Able to change gid

closes #6

CHANGELOG

@@ -1,4 +1,5 @@
 0.13.5
+- Added --gid option to change gid
 
 0.13.4
 - Workaround API breaking in PyQt

configuration.c

@@ -41,6 +41,7 @@ weborf_configuration_t weborf_conf=    {
     .port = PORT,
     .basedir=BASEDIR,
     .uid = ROOTUID,
+    .gid = ROOTGID,
 
 #ifdef SEND_MIMETYPES
     .send_content_type = false,
@@ -176,6 +177,7 @@ void configuration_load(int argc, char *argv[]) {
         {"port", required_argument, 0, 'p'},
         {"ip", required_argument, 0, 'i'},
         {"uid", required_argument, 0, 'u'},
+        {"gid", required_argument, 0, 'g'},
         {"daemonize", no_argument, 0, 'd'},
         {"basedir", required_argument, 0, 'b'},
         {"index", required_argument, 0, 'I'},
@@ -197,7 +199,7 @@ void configuration_load(int argc, char *argv[]) {
         option_index = 0;
 
         //Reading one option and telling what options are allowed and what needs an argument
-        c = getopt_long(argc, argv, "ktTMmvhp:i:I:u:dxb:a:V:c:C:", long_options,
+        c = getopt_long(argc, argv, "ktTMmvhp:i:I:u:g:dxb:a:V:c:C:", long_options,
                         &option_index);
 
         //If there are no options it continues
@@ -250,6 +252,9 @@ void configuration_load(int argc, char *argv[]) {
         case 'u':
             weborf_conf.uid = strtol(optarg, NULL, 0);
             break;
+        case 'g':
+            weborf_conf.gid = strtol(optarg, NULL, 0);
+            break;
         case 'd':
             daemonize();
             break;

daemon/weborf

@@ -82,7 +82,7 @@ function startWeborf {
     if test -z "$virtuals"
     then
         echo "Starting weborf"
-        nohup $DAEMON $DAEMON_OPTS $CACHE_DIR $AUTH_SOCKET $MIME $CGI $CGI_BIN -p80 -u $USERID -b $BASEDIR -I $INDEXES >/dev/null 2> /dev/null &
+        nohup $DAEMON $DAEMON_OPTS $CACHE_DIR $AUTH_SOCKET $MIME $CGI $CGI_BIN -p80 -u $USERID -g $GROUPID -b $BASEDIR -I $INDEXES >/dev/null 2> /dev/null &
         echo ${!} >> $PIDFILE # Writes PID so weborf can be terminated
     else #Virtual hosts
 
@@ -133,8 +133,10 @@ if [ -f /etc/default/$NAME ] ; then
 fi
 
 USERNAME=`cat /etc/weborf.conf | egrep "^user=" | cut -d= -f2`
+GROUPNAME=`cat /etc/weborf.conf | egrep "^group=" | cut -d= -f2`
 BASEDIR=`cat /etc/weborf.conf | egrep "^basedir=" | cut -d= -f2`
 USERID=`cat /etc/passwd | fgrep $USERNAME | cut -d: -f3` #Gets the userid
+GROUPID=$(egrep ^"$GROUPNAME" < /etc/group | cut -d: -f3)
 INDEXES=`cat /etc/weborf.conf | egrep "^indexes=" | cut -d= -f2`
 USE_CGI=`cat /etc/weborf.conf | egrep "^use-cgi=" | cut -d= -f2`
 USE_MIME=`cat /etc/weborf.conf | egrep "^use-mime=" | cut -d= -f2`
@@ -185,7 +187,12 @@ then
     MIME="-m"
 fi
 
-if test -z $USERID
+if [ -z "$GROUPID" ]; then
+    echo "Unable to find group $GROUPNAME"
+    exit 1
+fi
+
+if test -z "$USERID"
 then
     echo "Unable to find user $USERNAME"
     echo "Check your configuration"

listener.c

@@ -154,6 +154,7 @@ int main(int argc, char *argv[]) {
     s = net_create_server_socket();
     net_bind_and_listen(s);
 
+    set_new_gid(weborf_conf.gid);
     set_new_uid(weborf_conf.uid);
 
     //init the queue for opened sockets
@@ -222,6 +223,24 @@ void set_new_uid(int uid) {
     }
 }
 
+void set_new_gid(int gid) {
+    //Changes UID.
+    if (gid != ROOTGID) {
+        if (setgid(gid) == 0) {
+            //gid changed correctly
+#ifdef SERVERDBG
+            syslog(LOG_INFO, "Changed gid. New one is %d", gid);
+#endif
+        } else {
+            //Not enough permissions i guess...
+#ifdef SERVERDBG
+            syslog(LOG_ERR, "Unable to change gid.");
+#endif
+            perror("Unable to change gid");
+            exit(9);
+        }
+    }
+}
 
 /**
 This function, executed as a thread, terminates threads if there are too much free threads.

listener.h

@@ -33,5 +33,6 @@ void *t_shape(void *nulla);
 void set_authsocket(char *);
 void chn_thread_count(int val);
 void set_new_uid(int uid);
+void set_new_gid(int gid);
 
 #endif

options.h.in

@@ -30,6 +30,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 //----------System
 #define ROOTUID 0               //Uid for superuser
+#define ROOTGID 0
 
 //----------Network
 #define MAXQ 40                 //Queue for connect requests

types.h

@@ -103,6 +103,7 @@ typedef struct {
     char *basedir;
     char* authsock;             //Executable that will authenticate
     uid_t uid;                  //Uid to use after bind
+    gid_t gid;                  //gid to use after bind
 #ifdef SEND_MIMETYPES
     bool send_content_type;     //True if we want to send the content type
 #endif

utils.c

@@ -257,8 +257,9 @@ void help() {
            "  -p, --port    followed by port number to listen\n"
            "  -T  --inetd   must be specified when using weborf with inetd or xinetd\n"
            "  -t  --tar     will send the directories as .tar.gz files\n"
-           "  -u,           followed by a valid uid\n"
+           "  -u  --uid     followed by a valid uid\n"
            "                If started by root weborf will use this user to read files and execute scripts\n"
+           "  -g  --gid     followed by a valid gid\n"
            "  -V, --virtual list of virtualhosts in the form host=basedir, comma-separated\n"
            "  -v, --version print program version\n"
            "  -x, --noexec  tells weborf to send each file instead of executing scripts\n\n"

weborf.1

@@ -88,9 +88,13 @@ Weborf will try to load an index file following the order they're listed, and if
 In /etc/weborf.conf there is an 'indexes' directive, corresponding to this option. It is used when launching weborf as SystemV daemon.
 
 .TP
-.B \-u
+.B \-u, \-\-uid
 Must be followed by a valid uid, different from 0. Weborf will use this user to do his work, but will bind to the network port with the previous user. This mechanism is meant to let users execute it as root and use port 80, and then let it run without root privileges.
 
+.TP
+.B \-g, \-\-gid
+Must be followed by a valid gid, different from 0. Weborf will use this user to do his work, but will bind to the network port before changing.
+
 .TP
 .B \-d
 Runs weborf as a daemon. It will not terminate when its father process terminates, and it will leave the shell free to receive commands.

weborf.conf

@@ -23,6 +23,7 @@ use-mime=true
 
 # User that will be used to run the process. If it is not set, the user will be root!
 user=www-data
+group=www-data
 
 # Directory that will be used for the cached files
 cachedir=/var/cache/weborf

weborf.conf.5

@@ -57,6 +57,10 @@ Will set the path of the directory used for caching
 .B user
 Username of the user that will run the webserver. On debian this is usually www-data.
 
+.TP
+.B group
+Groupname of the group that will run the webserver. On debian this is usually www-data.
+
 .TP
 .B virtual
 This directive is used to enable virtualhosts. One line is needed for each port.