @@ void save_to_file(char *slug, char *buffer, struct client_data data) fprintf(fp, "%s", buffer); fclose(fp); - change_owner(directory); display_info(data, directory, ""); free(directory); } -void change_owner(char *directory) -{ - if (UID != -1 && GID != -1) - chown(directory, UID, GID); -} - void set_uid_gid(char *username) { struct passwd *userdata = getpwnam(username); @@ -388,6 +389,12 @@ void startup_message() printf("====================================\n"); } +void error(char *buffer) +{ + printf("%s\n", buffer); + exit(1); +} + void parse_parameters(int argc, char **argv) { int c; diff --git a/fiche.h b/fiche.h index b68e2af..8c843a5 100644 --- a/fiche.h +++ b/fiche.h @@ -80,7 +80,7 @@ int create_directory(char *slug); int check_protocol(char *buffer); void bind_to_port(int listen_socket, struct sockaddr_in serveraddr); -void error(char *error_code){perror(error_code); exit(1);} +void error(char *buffer); void perform_connection(int listen_socket); void generate_url(char *buffer, char *slug, size_t slug_length, struct client_data data); void save_to_file(char *buffer, char *slug, struct client_data data); @@ -90,7 +90,6 @@ void set_basedir(); void load_list(char *file_path, int type); void parse_parameters(int argc, char **argv); void save_log(char *slug, char *hostaddrp, char *h_name); -void change_owner(char *directory); void set_uid_gid(); char *check_banlist(char *ip_address);