+1999-03-05 Nathan Bryant <bryant@cs.usm.maine.edu>
+ * sysdep.c: add undocumented -r flag to citserver to prevent it from
+ dropping root permissions.
+
+1999-03-04 Nathan Bryant <bryant@cs.usm.maine.edu>
+ * config.c: error checking in put_config()
+ * setup.c: chgrp files to the login group associated with BBSUID
+ * sysdep.c: copyright 1987-1999; drop root perms; load modules and call
+ master_startup() after dropping perms
+
Wed Mar 3 00:00:55 EST 1999 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
* Prevent buffer overruns in lowercase_name in [get|put]user()
* client_chat.c: use citedit() for page composition
struct utsname my_utsname;
struct passwd *pw;
struct hostent *he;
+ gid_t gid;
/* set an invalid setup type */
setup_type = (-1);
check_services_entry(); /* Check /etc/services */
check_inittab_entry(); /* Check /etc/inittab */
+ if ((pw = getpwuid(config.c_bbsuid)) == NULL)
+ gid = getgid();
+ else
+ gid = pw->pw_gid;
+
progress("Setting file permissions", 0, 3);
- chown(".", config.c_bbsuid, getgid());
+ chown(".", config.c_bbsuid, gid);
progress("Setting file permissions", 1, 3);
- chown("citadel.config", config.c_bbsuid, getgid());
+ chown("citadel.config", config.c_bbsuid, gid);
progress("Setting file permissions", 2, 3);
- sprintf(aaa, "find . -exec chown %d {} \\; 2>/dev/null",
- config.c_bbsuid);
+ sprintf(aaa, "find . -exec chown %d:%d {} \\; 2>/dev/null",
+ config.c_bbsuid, gid);
system(aaa);
progress("Setting file permissions", 3, 3);
char convbuf[128];
fd_set readfds;
struct timeval tv;
+ struct passwd *pw;
+ int drop_root_perms = 1;
/* specify default port name and trace file */
strcpy(tracefile, "");
home_specified = 1;
}
+ /* -r tells the server not to drop root permissions. don't use
+ * this unless you know what you're doing. this should be
+ * removed in the next release if it proves unnecessary. */
+ else if (!strcmp(argv[a], "-r"))
+ drop_root_perms = 0;
+
/* any other parameter makes it crash and burn */
else {
lprintf(1, "citserver: usage: ");
/* Tell 'em who's in da house */
lprintf(1, "Multithreaded message server for %s\n", CITADEL);
- lprintf(1, "Copyright (C) 1987-1998 by Art Cancro. ");
+ lprintf(1, "Copyright (C) 1987-1999 by Art Cancro. ");
lprintf(1, "All rights reserved.\n\n");
/* Initialize... */
lprintf(7, "Loading citadel.config\n");
get_config();
- lprintf(7, "Initializing loadable modules\n");
- DLoader_Init("./modules");
- lprintf(9, "Modules done initializing.\n");
-
- /* Do non system dependent startup functions */
- master_startup();
-
/*
* Bind the server to our favourite port.
* There is no need to check for errors, because ig_tcp_server()
lprintf(7, "Listening on socket %d\n", msock);
/*
- * Now that we've bound the socket, change to the BBS user id
- lprintf(7, "Changing uid to %d\n", BBSUID);
- if (setuid(BBSUID) != 0) {
- lprintf(3, "setuid() failed: %s", strerror(errno));
+ * Now that we've bound the socket, change to the BBS user id and its
+ * corresponding group id
+ */
+ if (drop_root_perms) {
+ if ((pw = getpwuid(BBSUID)) == NULL)
+ lprintf(1, "getpwuid(%d): %s\n", BBSUID,
+ strerror(errno));
+ else if (setgid(pw->pw_gid))
+ lprintf(3, "setgid(%d): %s\n", pw->pw_gid,
+ strerror(errno));
+ lprintf(7, "Changing uid to %d\n", BBSUID);
+ if (setuid(BBSUID) != 0) {
+ lprintf(3, "setuid() failed: %s\n", strerror(errno));
+ }
}
+
+ lprintf(7, "Initializing loadable modules\n");
+ DLoader_Init("./modules");
+ lprintf(9, "Modules done initializing.\n");
+
+ /*
+ * Do non system dependent startup functions.
*/
+ master_startup();
/*
* Endless loop. Listen on the master socket. When a connection