Package: approx Version: 2.8.0-ol1 Severity: wishlist Tags: patch Please, allow running of approx daemon as another user. I use attached patch, and it works for me.
-- System Information: Debian Release: 4.0 APT prefers stable APT policy: (900, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Versions of packages approx depends on: ii adduser 3.102 Add and remove users and groups ii bzip2 1.0.3-6 high-quality block-sorting file co ii curl 7.15.5-1 Get a file from an HTTP, HTTPS, FT ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip approx recommends no packages. -- no debconf information -- Alexandra N. Kossovsky OKTET Labs (http://www.oktetlabs.ru/) Phones: +7(921)956-42-86(mobile) +7(812)783-21-91(office) e-mail: [EMAIL PROTECTED]
diff -u -r approx-2.8.0.debian/approx.ml approx-2.8.0/approx.ml --- approx-2.8.0.debian/approx.ml 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/approx.ml 2007-05-14 16:35:58.000000000 +0400 @@ -52,6 +52,8 @@ info_message "Interval:%s%s" (units "hour" (interval / 60)) (units "minute" (interval mod 60)); info_message "Max wait: %d" max_wait; + info_message "Username: %s" user; + info_message "Groupname: %s" group; info_message "Debug: %B" debug let http_time t = @@ -514,7 +516,7 @@ try Sys.chdir cache_dir; print_config (); - Server.main ~user: "approx" ~interface port proxy_service + Server.main ~user ~group ~interface port proxy_service with e -> exception_message e; exit 1 diff -u -r approx-2.8.0.debian/debian/changelog approx-2.8.0/debian/changelog --- approx-2.8.0.debian/debian/changelog 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/debian/changelog 2007-05-14 16:09:33.000000000 +0400 @@ -1,3 +1,9 @@ +approx (2.8.0-ol1) unstable; urgency=low + + * Allow username specification via config. + + -- Alexandra N. Kossovsky <[EMAIL PROTECTED]> Mon, 14 May 2007 16:09:03 +0400 + approx (2.8.0) unstable; urgency=low * Make sure syslog messages are newline-terminated for syslog-ng diff -u -r approx-2.8.0.debian/default_config.ml approx-2.8.0/default_config.ml --- approx-2.8.0.debian/default_config.ml 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/default_config.ml 2007-05-14 16:26:20.000000000 +0400 @@ -14,4 +14,6 @@ let interval = get_int "interval" ~default: 720 (* minutes *) let max_wait = get_int "max_wait" ~default: 10 (* seconds *) let max_rate = get "max_rate" ~default: "unlimited" +let user = get "user" ~default: "approx" +let group = get "group" ~default: "approx" let debug = get_bool "debug" ~default: false diff -u -r approx-2.8.0.debian/default_config.mli approx-2.8.0/default_config.mli --- approx-2.8.0.debian/default_config.mli 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/default_config.mli 2007-05-14 16:26:01.000000000 +0400 @@ -10,4 +10,6 @@ val interval : int (* minutes *) val max_wait : int (* seconds *) val max_rate : string (* bytes/second with optional K, M, or G suffix *) +val user : string +val group : string val debug : bool diff -u -r approx-2.8.0.debian/doc/approx.conf.5 approx-2.8.0/doc/approx.conf.5 --- approx-2.8.0.debian/doc/approx.conf.5 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/doc/approx.conf.5 2007-05-14 17:06:32.000000000 +0400 @@ -41,6 +41,9 @@ in bytes per second (default: unlimited). The value may be suffixed with "K", "M", or "G" to indicate kilobytes, megabytes, or gigabytes per second, respectively. +.IP user/group +Specifies the username and groupname to use after privileges drop. "approx" user +and "approx" group is used by default. .IP debug Specifies whether debugging messages should be printed (default: diff -u -r approx-2.8.0.debian/etc/approx.conf approx-2.8.0/etc/approx.conf --- approx-2.8.0.debian/etc/approx.conf 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/etc/approx.conf 2007-05-14 16:25:50.000000000 +0400 @@ -7,6 +7,8 @@ #interval 720 #max_wait 10 #max_rate unlimited +#user approx +#group approx #debug false # Here are some examples of remote repository mappings. diff -u -r approx-2.8.0.debian/gc.ml approx-2.8.0/gc.ml --- approx-2.8.0.debian/gc.ml 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/gc.ml 2007-05-14 16:30:46.000000000 +0400 @@ -188,7 +188,7 @@ iter_status gc let garbage_collect () = - drop_privileges "approx"; + drop_privileges user group; mark (); sweep () diff -u -r approx-2.8.0.debian/server.ml approx-2.8.0/server.ml --- approx-2.8.0.debian/server.ml 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/server.ml 2007-05-14 16:27:44.000000000 +0400 @@ -34,7 +34,7 @@ method config_reactor_synch = `Write end -let main ~user ~interface port service = +let main ~user ~group ~interface port service = let sock = socket PF_INET SOCK_STREAM 0 in setsockopt sock SO_REUSEADDR true; let addr = @@ -43,7 +43,7 @@ in bind sock (ADDR_INET (addr, port)); listen sock 10; - drop_privileges user; + drop_privileges user group; while true do let fd, _ = accept sock in set_nonblock fd; diff -u -r approx-2.8.0.debian/server.mli approx-2.8.0/server.mli --- approx-2.8.0.debian/server.mli 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/server.mli 2007-05-14 16:32:38.000000000 +0400 @@ -2,4 +2,4 @@ Copyright (C) 2006 Eric C. Cooper <[EMAIL PROTECTED]> Released under the GNU General Public License *) -val main : user:string -> interface:string -> int -> 'a Nethttpd_types.http_service -> unit +val main : user:string -> group:string -> interface:string -> int -> 'a Nethttpd_types.http_service -> unit diff -u -r approx-2.8.0.debian/util.ml approx-2.8.0/util.ml --- approx-2.8.0.debian/util.ml 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/util.ml 2007-05-14 16:28:09.000000000 +0400 @@ -143,9 +143,9 @@ let file_sha1sum = let module F = FileDigest(Sha1) in F.sum let file_sha256sum = let module F = FileDigest(Sha256) in F.sum -let drop_privileges name = - setgid (getgrnam name).gr_gid; - setuid (getpwnam name).pw_uid +let drop_privileges user group = + setgid (getgrnam group).gr_gid; + setuid (getpwnam user).pw_uid let packages_variants = [ "Packages"; "Packages.gz"; "Packages.bz2" ] diff -u -r approx-2.8.0.debian/util.mli approx-2.8.0/util.mli --- approx-2.8.0.debian/util.mli 2007-05-14 16:04:19.000000000 +0400 +++ approx-2.8.0/util.mli 2007-05-14 17:05:05.000000000 +0400 @@ -94,9 +94,9 @@ val file_sha256sum : string -> string -(* Drop privileges (user and group ID) to those of the specified name *) +(* Drop privileges (user and group ID) to those of the specified names *) -val drop_privileges : string -> unit +val drop_privileges : string -> string -> unit (* Check whether a file is a Sources file *)