# HG changeset patch # User Matthew Wild # Date 1283002308 -3600 # Node ID 482275e382249dad466dfd7be01b2e44af4efb7e # Parent 0e59b5cdd57b7e4f19ce26eb33cbf887f5ca5f28 util.pposix, prosodyctl, mod_posix: Add initgroups() function, and bump module version. prosodyctl inits groups with the groups of prosody_user. (thanks dbb) diff -r 0e59b5cdd57b -r 482275e38224 plugins/mod_posix.lua --- a/plugins/mod_posix.lua Fri Aug 27 18:33:45 2010 +0100 +++ b/plugins/mod_posix.lua Sat Aug 28 14:31:48 2010 +0100 @@ -7,7 +7,7 @@ -- -local want_pposix_version = "0.3.3"; +local want_pposix_version = "0.3.4"; local pposix = assert(require "util.pposix"); if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end diff -r 0e59b5cdd57b -r 482275e38224 prosodyctl --- a/prosodyctl Fri Aug 27 18:33:45 2010 +0100 +++ b/prosodyctl Sat Aug 28 14:31:48 2010 +0100 @@ -79,7 +79,7 @@ -- Switch away from root and into the prosody user -- local switched_user, current_uid; -local want_pposix_version = "0.3.3"; +local want_pposix_version = "0.3.4"; local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then @@ -91,6 +91,9 @@ local desired_group = config.get("*", "core", "prosody_group") or desired_user; local ok, err = pposix.setgid(desired_group); if ok then + ok, err = pposix.initgroups(desired_user); + end + if ok then ok, err = pposix.setuid(desired_user); if ok then -- Yay! diff -r 0e59b5cdd57b -r 482275e38224 util-src/pposix.c --- a/util-src/pposix.c Fri Aug 27 18:33:45 2010 +0100 +++ b/util-src/pposix.c Sat Aug 28 14:31:48 2010 +0100 @@ -13,7 +13,7 @@ * POSIX support functions for Lua */ -#define MODULE_VERSION "0.3.3" +#define MODULE_VERSION "0.3.4" #include #include @@ -359,6 +359,62 @@ return 2; } +int lc_initgroups(lua_State* L) +{ + int ret; + gid_t gid; + struct passwd *p; + + if(!lua_isstring(L, 1)) + { + lua_pushnil(L); + lua_pushstring(L, "invalid-username"); + return 2; + } + p = getpwnam(lua_tostring(L, 1)); + if(!p) + { + lua_pushnil(L); + lua_pushstring(L, "no-such-user"); + return 2; + } + if(lua_gettop(L) < 2) + lua_pushnil(L); + switch(lua_type(L, 2)) + { + case LUA_TNIL: + gid = p->pw_gid; + break; + case LUA_TNUMBER: + gid = lua_tointeger(L, 2); + break; + default: + lua_pushnil(L); + lua_pushstring(L, "invalid-gid"); + return 2; + } + ret = initgroups(lua_tostring(L, 1), gid); + switch(errno) + { + case 0: + lua_pushboolean(L, 1); + lua_pushnil(L); + break; + case ENOMEM: + lua_pushnil(L); + lua_pushstring(L, "no-memory"); + break; + case EPERM: + lua_pushnil(L); + lua_pushstring(L, "permission-denied"); + break; + default: + lua_pushnil(L); + lua_pushstring(L, "unknown-error"); + } + return 2; +} + int lc_umask(lua_State* L) { char old_mode_string[7]; @@ -517,6 +573,7 @@ { "setuid", lc_setuid }, { "setgid", lc_setgid }, + { "initgroups", lc_initgroups }, { "umask", lc_umask },