]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 997d0bc)
Add -i flag allowing to run workers as root.
authorVsevolod Stakhov <vsevolod@rambler-co.ru>
Wed, 30 Nov 2011 16:32:25 +0000 (19:32 +0300)
committerVsevolod Stakhov <vsevolod@rambler-co.ru>
Wed, 30 Nov 2011 16:32:25 +0000 (19:32 +0300)
src/main.c patch | blob | history
src/util.c patch | blob | history

diff --git a/src/main.c b/src/main.c
index 03d3839cd6661e2fc9ac1874c4f06ac8ecaf3ef9..e16d9d5e0352239118d8932513e3f6ab2ed34f63 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -66,6 +66,7 @@ static gchar                   *rspamd_pidfile = NULL;
 static gboolean                 dump_vars = FALSE;
 static gboolean                 dump_cache = FALSE;
 static gboolean                 is_debug = FALSE;
+static gboolean                 is_insecure = FALSE;
 
 /* List of workers that are pending to start */
 static GList                   *workers_pending = NULL;
@@ -87,6 +88,7 @@ static GOptionEntry entries[] =
   { "dump-vars", 'V', 0, G_OPTION_ARG_NONE, &dump_vars, "Print all rspamd variables and exit", NULL },
   { "dump-cache", 'C', 0, G_OPTION_ARG_NONE, &dump_cache, "Dump symbols cache stats and exit", NULL },
   { "debug", 'd', 0, G_OPTION_ARG_NONE, &is_debug, "Force debug output", NULL },
+  { "insecure", 'i', 0, G_OPTION_ARG_NONE, &is_insecure, "Ignore running workers as privileged users (insecure)", NULL },
   { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
 };
 
@@ -202,26 +204,35 @@ detect_priv (struct rspamd_main *rspamd)
        euid = geteuid ();
 
        if (euid == 0) {
-               if (!rspamd->cfg->rspamd_user) {
-                       msg_err ("cannot run rspamd workers as root user, please add -u and -g options to select a proper unprivilleged user");
+               if (!rspamd->cfg->rspamd_user && !is_insecure) {
+                       msg_err ("cannot run rspamd workers as root user, please add -u and -g options to select a proper unprivilleged user or specify --insecure flag");
                        exit (EXIT_FAILURE);
                }
-
-               rspamd->is_privilleged = TRUE;
-               pwd = getpwnam (rspamd->cfg->rspamd_user);
-               if (pwd == NULL) {
-                       msg_err ("user specified does not exists (%s), aborting", strerror (errno));
-                       exit (-errno);
+               else if (is_insecure) {
+                       rspamd->is_privilleged = TRUE;
+                       rspamd->workers_uid = 0;
+                       rspamd->workers_gid = 0;
                }
-               if (rspamd->cfg->rspamd_group) {
-                       grp = getgrnam (rspamd->cfg->rspamd_group);
-                       if (grp == NULL) {
-                               msg_err ("group specified does not exists (%s), aborting", strerror (errno));
+               else {
+                       rspamd->is_privilleged = TRUE;
+                       pwd = getpwnam (rspamd->cfg->rspamd_user);
+                       if (pwd == NULL) {
+                               msg_err ("user specified does not exists (%s), aborting", strerror (errno));
                                exit (-errno);
                        }
-                       rspamd->workers_gid = grp->gr_gid;
+                       if (rspamd->cfg->rspamd_group) {
+                               grp = getgrnam (rspamd->cfg->rspamd_group);
+                               if (grp == NULL) {
+                                       msg_err ("group specified does not exists (%s), aborting", strerror (errno));
+                                       exit (-errno);
+                               }
+                               rspamd->workers_gid = grp->gr_gid;
+                       }
+                       else {
+                               rspamd->workers_gid = -1;
+                       }
+                       rspamd->workers_uid = pwd->pw_uid;
                }
-               rspamd->workers_uid = pwd->pw_uid;
        }
        else {
                rspamd->is_privilleged = FALSE;
@@ -238,7 +249,8 @@ drop_priv (struct rspamd_main *rspamd)
                        msg_err ("cannot setgid to %d (%s), aborting", (gint)rspamd->workers_gid, strerror (errno));
                        exit (-errno);
                }
-               if (initgroups (rspamd->cfg->rspamd_user, rspamd->workers_gid) == -1) {
+               if (rspamd->cfg->rspamd_user &&
+                               initgroups (rspamd->cfg->rspamd_user, rspamd->workers_gid) == -1) {
                        msg_err ("initgroups failed (%s), aborting", strerror (errno));
                        exit (-errno);
                }
diff --git a/src/util.c b/src/util.c
index 0fe899fe033a295a7f181d99f55e653f2a990ffc..4d2665f6b8eb9235e2b7c98a9ec0138f2677237f 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -408,6 +408,11 @@ write_pid (struct rspamd_main *main)
                return -1;
        }
 
+       if (main->is_privilleged) {
+               /* Force root user as owner of pid file */
+               fchown (main->pfh->pf_fd, 0, 0);
+       }
+
        rspamd_pidfile_write (main->pfh);
 
        return 0;
Rapid spam filtering system: https://github.com/rspamd/rspamd