socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system

This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.

Author: poettering

man/systemd.socket.xml

@@ -372,16 +372,21 @@
                         </varlistentry>
 
                         <varlistentry>
-                                <term><varname>DirectoryMode=</varname></term>
-                                <listitem><para>If listening on a file
-                                system socket or FIFO, the parent
-                                directories are automatically created
-                                if needed. This option specifies the
-                                file system access mode used when
-                                creating these directories. Takes an
-                                access mode in octal
-                                notation. Defaults to
-                                0755.</para></listitem>
+                                <term><varname>SocketUser=</varname></term>
+                                <term><varname>SocketGroup=</varname></term>
+
+                                <listitem><para>Takes a UNIX
+                                user/group name. When specified
+                                all AF_UNIX sockets and FIFO nodes in
+                                the file system are owned by the
+                                specified user and group. If unset
+                                (the default), the nodes are owned by
+                                the root user/group (if run in system
+                                context) or the invoking user/group
+                                (if run in user context). If only a
+                                user is specified but no group, then
+                                the group is derived from the user's
+                                default group.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
@@ -395,6 +400,19 @@
                                 0666.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><varname>DirectoryMode=</varname></term>
+                                <listitem><para>If listening on a file
+                                system socket or FIFO, the parent
+                                directories are automatically created
+                                if needed. This option specifies the
+                                file system access mode used when
+                                creating these directories. Takes an
+                                access mode in octal
+                                notation. Defaults to
+                                0755.</para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><varname>Accept=</varname></term>
                                 <listitem><para>Takes a boolean

src/core/dbus-socket.c

@@ -91,8 +91,10 @@ const sd_bus_vtable bus_socket_vtable[] = {
         SD_BUS_PROPERTY("Backlog", "u", bus_property_get_unsigned, offsetof(Socket, backlog), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("TimeoutUSec", "t", bus_property_get_usec, offsetof(Socket, timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("BindToDevice", "s", NULL, offsetof(Socket, bind_to_device), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Socket, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("SocketUser", "s", NULL, offsetof(Socket, user), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("SocketGroup", "s", NULL, offsetof(Socket, group), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("SocketMode", "u", bus_property_get_mode, offsetof(Socket, socket_mode), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Socket, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("Accept", "b", bus_property_get_bool, offsetof(Socket, accept), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("KeepAlive", "b", bus_property_get_bool, offsetof(Socket, keep_alive), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("Priority", "i", bus_property_get_int, offsetof(Socket, priority), SD_BUS_VTABLE_PROPERTY_CONST),

src/core/load-fragment-gperf.gperf.m4

@@ -221,8 +221,10 @@ Socket.ExecStartPost,            config_parse_exec,                  SOCKET_EXEC
 Socket.ExecStopPre,              config_parse_exec,                  SOCKET_EXEC_STOP_PRE,          offsetof(Socket, exec_command)
 Socket.ExecStopPost,             config_parse_exec,                  SOCKET_EXEC_STOP_POST,         offsetof(Socket, exec_command)
 Socket.TimeoutSec,               config_parse_sec,                   0,                             offsetof(Socket, timeout_usec)
-Socket.DirectoryMode,            config_parse_mode,                  0,                             offsetof(Socket, directory_mode)
+Socket.SocketUser,               config_parse_unit_string_printf,    0,                             offsetof(Socket, user)
+Socket.SocketGroup,              config_parse_unit_string_printf,    0,                             offsetof(Socket, group)
 Socket.SocketMode,               config_parse_mode,                  0,                             offsetof(Socket, socket_mode)
+Socket.DirectoryMode,            config_parse_mode,                  0,                             offsetof(Socket, directory_mode)
 Socket.Accept,                   config_parse_bool,                  0,                             offsetof(Socket, accept)
 Socket.MaxConnections,           config_parse_unsigned,              0,                             offsetof(Socket, max_connections)
 Socket.KeepAlive,                config_parse_bool,                  0,                             offsetof(Socket, keep_alive)