From: Omar Polo Subject: gotwebd: allow to change the user To: gameoftrees@openbsd.org Date: Mon, 20 May 2024 15:26:41 +0200 Admittedly this is mostly intended for -portable, since other systems may not have a `www' user. However, it can also be marginally useful on OpenBSD too. While gotwebd will chown the socket to the specified user, it can also listen on a port which allows to run as a different user. thoughts? diff /home/op/w/got commit - c6458e88f5a9085ec9206a60b93a713138b9b2fa path + /home/op/w/got blob - 449626bea5142dd28150d6b7d4f526712840e040 file + gotwebd/gotwebd.c --- gotwebd/gotwebd.c +++ gotwebd/gotwebd.c @@ -272,6 +272,7 @@ main(int argc, char **argv) int no_action = 0; int server_proc = 0; const char *conffile = GOTWEBD_CONF; + const char *username = GOTWEBD_DEFAULT_USER; const char *argv0; if ((argv0 = argv[0]) == NULL) @@ -331,9 +332,11 @@ main(int argc, char **argv) if (geteuid()) fatalx("need root privileges"); - pw = getpwnam(GOTWEBD_USER); + if (env->user) + username = env->user; + pw = getpwnam(username); if (pw == NULL) - fatalx("unknown user %s", GOTWEBD_USER); + fatalx("unknown user %s", username); env->pw = pw; log_init(env->gotwebd_debug, LOG_DAEMON); blob - 89f71710e8a0c0843273917b078dba8ab9a9b945 file + gotwebd/gotwebd.conf.5 --- gotwebd/gotwebd.conf.5 +++ gotwebd/gotwebd.conf.5 @@ -55,9 +55,9 @@ Set the path to the .Xr chroot 2 environment of .Xr httpd 8 . -If not specified then -.Pa /var/www -will be used. +If not specified, it defaults to +.Pa /var/www , +the home directory of the www user. .It Ic listen on Ar address Ic port Ar number Configure an address and port for incoming FastCGI connections. Valid @@ -77,6 +77,12 @@ May be specified multiple times to build up a list of Run the specified number of server processes. .Xr gotwebd 8 runs 3 server processes by default. +.It Ic user Ar user +Set the +.Ar user +which will run +.Xr gotwebd 8 . +If not specified, the user www will be used. .El .Pp If no blob - 79be23fd4a96aa9933e08e7578e6a97b51d844b8 file + gotwebd/gotwebd.h --- gotwebd/gotwebd.h +++ gotwebd/gotwebd.h @@ -37,7 +37,9 @@ /* GOTWEBD DEFAULTS */ #define GOTWEBD_CONF "/etc/gotwebd.conf" -#define GOTWEBD_USER "www" +#ifndef GOTWEBD_DEFAULT_USER +#define GOTWEBD_DEFAULT_USER "www" +#endif #define GOTWEBD_MAXDESCRSZ 1024 #define GOTWEBD_MAXCLONEURLSZ 1024 @@ -346,6 +348,7 @@ struct gotwebd { struct socketlist sockets; struct addresslist addresses; + char *user; const char *gotwebd_conffile; int gotwebd_debug; blob - 90f1dfb2d5d488e436389ece78e9cebf0e84a4d5 file + gotwebd/parse.y --- gotwebd/parse.y +++ gotwebd/parse.y @@ -114,7 +114,7 @@ typedef struct { %token MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR %token SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK RESPECT_EXPORTOK %token SERVER CHROOT CUSTOM_CSS SOCKET -%token SUMMARY_COMMITS_DISPLAY SUMMARY_TAGS_DISPLAY +%token SUMMARY_COMMITS_DISPLAY SUMMARY_TAGS_DISPLAY USER %token STRING %token NUMBER @@ -234,6 +234,12 @@ main : PREFORK NUMBER { } free($4); } + | USER STRING { + if (gotwebd->user != NULL) + yyerror("user already specified"); + free(gotwebd->user); + gotwebd->user = $2; + } ; server : SERVER STRING { @@ -459,6 +465,7 @@ lookup(char *s) { "socket", SOCKET }, { "summary_commits_display", SUMMARY_COMMITS_DISPLAY }, { "summary_tags_display", SUMMARY_TAGS_DISPLAY }, + { "user", USER }, }; const struct keywords *p;