From: Steve Dickson <SteveD@redhat.com>
To: Neil Brown <neilb@suse.de>
Cc: "Matthias Koenig" <mkoenig@novell.com>,
nfs@lists.sourceforge.net, "Olaf Kirch" <olaf.kirch@oracle.com>,
"Javier Fernández-Sanguino Peña" <jfs@computer.org>,
anibal@debian.org
Subject: Re: Portmap - was Re: Does mountd/statd really need to listen on a privileged port??
Date: Mon, 23 Apr 2007 09:43:21 -0400 [thread overview]
Message-ID: <462CB7F9.2040800@RedHat.com> (raw)
In-Reply-To: <17964.21206.435402.157895@notabene.brown>
[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]
Neil Brown wrote:
> On Monday April 23, neilb@suse.de wrote:
>> I think I'll add -u/-g flags
>> I might even include the Redhat code in #ifdef, so if compile with
>> make RPCUSER=rpc
>> it will do the getpwnam..
>
> I have added both compile-time and run-time setting of the uid and
> gid, and allowed a username to be set at compile time. I have also
> made it possible to compile in host-name lookups. The man-page
> auto-adjusts to match the compile options.
>
> make RPCUSER=rpc DAEMON_UID=4 DAEMON_GID=100 USE_DNS=yes
>
> I think it is now should do all that I want, and should be a slot-in
> replacement for any distro that wants it (providing they choose
> appropriate Make options).
When porting this functionality to rpcbind, I made the setting of
the uid a configuration argument (i.e. --with-rpcuser=user)
See attached patch... Its basically doing the same thing in a
different way...
I guess I've become a fan of letting autoconf (and friends) create
the makefiles verses me hacking on them... although working with
that autoconf API can drive one to drink (which it has ;-) ) but
in the end, I do think it makes things a be more configurable...
steved.
[-- Attachment #2: uid.patch --]
[-- Type: text/x-patch, Size: 2183 bytes --]
commit c24026e7c2949ede4fc292335df1a08c3f6575fe
Author: Steve Dickson <steved@redhat.com>
Date: Fri Apr 20 13:10:58 2007 -0400
Allow the uid that rpcbind runs as to be set during
compile time with the --with-rpcuser configuration
flag. The given uid will only be used if the -s
flag is not given on the command.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/configure.in b/configure.in
index 0e2f163..dfe5907 100644
--- a/configure.in
+++ b/configure.in
@@ -37,6 +37,12 @@ if test "$warmstarts" = "true" ; then
AC_SUBST(statedir)
AC_DEFINE_UNQUOTED(RPCBIND_STATEDIR, "$statedir", [This defines the location where the state files will be kept for warm starts])
fi
+AC_ARG_WITH(rpcuser,
+ [ --with-rpcuser=user uid to use [root]],
+ rpcuser=$withval,
+ rpcuser=root)
+ AC_SUBST(rpcuser)
+AC_DEFINE_UNQUOTED(RPCBIND_USER, "$rpcuser", [This defines the uid to run as])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h \
netinet/in.h stdlib.h string.h \
diff --git a/src/rpcbind.c b/src/rpcbind.c
index 55bbd8d..2a900d9 100644
--- a/src/rpcbind.c
+++ b/src/rpcbind.c
@@ -68,6 +68,7 @@
#include <pwd.h>
#include <string.h>
#include <errno.h>
+#include "config.h"
#include "rpcbind.h"
/*#define RPCBIND_DEBUG*/
@@ -79,6 +80,11 @@ int doabort = 0; /* When debugging, do an abort on errors */
rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */
+#ifdef RPCBIND_USER
+char *rpcbinduser = RPCBIND_USER;
+#else
+char *rpcbinduser = NULL;
+#endif
/* who to suid to if -s is given */
#define RUN_AS "daemon"
@@ -206,15 +212,16 @@ main(int argc, char *argv[])
err(1, "fork failed");
}
- if (runasdaemon) {
+ if (runasdaemon || rpcbinduser) {
struct passwd *p;
+ char *id = runasdaemon ? RUN_AS : rpcbinduser;
- if((p = getpwnam(RUN_AS)) == NULL) {
- syslog(LOG_ERR, "cannot get uid of daemon: %m");
+ if((p = getpwnam(id)) == NULL) {
+ syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
exit(1);
}
if (setuid(p->pw_uid) == -1) {
- syslog(LOG_ERR, "setuid to daemon failed: %m");
+ syslog(LOG_ERR, "setuid to '%s' failed: %m", id);
exit(1);
}
}
[-- Attachment #3: Type: text/plain, Size: 286 bytes --]
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
[-- Attachment #4: Type: text/plain, Size: 140 bytes --]
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2007-04-23 13:42 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-12 22:05 Does mountd/statd really need to listen on a privileged port?? Neil Brown
2007-04-13 0:05 ` Trond Myklebust
2007-04-16 1:03 ` Neil Brown
2007-04-13 0:55 ` Mike Frysinger
2007-04-13 1:09 ` Mike Frysinger
2007-04-13 1:39 ` Neil Brown
2007-04-13 2:04 ` Mike Frysinger
2007-04-17 10:14 ` Olaf Kirch
2007-04-17 11:12 ` Mike Frysinger
2007-04-16 18:13 ` Steve Dickson
2007-04-17 10:08 ` Olaf Kirch
2007-04-17 11:21 ` Mike Frysinger
2007-04-17 11:32 ` Olaf Kirch
2007-04-18 7:14 ` Neil Brown
2007-04-19 0:46 ` Neil Brown
2007-04-19 1:21 ` Javier Fernández-Sanguino Peña
2007-04-20 3:04 ` Portmap - was " Neil Brown
2007-04-20 6:49 ` Olaf Kirch
2007-04-20 8:02 ` Neil Brown
2007-04-20 13:27 ` Olaf Kirch
2007-04-20 19:18 ` Steve Dickson
2007-04-23 4:03 ` Neil Brown
2007-04-23 6:31 ` Neil Brown
2007-04-23 13:43 ` Steve Dickson [this message]
2007-04-24 0:56 ` Neil Brown
2007-04-24 17:13 ` Steve Dickson
2007-04-23 13:28 ` Steve Dickson
2007-04-23 23:09 ` Neil Brown
2007-04-24 6:43 ` Olaf Kirch
2007-04-24 7:24 ` Neil Brown
2007-04-24 15:15 ` Talpey, Thomas
2007-04-24 15:31 ` Talpey, Thomas
2007-04-24 7:08 ` Olaf Kirch
2007-04-24 15:10 ` Steve Dickson
2007-04-24 16:10 ` Christoph Hellwig
2007-04-24 17:04 ` Steve Dickson
2007-04-24 17:17 ` Christoph Hellwig
2007-04-24 17:52 ` Steve Dickson
2007-04-24 19:09 ` Peter Åstrand
2007-04-24 20:26 ` Steve Dickson
2007-04-24 20:36 ` Peter Staubach
2007-04-25 11:56 ` Olaf Kirch
2007-04-25 15:44 ` Peter Staubach
2007-04-25 20:14 ` Olaf Kirch
2007-04-26 6:32 ` Neil Brown
2007-04-26 8:59 ` Olaf Kirch
2007-04-26 13:03 ` Peter Staubach
2007-05-02 4:22 ` Ian Kent
2007-04-27 15:07 ` Olaf Kirch
2007-04-27 15:18 ` Christoph Hellwig
2007-04-27 17:07 ` Olaf Kirch
2007-04-29 23:32 ` Steve Dickson
2007-04-26 7:52 ` Aurélien Charbon
2007-04-25 8:57 ` Peter Åstrand
2007-04-25 8:56 ` Olaf Kirch
2007-04-25 9:58 ` Christoph Hellwig
2007-04-25 13:22 ` Steve Dickson
2007-04-25 14:10 ` Olaf Kirch
2007-04-25 14:42 ` Christoph Hellwig
2007-04-26 14:30 ` Peter Åstrand
2007-04-25 14:37 ` Christoph Hellwig
2007-04-25 13:39 ` Steve Dickson
2007-04-26 22:22 ` Steve Dickson
2007-04-27 2:22 ` J. Bruce Fields
2007-04-27 6:20 ` Olaf Kirch
2007-04-27 14:01 ` Peter Staubach
2007-04-27 14:09 ` Christoph Hellwig
2007-04-27 14:21 ` Peter Staubach
2007-04-27 14:37 ` Christoph Hellwig
2007-04-29 23:39 ` Steve Dickson
2007-04-27 16:49 ` Olaf Kirch
2007-04-27 17:06 ` Peter Staubach
2007-04-27 17:04 ` Olaf Kirch
2007-04-27 17:34 ` Peter Staubach
2007-05-04 18:52 ` Steve Dickson
2007-04-24 14:38 ` Steve Dickson
2007-04-19 15:15 ` Steve Dickson
2007-04-19 15:21 ` J. Bruce Fields
2007-04-19 15:42 ` Steve Dickson
2007-04-19 15:50 ` J. Bruce Fields
2007-04-19 16:36 ` Steve Dickson
2007-04-19 22:50 ` Anibal Monsalve Salazar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=462CB7F9.2040800@RedHat.com \
--to=steved@redhat.com \
--cc=anibal@debian.org \
--cc=jfs@computer.org \
--cc=mkoenig@novell.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
--cc=olaf.kirch@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox