diff --git a/config.mk b/config.mk index 98f1021..1631637 100644 --- a/config.mk +++ b/config.mk @@ -1,5 +1,5 @@ # feuille version -VERSION = 1.6.20 +VERSION = 1.18.2 # paths (customize them to fit your system) PREFIX = /usr/local diff --git a/feuille.1 b/feuille.1 index f790afe..de70c4d 100644 --- a/feuille.1 +++ b/feuille.1 @@ -14,7 +14,7 @@ . ftr VB CB . ftr VBI CBI .\} -.TH "feuille" "1" "November 2022" "feuille 1.6.20" "" +.TH "feuille" "1" "November 2022" "feuille 1.18.2" "" .hy .SH NAME .PP diff --git a/feuille.c b/feuille.c index 9c261db..6277b79 100644 --- a/feuille.c +++ b/feuille.c @@ -16,6 +16,7 @@ #include "feuille.h" #include /* for errno, ERANGE, EAGAIN, EFBIG, ENOENT */ +#include /* for initgroups */ #include /* for USHRT_MAX, ULONG_MAX, CHAR_MAX, PATH_MAX, UCHA... */ #include /* for NULL, setlocale, LC_ALL */ #include /* for getpwnam, passwd */ @@ -315,10 +316,10 @@ int main(int argc, char *argv[]) verbose(2, "creating folder `%s'...", settings.output); if (realpath(settings.output, path) == NULL) - die(errno, "Could not get real path of directory `%s': %s\n", settings.output, strerror(errno)); + die(errno, "could not get real path of directory `%s': %s.\n", settings.output, strerror(errno)); if (access(path, W_OK) != 0) - die(errno, "Cannot write to directory `%s': %s\n", path, strerror(errno)); + die(errno, "cannot write to directory `%s': %s.\n", path, strerror(errno)); chdir(path); @@ -332,7 +333,7 @@ int main(int argc, char *argv[]) struct passwd *user; if ((user = getpwnam(settings.user)) == NULL) - die(1, "User `%s' doesn't exist\n", settings.user); + die(1, "user `%s' doesn't exist.\n", settings.user); uid = user->pw_uid; gid = user->pw_gid; @@ -349,7 +350,7 @@ int main(int argc, char *argv[]) int server; if ((server = initialize_server()) == -1) - die(errno, "Failed to initialize server socket: %s\n", strerror(errno)); + die(errno, "failed to initialize server socket: %f.\n", strerror(errno)); /* make feuille run in the background */ @@ -372,9 +373,17 @@ int main(int argc, char *argv[]) /* privileges drop */ verbose(2, "dropping root privileges..."); - setgid(gid); - setuid(uid); + /* switching groups */ + if (setgid(gid) != 0 || getgid() != gid) + die(1, "could not switch to group for user `%s'.\n", settings.user); + + if (initgroups(settings.user, gid) != 0) + die(1, "could not initialize other groups for user `%s'.\n", settings.user); + + /* switching user */ + if (setuid(uid) != 0 || getuid() != uid) + die(1, "could not switch to user `%s'.\n", settings.user); } #ifdef __OpenBSD__ @@ -383,7 +392,11 @@ int main(int argc, char *argv[]) #endif -#ifndef DEBUG +#ifdef DEBUG + /* do not create a thread pool if in DEBUG mode */ + verbose(1, "running in DEBUG mode, won't create a worker pool."); + accept_loop(server); +#else /* create a thread pool for incoming connections */ verbose(1, "initializing worker pool..."); @@ -394,14 +407,8 @@ int main(int argc, char *argv[]) accept_loop(server); } else if (pid < 0) - die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno)); + die(errno, "could not initialize worker n. %d: %s.\n", i, strerror(errno)); } -#else - /* do not create a thread pool if in DEBUG mode */ - verbose(1, "running in DEBUG mode, won't create a worker pool."); - accept_loop(server); -#endif - sleep(1); @@ -425,6 +432,7 @@ int main(int argc, char *argv[]) } else if (pid < 0) error("could not fork killed child again: ", strerror(errno)); } +#endif close(server); return 0;