diff -Nrc distcc-0.14/src/daemon.c distcc-0.14-patch/src/daemon.c *** distcc-0.14/src/daemon.c Fri Nov 1 01:00:34 2002 --- distcc-0.14-patch/src/daemon.c Wed Nov 20 13:00:46 2002 *************** *** 55,60 **** --- 55,62 ---- #include #include #include + #include + #include #include #include *************** *** 85,90 **** --- 87,94 ---- int main(int argc, char *argv[]) { int ret; + struct passwd *struct_p; + struct group *struct_g; rs_trace_set_level(RS_LOG_INFO); rs_add_logger(rs_logger_file, RS_LOG_DEBUG, 0, STDERR_FILENO); *************** *** 94,99 **** --- 98,134 ---- dccd_setup_log(); + /* Run as a different user/group? */ + if (arg_group) { + if ((struct_g = getgrnam(arg_group)) == NULL) { + fprintf(stderr,"Could not find group: %s\n",arg_group); + exit(1); + } + if ((setgid(struct_g->gr_gid)) == -1) { + fprintf(stderr,"Could not set the gid\n"); + exit(1); + } + if ((setegid(struct_g->gr_gid)) == -1) { + fprintf(stderr,"Could not set the effective gid\n"); + exit(1); + } + } + + if (arg_user) { + if ((struct_p = getpwnam(arg_user)) == NULL) { + fprintf(stderr,"Could not find user: %s\n",arg_user); + exit(1); + } + if ((setuid(struct_p->pw_uid)) == -1) { + fprintf(stderr,"Could not set the uid\n"); + exit(1); + } + if ((seteuid(struct_p->pw_uid)) == -1) { + fprintf(stderr,"Could not set the effective uid\n"); + exit(1); + } + } + /* This test might need to be a bit more complex when we want to * support ssh and stuff like that. Perhaps it would be better to * always serve stdin, and then complain if it's a terminal? */ diff -Nrc distcc-0.14/src/dopt.c distcc-0.14-patch/src/dopt.c *** distcc-0.14/src/dopt.c Sun Oct 6 22:56:47 2002 --- distcc-0.14-patch/src/dopt.c Wed Nov 20 12:23:34 2002 *************** *** 75,80 **** --- 75,82 ---- const char *arg_pid_file = NULL; const char *arg_log_file = NULL; + const char *arg_user = NULL; + const char *arg_group = NULL; enum { opt_log_to_file = 300 *************** *** 93,98 **** --- 95,102 ---- { "no-fork", 0, POPT_ARG_NONE, &opt_no_fork, 0, 0, 0 }, { "no-detach", 0, POPT_ARG_NONE, &opt_no_detach, 0, 0, 0 }, { "log-file", 0, POPT_ARG_STRING, &arg_log_file, 0, 0, 0 }, + { "user", 0, POPT_ARG_STRING, &arg_user, 0, 0, 0 }, + { "group", 0, POPT_ARG_STRING, &arg_group, 0, 0, 0 }, { "log-stderr", 0, POPT_ARG_NONE, &opt_log_stderr, 0, 0, 0 }, { "verbose", 0, POPT_ARG_NONE, 0, 'v', 0, 0 }, { "no-fifo", 0, POPT_ARG_NONE, &opt_no_fifo, 0, 0, 0 }, *************** *** 117,122 **** --- 121,128 ---- " -p, --port PORT TCP port to listen on\n" " -P, --pid-file FILE save daemon process id to file\n" " -N, --nice LEVEL lower priority, 20=most nice\n" + " --user=USERNAME run as user\n" + " --group=GROUP run as group\n" " Debug and trace:\n" " --verbose include debug messages in log\n" " --no-fork single process only (for debugging)\n" diff -Nrc distcc-0.14/src/opt.h distcc-0.14-patch/src/opt.h *** distcc-0.14/src/opt.h Sun Oct 6 22:56:47 2002 --- distcc-0.14-patch/src/opt.h Wed Nov 20 12:38:13 2002 *************** *** 28,32 **** --- 28,34 ---- extern int opt_no_detach; extern int opt_daemon_mode, opt_inetd_mode; extern const char *arg_log_file; + extern const char *arg_user; + extern const char *arg_group; extern int opt_no_fifo; extern int opt_log_stderr;