Mercurial > hg > nginx
diff src/core/nginx.c @ 234:cd71b95716b4
nginx-0.0.1-2004-01-20-23:40:08 import
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 20 Jan 2004 20:40:08 +0000 |
parents | 92db0aa1e83f |
children | 86e473b5641e |
line wrap: on
line diff
--- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -6,9 +6,10 @@ typedef struct { - ngx_str_t user; int daemon; int master; + uid_t user; + gid_t group; ngx_str_t pid; ngx_str_t newpid; } ngx_core_conf_t; @@ -27,6 +28,7 @@ static void ngx_worker_process_cycle(ngx static ngx_int_t ngx_add_inherited_sockets(ngx_cycle_t *cycle, char **envp); static ngx_pid_t ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv); static ngx_int_t ngx_core_module_init(ngx_cycle_t *cycle); +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static ngx_str_t core_name = ngx_string("core"); @@ -34,10 +36,10 @@ static ngx_str_t core_name = ngx_string static ngx_command_t ngx_core_commands[] = { { ngx_string("user"), - NGX_MAIN_CONF|NGX_CONF_TAKE1, - ngx_conf_set_core_str_slot, + NGX_MAIN_CONF|NGX_CONF_TAKE12, + ngx_set_user, 0, - offsetof(ngx_core_conf_t, user), + 0, NULL }, { ngx_string("daemon"), @@ -68,26 +70,21 @@ ngx_module_t ngx_core_module = { }; -ngx_int_t ngx_max_module; - +ngx_int_t ngx_max_module; +ngx_uint_t ngx_connection_counter; -/* STUB */ -uid_t user; - -u_int ngx_connection_counter; +ngx_int_t ngx_process; +ngx_pid_t ngx_new_binary; -ngx_int_t ngx_process; -ngx_pid_t ngx_new_binary; - -ngx_int_t ngx_inherited; -ngx_int_t ngx_signal; -ngx_int_t ngx_reap; -ngx_int_t ngx_terminate; -ngx_int_t ngx_quit; -ngx_int_t ngx_noaccept; -ngx_int_t ngx_reconfigure; -ngx_int_t ngx_reopen; -ngx_int_t ngx_change_binary; +ngx_int_t ngx_inherited; +ngx_int_t ngx_signal; +ngx_int_t ngx_reap; +ngx_int_t ngx_terminate; +ngx_int_t ngx_quit; +ngx_int_t ngx_noaccept; +ngx_int_t ngx_reconfigure; +ngx_int_t ngx_reopen; +ngx_int_t ngx_change_binary; int main(int argc, char *const *argv, char **envp) @@ -102,7 +99,6 @@ int main(int argc, char *const *argv, ch #if !(WIN32) size_t len; char pid[/* STUB */ 10]; - struct passwd *pwd; #endif #if __FreeBSD__ @@ -169,19 +165,6 @@ int main(int argc, char *const *argv, ch #else - /* STUB */ - if (ccf->user.len) { - pwd = getpwnam(ccf->user.data); - if (pwd == NULL) { - ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, - "getpwnam(%s) failed", ccf->user); - return 1; - } - - user = pwd->pw_uid; - } - /* */ - if (ccf->daemon != 0) { if (ngx_daemon(cycle->log) == NGX_ERROR) { return 1; @@ -573,16 +556,28 @@ static void ngx_worker_process_cycle(ngx sigset_t set; ngx_int_t i; ngx_listening_t *ls; + ngx_core_conf_t *ccf; ngx_process = NGX_PROCESS_WORKER; ngx_last_process = 0; - if (user) { - if (setuid(user) == -1) { - ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, - "setuid() failed"); + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + + if (ccf->group != (gid_t) NGX_CONF_UNSET) { + if (setuid(ccf->group) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setgid(%d) failed", ccf->group); /* fatal */ - exit(1); + exit(2); + } + } + + if (ccf->user != (uid_t) NGX_CONF_UNSET && geteuid() == 0) { + if (setuid(ccf->user) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "setuid(%d) failed", ccf->user); + /* fatal */ + exit(2); } } @@ -755,10 +750,53 @@ static ngx_int_t ngx_core_module_init(ng * * ccf->pid = NULL; */ - ccf->daemon = -1; - ccf->master = -1; + ccf->daemon = NGX_CONF_UNSET; + ccf->master = NGX_CONF_UNSET; + ccf->user = (uid_t) NGX_CONF_UNSET; + ccf->group = (gid_t) NGX_CONF_UNSET; ((void **)(cycle->conf_ctx))[ngx_core_module.index] = ccf; return NGX_OK; } + + +static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + struct passwd *pwd; + struct group *grp; + ngx_str_t *value; + ngx_core_conf_t *ccf; + + ccf = *(void **)conf; + + if (ccf->user != (uid_t) NGX_CONF_UNSET) { + return "is duplicate"; + } + + value = (ngx_str_t *) cf->args->elts; + + pwd = getpwnam(value[1].data); + if (pwd == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getpwnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->user = pwd->pw_uid; + + if (cf->args->nelts == 2) { + return NGX_CONF_OK; + } + + grp = getgrnam(value[2].data); + if (grp == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + "getgrnam(%s) failed", value[1].data); + return NGX_CONF_ERROR; + } + + ccf->group = grp->gr_gid; + + return NGX_CONF_OK; +}