"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
gotwebd: allow to change the user
To:
gameoftrees@openbsd.org
Date:
Mon, 20 May 2024 15:26:41 +0200

Download raw body.

Thread
Admittedly this is mostly intended for -portable, since other systems
may not have a `www' user.  However, it can also be marginally useful
on OpenBSD too.  While gotwebd will chown the socket to the specified
user, it can also listen on a port which allows to run as a different
user.

thoughts?

diff /home/op/w/got
commit - c6458e88f5a9085ec9206a60b93a713138b9b2fa
path + /home/op/w/got
blob - 449626bea5142dd28150d6b7d4f526712840e040
file + gotwebd/gotwebd.c
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
@@ -272,6 +272,7 @@ main(int argc, char **argv)
 	int			 no_action = 0;
 	int			 server_proc = 0;
 	const char		*conffile = GOTWEBD_CONF;
+	const char		*username = GOTWEBD_DEFAULT_USER;
 	const char		*argv0;
 
 	if ((argv0 = argv[0]) == NULL)
@@ -331,9 +332,11 @@ main(int argc, char **argv)
 	if (geteuid())
 		fatalx("need root privileges");
 
-	pw = getpwnam(GOTWEBD_USER);
+	if (env->user)
+		username = env->user;
+	pw = getpwnam(username);
 	if (pw == NULL)
-		fatalx("unknown user %s", GOTWEBD_USER);
+		fatalx("unknown user %s", username);
 	env->pw = pw;
 
 	log_init(env->gotwebd_debug, LOG_DAEMON);
blob - 89f71710e8a0c0843273917b078dba8ab9a9b945
file + gotwebd/gotwebd.conf.5
--- gotwebd/gotwebd.conf.5
+++ gotwebd/gotwebd.conf.5
@@ -55,9 +55,9 @@ Set the path to the
 .Xr chroot 2
 environment of
 .Xr httpd 8 .
-If not specified then
-.Pa /var/www
-will be used.
+If not specified, it defaults to
+.Pa /var/www ,
+the home directory of the www user.
 .It Ic listen on Ar address Ic port Ar number
 Configure an address and port for incoming FastCGI connections.
 Valid
@@ -77,6 +77,12 @@ May be specified multiple times to build up a list of 
 Run the specified number of server processes.
 .Xr gotwebd 8
 runs 3 server processes by default.
+.It Ic user Ar user
+Set the
+.Ar user
+which will run
+.Xr gotwebd 8 .
+If not specified, the user www will be used.
 .El
 .Pp
 If no
blob - 79be23fd4a96aa9933e08e7578e6a97b51d844b8
file + gotwebd/gotwebd.h
--- gotwebd/gotwebd.h
+++ gotwebd/gotwebd.h
@@ -37,7 +37,9 @@
 /* GOTWEBD DEFAULTS */
 #define GOTWEBD_CONF		 "/etc/gotwebd.conf"
 
-#define GOTWEBD_USER		 "www"
+#ifndef GOTWEBD_DEFAULT_USER
+#define GOTWEBD_DEFAULT_USER	 "www"
+#endif
 
 #define GOTWEBD_MAXDESCRSZ	 1024
 #define GOTWEBD_MAXCLONEURLSZ	 1024
@@ -346,6 +348,7 @@ struct gotwebd {
 	struct socketlist	sockets;
 	struct addresslist	addresses;
 
+	char		*user;
 	const char	*gotwebd_conffile;
 
 	int		 gotwebd_debug;
blob - 90f1dfb2d5d488e436389ece78e9cebf0e84a4d5
file + gotwebd/parse.y
--- gotwebd/parse.y
+++ gotwebd/parse.y
@@ -114,7 +114,7 @@ typedef struct {
 %token	MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR
 %token	SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK RESPECT_EXPORTOK
 %token	SERVER CHROOT CUSTOM_CSS SOCKET
-%token	SUMMARY_COMMITS_DISPLAY SUMMARY_TAGS_DISPLAY
+%token	SUMMARY_COMMITS_DISPLAY SUMMARY_TAGS_DISPLAY USER
 
 %token	<v.string>	STRING
 %token	<v.number>	NUMBER
@@ -234,6 +234,12 @@ main		: PREFORK NUMBER {
 			}
 			free($4);
 		}
+		| USER STRING {
+			if (gotwebd->user != NULL)
+				yyerror("user already specified");
+			free(gotwebd->user);
+			gotwebd->user = $2;
+		}
 		;
 
 server		: SERVER STRING {
@@ -459,6 +465,7 @@ lookup(char *s)
 		{ "socket",			SOCKET },
 		{ "summary_commits_display",	SUMMARY_COMMITS_DISPLAY },
 		{ "summary_tags_display",	SUMMARY_TAGS_DISPLAY },
+		{ "user",			USER },
 	};
 	const struct keywords *p;