Add support for Mojolicious::Plugin::SetUserGroup

jhthorsen · Apr 27, 2015 · 86bbf99 · 86bbf99
1 parent e9c4d18
commit 86bbf99
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 6 deletions.
diff --git a/Changes b/Changes
@@ -1,5 +1,8 @@
 Revision history for perl distribution Toadfarm
 
+0.55 Not Released
+ - Add support for Mojolicious::Plugin::SetUserGroup
+
 0.54 2015-04-26T23:32:44+0200
  - Add run_as()
  - Unable to change user/group without setting TOADFARM_INSECURE=1

diff --git a/lib/Toadfarm.pm b/lib/Toadfarm.pm
@@ -124,6 +124,11 @@ Reload Hypnotoad with a L<GitHub push hook|https://help.github.com/articles/abou
 
 Kill Hypnotoad workers if they grow too large.
 
+=item * L<Mojolicious::Plugin::SetUserGroup>
+
+Start as root, run workers as less user. See also
+L<Toadfarm::Manual::RunningToadfarm/Listen to standard HTTP ports>.
+
 =back
 
 =head1 PREVIOUS VERSIONS
@@ -219,10 +224,14 @@ sub startup {
 
 sub _die_on_insecure {
   my ($class, $app) = @_;
+  my $config = $app->config;
+  my $plugins = $config->{plugins} || [];
 
-  die "Cannot change user without TOADFARM_INSECURE=1"   if $app->config->{hypnotoad}{user};
-  die "Cannot change group without TOADFARM_INSECURE=1"  if $app->config->{hypnotoad}{group};
-  die "Cannot run as 'root' without TOADFARM_INSECURE=1" if $> == 0 or $< == 0;
+  die "Cannot change user without TOADFARM_INSECURE=1"  if $config->{hypnotoad}{user};
+  die "Cannot change group without TOADFARM_INSECURE=1" if $config->{hypnotoad}{group};
+  die "Cannot run as 'root' without TOADFARM_INSECURE=1"
+    if +($> == 0 or $< == 0)
+    and !grep {/\bSetUserGroup$/} @$plugins;
 }
 
 sub _exit { say shift and exit 0 }

diff --git a/lib/Toadfarm/Manual/RunningToadfarm.pod b/lib/Toadfarm/Manual/RunningToadfarm.pod
@@ -113,9 +113,13 @@ C<toadfarm> as a normal user instead of "root".
 
 (You need to replace "eth0" with the appropriate interface)
 
-Note that you should never start C<toadfarm> as "root" because of security
-considerations and that changing user/group will probably be deprecated in
-L<Mojo::Server>.
+You need to use L<Mojolicious::Plugin::SetUserGroup> if you want to start
+L<Toadfarm> as root and then change to a less priviledged used in the workers.
+Example:
+
+  # logging, mount, ...
+  plugin SetUserGroup => {user => "www-data"};
+  start ["http://*:80"];
 
 =head1 SEE ALSO
 

diff --git a/t/change-user.t b/t/change-user.t
@@ -16,6 +16,12 @@ like $@, qr{Cannot change group without TOADFARM_INSECURE=1}, 'Cannot change gro
 if ($> == 0) {
   eval { start ['http://*:80'], group => undef, user => undef };
   like $@, qr{Cannot run as 'root' without TOADFARM_INSECURE=1}, 'Cannot run as root';
+
+  eval "package Mojolicious::Plugin::SetUserGroup; use Mojo::Base 'Mojolicious::Plugin'; sub register {}; 1" or die $@;
+  plugin 'SetUserGroup';
+  eval { start ['http://*:80'], group => undef, user => undef };
+  $@ ||= '';
+  is $@, '', 'Can start as root when SetUserGroup is loaded';
 }
 
 done_testing;