/* darkstat 3
- * copyright (c) 2001-2011 Emil Mikulic.
+ * copyright (c) 2001-2014 Emil Mikulic.
*
* conv.c: convenience functions.
*
#include "err.h"
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
+#include <limits.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
-#include <limits.h>
#define PATH_DEVNULL "/dev/null"
* For security, chroot (optionally) and drop privileges.
* Pass a NULL chroot_dir to disable chroot() behaviour.
*/
-void
-privdrop(const char *chroot_dir, const char *privdrop_user)
-{
+void privdrop(const char *chroot_dir, const char *privdrop_user) {
struct passwd *pw;
errno = 0;
else
err(1, "getpwnam(\"%s\") failed", privdrop_user);
}
- if (chroot_dir != NULL) {
+ if (chroot_dir == NULL) {
+ verbosef("no --chroot dir specified, darkstat will not chroot()");
+ } else {
tzset(); /* read /etc/localtime before we chroot */
if (chdir(chroot_dir) == -1)
err(1, "chdir(\"%s\") failed", chroot_dir);
err(1, "chroot(\"%s\") failed", chroot_dir);
verbosef("chrooted into: %s", chroot_dir);
}
+ {
+ gid_t list[1];
+ list[0] = pw->pw_gid;
+ if (setgroups(1, list) == -1)
+ err(1, "setgroups");
+ }
if (setgid(pw->pw_gid) == -1)
err(1, "setgid");
if (setuid(pw->pw_uid) == -1)
err(1, "fcntl(fd %d) to unset O_NONBLOCK", fd);
assert( (fcntl(fd, F_GETFL, 0) & O_NONBLOCK ) == 0 );
}
+
+/* vim:set ts=3 sw=3 tw=78 expandtab: */