drop privileges on server startup

author: Lennart Weller <lhw@ring0.de> 2013-03-16 22:00:48 +0100
committer: Lennart Weller <lhw@ring0.de> 2013-03-16 22:00:48 +0100
commit: 504cefec4a93a9b52fa9d25d6f353a4676485c43 (patch)
tree: 100ff605356d51454b9c784a59c7b1629bf1b616
parent: 03a4e9f901cd36792de2172b4ebb8f6e852fe1cd (diff)
download: serial-barcode-scanner-504cefec4a93a9b52fa9d25d6f353a4676485c43.tar.bz2
1 files changed, 20 insertions, 0 deletions
diff --git a/src/main.vala b/src/main.vala
index 67f00ff..a9e24e3 100644
--- a/src/main.vala
+++ b/src/main.vala
@@ -69,6 +69,26 @@ public static int main(string[] args) {
 		return 1;
 	}
 
+	if(Posix.getuid() == 0) {
+		try {
+			string user;
+			unowned Posix.Passwd pwd;
+
+			user = cfg.get_string("SYSTEM", "user");
+			if((pwd = Posix.getpwnam(user)) != null) {
+				if(Posix.setuid(pwd.pw_uid) != 0)
+					throw new IOError.FAILED("Failed to set uid");
+				if(Posix.setgid(pwd.pw_gid) != 0)
+					throw new IOError.FAILED("Failed to set gid");
+				if(Posix.setuid(0) != -1)
+					throw new IOError.FAILED("Failed to set uid/gid entirely");
+			}
+		} catch(Error e) {
+			stderr.puts(e.message + "\n");
+			return 1;
+		}
+	}
+
 	dev   = new Device(devicefile, 9600, 8, 1);
 	db    = new Database("shop.db");
 	audio = new AudioPlayer();
author	Lennart Weller <lhw@ring0.de>	2013-03-16 22:00:48 +0100
committer	Lennart Weller <lhw@ring0.de>	2013-03-16 22:00:48 +0100
commit	504cefec4a93a9b52fa9d25d6f353a4676485c43 (patch)
tree	100ff605356d51454b9c784a59c7b1629bf1b616
parent	03a4e9f901cd36792de2172b4ebb8f6e852fe1cd (diff)
download	serial-barcode-scanner-504cefec4a93a9b52fa9d25d6f353a4676485c43.tar.bz2