From d28eb731a84b1bf18b90cdc3e8331336d56ca6d6 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <karlitschek@users.noreply.github.com>
Date: Mon, 15 Aug 2022 18:04:03 +0200
Subject: fix(occ): Make it possible to run as root

Signed-off-by: Frank Karlitschek <karlitschek@users.noreply.github.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 occ | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/occ b/occ
index b3fed16e82a..e4dcc80c9da 100755
--- a/occ
+++ b/occ
@@ -1,11 +1,33 @@
 #!/usr/bin/env php
 <?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
 /**
- * SPDX-FileCopyrightText: 2014 ownCloud, Inc.
- * SPDX-FileCopyrightText: 2014 Olivier Paroz
- * SPDX-FileCopyrightText: 2013 Thomas Müller <thomas.mueller@tmit.eu>
- * SPDX-License-Identifier: AGPL-3.0-only
+ * Drop privileges when run as root
  */
+function dropPrivileges(): void {
+	if (posix_getuid() !== 0) {
+		return;
+	}
+
+	$configPath = __DIR__ . '/config/config.php';
+	$uid = fileowner($configPath);
+	if ($uid === false) {
+		return;
+	}
+	$info = posix_getpwuid($uid);
+	if ($info === false) {
+		return;
+	}
+	posix_setuid($uid);
+	posix_setgid($info['gid']);
+}
 
-//$argv = $_SERVER['argv'];
+dropPrivileges();
 require_once __DIR__ . '/console.php';
-- 
cgit v1.2.3