procer and non-root profile directories
- From:
- Ed Marshall
- Date:
- 2010-10-04 @ 21:47
So, I noticed that chowning the profile directory causes procer to run as
another user. Awesome. :)
Except that it tries to redirect output to run.log after dropping privs,
which didn't work so well. Moving redirect_output() in procer.c just above
Unixy_drop_priv() seems to fix that issue, but I'd love to know if I've
simply created a new problem for myself.
--
Ed Marshall <esm@logic.net>
Felix qui potuit rerum cognoscere causas.
http://esm.logic.net/
--- procer.c.orig 2010-10-04 16:20:16.000000000 -0400
+++ procer.c 2010-10-04 16:18:45.000000000 -0400
@@ -42,6 +42,8 @@
check(pid >= 0, "Fork failed, WTF. How can fork fail?");
if(pid == 0) {
+ redirect_output("run.log");
+
rc = Unixy_drop_priv(action->profile_dir);
if(rc != 0) {
@@ -49,8 +51,6 @@
bdata(action->name));
}
- redirect_output("run.log");
-
rc = execle(bdata(prof->command), bdata(prof->command), NULL, environ);
check(rc != -1, "Failed to exec command: %s", bdata(prof->command));
} else {
Re: [mongrel2] procer and non-root profile directories
- From:
- Zed A. Shaw
- Date:
- 2010-10-05 @ 01:49
On Mon, Oct 04, 2010 at 04:47:18PM -0500, Ed Marshall wrote:
> So, I noticed that chowning the profile directory causes procer to run as
> another user. Awesome. :)
>
> Except that it tries to redirect output to run.log after dropping privs,
> which didn't work so well. Moving redirect_output() in procer.c just above
> Unixy_drop_priv() seems to fix that issue, but I'd love to know if I've
> simply created a new problem for myself.
Hmm, that's probably a happy accident. I'll look at this patch and
update.
--
Zed A. Shaw
http://zedshaw.com/