# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1598291327 -7200
# Node ID 93cdd1ece6892b1ae3dfc0ad29336aff9891f581
# Parent  64713f21ff0e9feacb2ff2e6faf7e2fed4ebdda7
mod_posix: Remove ancient undocumented user switching

User switching has been done by prosodyctl or init scripts for a very
long time now, so this is not needed.

Using this would not have worked with module reloading (e.g. to reload
certificates) since ports are closed and re-bound, which would then not
be allowed.

Today there exists better ways to grant low ports, i.e. capabilities(7)

<Zash> Why do we have this?
<MattJ> Remove it

diff -r 64713f21ff0e -r 93cdd1ece689 plugins/mod_posix.lua
--- a/plugins/mod_posix.lua	Mon Aug 24 17:28:48 2020 +0200
+++ b/plugins/mod_posix.lua	Mon Aug 24 19:48:47 2020 +0200
@@ -30,39 +30,12 @@
 local umask = module:get_option_string("umask", "027");
 pposix.umask(umask);
 
--- Allow switching away from root, some people like strange ports.
-module:hook("server-started", function ()
-	local uid = module:get_option("setuid");
-	local gid = module:get_option("setgid");
-	if gid then
-		local success, msg = pposix.setgid(gid);
-		if success then
-			module:log("debug", "Changed group to %s successfully.", gid);
-		else
-			module:log("error", "Failed to change group to %s. Error: %s", gid, msg);
-			prosody.shutdown("Failed to change group to %s", gid);
-		end
-	end
-	if uid then
-		local success, msg = pposix.setuid(uid);
-		if success then
-			module:log("debug", "Changed user to %s successfully.", uid);
-		else
-			module:log("error", "Failed to change user to %s. Error: %s", uid, msg);
-			prosody.shutdown("Failed to change user to %s", uid);
-		end
-	end
-end);
-
 -- Don't even think about it!
 if not prosody.start_time then -- server-starting
-	local suid = module:get_option("setuid");
-	if not suid or suid == 0 or suid == "root" then
-		if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
-			module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
-			module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
-			prosody.shutdown("Refusing to run as root");
-		end
+	if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
+		module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
+		module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
+		prosody.shutdown("Refusing to run as root");
 	end
 end