minor setuid/setgid improvements

RamseyK · RamseyK · commit 25f3e75e26ba · 2019-09-08T18:52:41.000-05:00
diff --git a/bin/server.config b/bin/server.config
@@ -3,7 +3,7 @@ vhost=10.0.10.86,acme.local
 port=8080
 diskpath=./htdocs
 
-# Optional - uid/gid to "drop" to with setuid/setgid after bind() so the program doesn't have to run as root
+# Optional - uid/gid to "drop" to with setuid/setgid after bind() so the program doesn't have to remain as root
 # Default 0 because dropping to root makes no sense
 drop_uid=0
 drop_gid=0
diff --git a/src/HTTPServer.cpp b/src/HTTPServer.cpp
@@ -110,13 +110,13 @@ bool HTTPServer::start() {
 	}
 
 	// Optionally drop uid/gid if specified
-	if (dropUid != 0 && dropGid != 0) {
-		if (setgid(dropGid) == -1) {
+	if (dropUid > 0 && dropGid > 0) {
+		if (setgid(dropGid) != 0) {
 			std::cout << "setgid to " << dropGid << " failed!" << std::endl;
 			return false;
 		}
 		
-		if (setuid(dropUid) == -1) {
+		if (setuid(dropUid) != 0) {
 			std::cout << "setuid to " << dropUid << " failed!" << std::endl;
 			return false;
 		}
diff --git a/src/main.cpp b/src/main.cpp
@@ -89,7 +89,7 @@ int main (int argc, const char * argv[])
 		drop_uid = atoi(config["drop_uid"].c_str());
 		drop_gid = atoi(config["drop_gid"].c_str());
 
-		if (drop_uid == 0 || drop_gid == 0) {
+		if (drop_uid <= 0 || drop_gid <= 0) {
 			// Both must be set, otherwise set back to 0 so we dont use
 			drop_uid = drop_gid = 0;
 		}
@@ -103,7 +103,7 @@ int main (int argc, const char * argv[])
 	signal(SIGINT, &handleTermSig);
 	signal(SIGTERM, &handleTermSig);
 
-	// Instance and start the server
+	// Instantiate and start the server
 	svr = new HTTPServer(vhosts, atoi(config["port"].c_str()), config["diskpath"], drop_uid, drop_gid);
 	if (!svr->start()) {
 		svr->stop();

Original file line number	Diff line number	Diff line change
`@@ -110,13 +110,13 @@ bool HTTPServer::start() {`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`// Optionally drop uid/gid if specified`
`113`		`- if (dropUid != 0 && dropGid != 0) {`
`114`		`- if (setgid(dropGid) == -1) {`
	`113`	`+ if (dropUid > 0 && dropGid > 0) {`
	`114`	`+ if (setgid(dropGid) != 0) {`
`115`	`115`	`std::cout << "setgid to " << dropGid << " failed!" << std::endl;`
`116`	`116`	`return false;`
`117`	`117`	`}`
`118`	`118`
`119`		`- if (setuid(dropUid) == -1) {`
	`119`	`+ if (setuid(dropUid) != 0) {`
`120`	`120`	`std::cout << "setuid to " << dropUid << " failed!" << std::endl;`
`121`	`121`	`return false;`
`122`	`122`	`}`