In that order. The manpage and the config template have been updated.
LoadPlugin exec
# ...
<Plugin exec>
LoadPlugin exec
# ...
<Plugin exec>
- Exec myuser myprog
- Exec otheruser /path/to/another/binary
+ Exec "myuser:mygroup" "myprog"
+ Exec "otheruser" "/path/to/another/binary"
</Plugin>
=head1 DESCRIPTION
</Plugin>
=head1 DESCRIPTION
#</Plugin>
#<Plugin exec>
#</Plugin>
#<Plugin exec>
-# Exec user "/path/to/exec"
+# Exec "user:group" "/path/to/exec"
#</Plugin>
#<Plugin hddtemp>
#</Plugin>
#<Plugin hddtemp>
=item B<Exec> I<User>[:[I<Group>]] I<Executable>
Execute the executable I<Executable> as user I<User>. If the user name is
=item B<Exec> I<User>[:[I<Group>]] I<Executable>
Execute the executable I<Executable> as user I<User>. If the user name is
-followed by a colon and a group name, the program is executed as the specified
-group. If only the colon follows the user name the group defaults to the
-user's login group.
+followed by a colon and a group name, the effective group is set to that group.
+The real group and saved-set group will be set to the default group of that
+user. If no group is given the effective group ID will be the same as the real
+group ID.
+
+Please note that in order to change the user and/or group the daemon needs
+superuser privileges. If the daemon is run as an unprivileged user you must
+specify the same user/group here. If the daemon is run with superuser
+privileges, you must supply a non-root user here.
int status;
int uid;
int gid;
int status;
int uid;
int gid;
char *arg0;
struct passwd *sp_ptr;
char *arg0;
struct passwd *sp_ptr;
if (uid == 0)
{
ERROR ("exec plugin: Cowardly refusing to exec program as root.");
exit (-1);
}
if (uid == 0)
{
ERROR ("exec plugin: Cowardly refusing to exec program as root.");
exit (-1);
}
+ /* The group configured in the configfile is set as effective group, because
+ * this way the forked process can (re-)gain the user's primary group. */
+ egid = -1;
if (NULL != pl->group)
{
if ('\0' != *pl->group) {
if (NULL != pl->group)
{
if ('\0' != *pl->group) {
+ } /* if (pl->group == NULL) */
+
+ status = setgid (gid);
+ if (status != 0)
+ {
+ ERROR ("exec plugin: setgid (%i) failed: %s",
+ gid, sstrerror (errno, errbuf, sizeof (errbuf)));
+ exit (-1);
+ }
- status = setgid (gid);
- if (0 != status)
+ if (egid != -1)
+ {
+ status = setegid (egid);
+ if (status != 0)
- ERROR ("exec plugin: setgid failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
+ ERROR ("exec plugin: setegid (%i) failed: %s",
+ egid, sstrerror (errno, errbuf, sizeof (errbuf)));
- } /* if (pl->group == NULL) */
status = setuid (uid);
if (status != 0)
{
status = setuid (uid);
if (status != 0)
{
- ERROR ("exec plugin: setuid failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
+ ERROR ("exec plugin: setuid (%i) failed: %s",
+ uid, sstrerror (errno, errbuf, sizeof (errbuf)));