tProvide ability to drop privileges on start - partage - File upload system
(HTM) git clone git://git.z3bra.org/partage.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 9143f6b3f876591bd91ac2a883d1704be39da3a6
(DIR) parent d0302b9d7d7d65c177fa6d8b3982cb9f42480662
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Tue, 19 Oct 2021 09:42:00 +0200
Provide ability to drop privileges on start
Diffstat:
M partage.go | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/partage.go b/partage.go
t@@ -7,9 +7,11 @@ import (
"io/ioutil"
"net/http"
"os"
+ "os/user"
"time"
"path"
"syscall"
+ "strconv"
"path/filepath"
"html/template"
"encoding/json"
t@@ -32,6 +34,8 @@ type metadata struct {
var conf struct {
bind string
+ user string
+ group string
baseuri string
filepath string
metapath string
t@@ -218,6 +222,8 @@ func uploader(w http.ResponseWriter, r *http.Request) {
func main() {
flag.StringVar(&conf.bind, "bind", "0.0.0.0:8080", "Address to bind to (default: 0.0.0.0:8080)")
+ flag.StringVar(&conf.user, "user", "", "User to drop privileges to on startup (default: current user)")
+ flag.StringVar(&conf.group, "group", "", "Group to drop privileges to on startup (default: user's group)")
flag.StringVar(&conf.baseuri, "baseuri", "http://127.0.0.1:8080", "Base URI to use for links (default: http://127.0.0.1:8080)")
flag.StringVar(&conf.filepath, "filepath", "./files", "Path to save files to (default: ./files)")
flag.StringVar(&conf.metapath, "metapath", "./meta", "Path to save metadata to (default: ./meta)")
t@@ -235,6 +241,29 @@ func main() {
syscall.Chroot(conf.chroot)
}
+ if conf.user != "" {
+ u, err := user.Lookup(conf.user)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+
+ uid, _ := strconv.Atoi(u.Uid)
+ gid, _ := strconv.Atoi(u.Gid)
+
+ if conf.group != "" {
+ g, err := user.LookupGroup(conf.group)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ gid, _ = strconv.Atoi(g.Gid)
+ }
+
+ syscall.Setuid(uid)
+ syscall.Setgid(gid)
+ }
+
http.HandleFunc("/", uploader)
http.Handle(conf.filectx, http.StripPrefix(conf.filectx, http.FileServer(http.Dir(conf.filepath))))
http.ListenAndServe(conf.bind, nil)