Implemented user/user.group specification in config.

refs #1464

Implemented user/user.group specification in config.
81f79ec6 · Marek Vavrusa · 8781f9f6 · 81f79ec6 · 81f79ec6 · 81f79ec6
Commit 81f79ec6 authored 13 years ago by Marek Vavrusa
--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -28,6 +28,10 @@ system {
  # This option is used to force number of threads used per interface
  # Default: unset (auto-estimates optimal value from the number of online CPUs)
  workers 1;
+
+  # User for running server
+  # May also specify user.group (f.e. knot.users)
+  user: root;
 }

 # Section 'keys' contains list of TSIG keys

--- a/src/knot/conf/cf-lex.l
+++ b/src/knot/conf/cf-lex.l
@@ -73,6 +73,7 @@ xfr-out         { lval.t = yytext; return XFR_OUT; }
 notify-in       { lval.t = yytext; return NOTIFY_IN; }
 notify-out      { lval.t = yytext; return NOTIFY_OUT; }
 workers         { lval.t = yytext; return WORKERS; }
+user            { lval.t = yytext; return USER; }

 interfaces      { lval.t = yytext; return INTERFACES; }
 address         { lval.t = yytext; return ADDRESS; }

--- a/src/knot/conf/cf-parse.y
+++ b/src/knot/conf/cf-parse.y
@@ -10,6 +10,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <pwd.h>
+#include <grp.h>
 #include "libknot/dname.h"
 #include "knot/conf/conf.h"
 #include "libknotd_la-cf-parse.h" /* Automake generated header. */
@@ -156,6 +158,7 @@ static int conf_key_add(void *scanner, knot_key_t **key, char *item)
 %token <tok> SYSTEM IDENTITY VERSION STORAGE KEY KEYS
 %token <tok> TSIG_ALGO_NAME
 %token <tok> WORKERS
+%token <tok> USER

 %token <tok> REMOTES

@@ -277,6 +280,33 @@ system:
        new_config->workers = $3.i;
     }
 }
+ | system USER TEXT ';' {
+     char buf[512];
+     new_config->uid = new_config->gid = -1; // Invalidate
+     char* dpos = strchr($3.t, '.'); // Find uid.gid format
+     if (dpos != NULL) {
+        struct group *grp = getgrnam(dpos + 1); // Skip dot
+        if (grp != NULL) {
+          new_config->gid = grp->gr_gid;
+        } else {
+          snprintf(buf, sizeof(buf), "invalid group name '%s'", dpos + 1);
+          cf_error(scanner, buf);
+        }
+        *dpos = '\0'; // Cut off
+     }
+     struct passwd* pwd = getpwnam($3.t);
+     if (pwd != NULL) {
+       new_config->uid = pwd->pw_uid;
+       if (new_config->gid < 0) { // Fill default gid if not already set
+         new_config->gid = pwd->pw_gid;
+       }
+     } else {
+       snprintf(buf, sizeof(buf), "invalid user name '%s'", $3.t);
+       cf_error(scanner, buf);
+     }
+     
+     free($3.t);
+ }
 ;

 keys:

--- a/src/knot/conf/conf.c
+++ b/src/knot/conf/conf.c
@@ -445,6 +445,8 @@ conf_t *conf_new(const char* path)
 	c->notify_timeout = CONFIG_NOTIFY_TIMEOUT;
 	c->dbsync_timeout = CONFIG_DBSYNC_TIMEOUT;
 	c->ixfr_fslimit = -1;
+	c->uid = -1;
+	c->gid = -1;

 	return c;
 }

--- a/src/knot/conf/conf.h
+++ b/src/knot/conf/conf.h
@@ -155,6 +155,8 @@ typedef struct conf_t {
 	char *storage;  /*!< Persistent storage path for databases and such. */
 	char *pidfile;  /*!< PID file path. */
 	int   workers;  /*!< Number of workers per interface. */
+	int   uid;      /*!< Specified user id. */
+	int   gid;      /*!< Specified group id. */

 	/*
 	 * Log