[patch] changing uid of the server
Michael Scherer
misc at mandriva.org
Wed Sep 19 13:47:03 UTC 2007
Selon Michael Scherer <misc at mandriva.org>:
> Hi,
>
> I think it would be nice to be able to change uid of djabberd after the
> various
> ports have been opened, in order to enhance security.
>
> Since no one has done it before, here is a quick patch against trunk.
> It add a -u/--uid option to specify the user ( uid or username ), and a
> corresponding option.
>
> The uid is changed after opening all sockets, like most daemons does.
> I have done some basic testing, but I didn't deployed yet.
>
> Any comments on it ?
> And if this is ok, can someone with proper access commit it on trunk ?
>
> ( and also suggest how this can be tested, because running test as root is
> dangerous and should be avoided ).
Ok, doing more test showed me two problem :
1) the code dealing with pidfile is wrong, the chown call was wrong. ididn't
checked.
2) when creating a pid file, the file is created with a umask of 777 ( and
that's why i didn't see the problem of chown ). I propose to force 0644 on it.
Here is two patch, a fixed version of previous one ( that was not sent, sorry )
and one for problem 2.
--
Michael Scherer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: djabberd.no_rw_for_all.diff
Type: text/x-patch
Size: 406 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/djabberd/attachments/20070919/cbfa5ef6/djabberd.no_rw_for_all-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: djabberd.uid.diff
Type: text/x-patch
Size: 2436 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/djabberd/attachments/20070919/cbfa5ef6/djabberd.uid-0001.bin
More information about the Djabberd
mailing list