prosody
93cdd1ece689
plugins/mod_posix.lua
Software / code / prosody
Comparison
plugins/mod_posix.lua @ 11047:93cdd1ece689
mod_posix: Remove ancient undocumented user switching
User switching has been done by prosodyctl or init scripts for a very
long time now, so this is not needed.
Using this would not have worked with module reloading (e.g. to reload
certificates) since ports are closed and re-bound, which would then not
be allowed.
Today there exists better ways to grant low ports, i.e. capabilities(7)
<Zash> Why do we have this?
<MattJ> Remove it
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Aug 2020 19:48:47 +0200 |
| parent | 10628:25e178edbc2c |
| child | 11062:dd3b1b9d867d |
comparison
equal
deleted
inserted
replaced
| 11046:64713f21ff0e | 11047:93cdd1ece689 |
|---|---|
| 28 module:set_global(); -- we're a global module | 28 module:set_global(); -- we're a global module |
| 29 | 29 |
| 30 local umask = module:get_option_string("umask", "027"); | 30 local umask = module:get_option_string("umask", "027"); |
| 31 pposix.umask(umask); | 31 pposix.umask(umask); |
| 32 | 32 |
| 33 -- Allow switching away from root, some people like strange ports. | |
| 34 module:hook("server-started", function () | |
| 35 local uid = module:get_option("setuid"); | |
| 36 local gid = module:get_option("setgid"); | |
| 37 if gid then | |
| 38 local success, msg = pposix.setgid(gid); | |
| 39 if success then | |
| 40 module:log("debug", "Changed group to %s successfully.", gid); | |
| 41 else | |
| 42 module:log("error", "Failed to change group to %s. Error: %s", gid, msg); | |
| 43 prosody.shutdown("Failed to change group to %s", gid); | |
| 44 end | |
| 45 end | |
| 46 if uid then | |
| 47 local success, msg = pposix.setuid(uid); | |
| 48 if success then | |
| 49 module:log("debug", "Changed user to %s successfully.", uid); | |
| 50 else | |
| 51 module:log("error", "Failed to change user to %s. Error: %s", uid, msg); | |
| 52 prosody.shutdown("Failed to change user to %s", uid); | |
| 53 end | |
| 54 end | |
| 55 end); | |
| 56 | |
| 57 -- Don't even think about it! | 33 -- Don't even think about it! |
| 58 if not prosody.start_time then -- server-starting | 34 if not prosody.start_time then -- server-starting |
| 59 local suid = module:get_option("setuid"); | 35 if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then |
| 60 if not suid or suid == 0 or suid == "root" then | 36 module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!"); |
| 61 if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then | 37 module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root"); |
| 62 module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!"); | 38 prosody.shutdown("Refusing to run as root"); |
| 63 module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root"); | |
| 64 prosody.shutdown("Refusing to run as root"); | |
| 65 end | |
| 66 end | 39 end |
| 67 end | 40 end |
| 68 | 41 |
| 69 local pidfile; | 42 local pidfile; |
| 70 local pidfile_handle; | 43 local pidfile_handle; |
