Hi Andrew,

On Fri, Jul 12, 2019 at 09:12:42AM +0800, Andrew Heberle wrote:
> This patch adds "user" and "group" config options to the "program"
> section so the configured command can be run as a different user.
> 
> I re-used the setuid/setgid code from "haproxy.c" for this so I'm
> hoping there are not terrible bugs I've introduced :)

Thanks for this. However the description above is exactly what should
have been placed into the commit message which currently is empty.

Also, you have indentation issues below :

> --- a/include/types/global.h
> +++ b/include/types/global.h
> @@ -215,6 +215,8 @@ struct mworker_proc {
>    int timestamp;
>    struct server *srv; /* the server entry in the master proxy */
>    struct list list;
> +   int uid;
> +   int gid;
> };

See above, the patch is mangled, tabs were replaced with spaces.
Same below :

> --- a/src/mworker-prog.c
> +++ b/src/mworker-prog.c
> @@ -15,6 +15,7 @@
> #include <sys/types.h>
> #include <errno.h>
> #include <grp.h>
> +#include <pwd.h>
> #include <stdio.h>
> #include <string.h>
> #include <unistd.h>
> @@ -91,6 +92,23 @@ int mworker_ext_launch_all()
>                mworker_cleanlisteners();
>                mworker_cleantasks();
> +               /* setgid / setuid */
> +               if (child->gid != -1) {
> +                   if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
> +                       ha_warning("[%s.main()] Failed to drop
> supplementary groups. Using 'gid'/'group'"
> +                           " without 'uid'/'user' is generally
> useless.\n", child->command[0]);

It might be your mailer, but it could also be your editor. It looks like
each tab was replaced with series of 4 spaces.

Thanks,
Willy

Reply via email to