summary refs log tree commit diff
path: root/service.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-08-16 17:28:57 -0400
committerJune McEnroe <june@causal.agency>2020-08-16 17:28:57 -0400
commit7d04a0f5e055a9067e0f6618de54c3bd56bdc999 (patch)
tree2d46aedcc2bc33f2ff990096f1999efc5c0bdf74 /service.c
parentClear groups list for services (diff)
downloadcatsit-7d04a0f5e055a9067e0f6618de54c3bd56bdc999.tar.gz
catsit-7d04a0f5e055a9067e0f6618de54c3bd56bdc999.zip
Add privileged services
This allows running things like kfcgi which do their own privilege
dropping and chrooting. Need to update the examples with something like
that.
Diffstat (limited to '')
-rw-r--r--service.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/service.c b/service.c
index e27437f..3178f79 100644
--- a/service.c
+++ b/service.c
@@ -100,6 +100,8 @@ int serviceAdd(const char *name, const char *command) {
 	service->command = strdup(command);
 	if (!service->command) goto err;
 
+	if (name[0] == '@') service->privileged = true;
+
 	int error = pipe2(service->outPipe, O_CLOEXEC);
 	if (error) goto err;
 
@@ -181,14 +183,16 @@ void serviceStart(struct Service *service) {
 	int error = chdir(serviceDir);
 	if (error) err(ExitNoExec, "%s", serviceDir);
 
-	error = setgid(serviceGID);
-	if (error) err(ExitNoExec, "setgid");
+	if (!service->privileged) {
+		error = setgid(serviceGID);
+		if (error) err(ExitNoExec, "setgid");
 
-	error = setgroups(1, &serviceGID);
-	if (error) err(ExitNoExec, "setgroups");
+		error = setgroups(1, &serviceGID);
+		if (error) err(ExitNoExec, "setgroups");
 
-	error = setuid(serviceUID);
-	if (error) err(ExitNoExec, "setuid");
+		error = setuid(serviceUID);
+		if (error) err(ExitNoExec, "setuid");
+	}
 
 	size_t len = 0;
 	char command[ARG_MAX];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-01 10:58:53 +0000