nghttpx: Chown file to effective user
This commit is contained in:
parent
bf13d91264
commit
ca680c16e3
64
src/shrpx.cc
64
src/shrpx.cc
|
@ -313,6 +313,17 @@ void save_pid()
|
|||
<< get_config()->pid_file.get();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if(get_config()->uid != 0) {
|
||||
if(chown(get_config()->pid_file.get(),
|
||||
get_config()->uid, get_config()->gid) == -1) {
|
||||
auto error = errno;
|
||||
LOG(WARNING) << "Changing owner of pid file "
|
||||
<< get_config()->pid_file.get()
|
||||
<< " failed: "
|
||||
<< strerror(error);
|
||||
}
|
||||
}
|
||||
}
|
||||
} // namespace
|
||||
|
||||
|
@ -1554,13 +1565,15 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if(get_config()->uid != 0) {
|
||||
if(fchown(worker_config.accesslog_fd,
|
||||
if(worker_config.accesslog_fd != -1 &&
|
||||
fchown(worker_config.accesslog_fd,
|
||||
get_config()->uid, get_config()->gid) == -1) {
|
||||
auto error = errno;
|
||||
LOG(WARNING) << "Changing owner of access log file failed: "
|
||||
<< strerror(error);
|
||||
}
|
||||
if(fchown(worker_config.errorlog_fd,
|
||||
if(worker_config.errorlog_fd != -1 &&
|
||||
fchown(worker_config.errorlog_fd,
|
||||
get_config()->uid, get_config()->gid) == -1) {
|
||||
auto error = errno;
|
||||
LOG(WARNING) << "Changing owner of error log file failed: "
|
||||
|
@ -1568,6 +1581,53 @@ int main(int argc, char **argv)
|
|||
}
|
||||
}
|
||||
|
||||
if(get_config()->http2_upstream_dump_request_header_file) {
|
||||
auto path = get_config()->http2_upstream_dump_request_header_file.get();
|
||||
auto f = open_file_for_write(path);
|
||||
|
||||
if(f == nullptr) {
|
||||
LOG(FATAL) << "Failed to open http2 upstream request header file: "
|
||||
<< path;
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
mod_config()->http2_upstream_dump_request_header = f;
|
||||
|
||||
if(get_config()->uid != 0) {
|
||||
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
|
||||
auto error = errno;
|
||||
LOG(WARNING) << "Changing owner of http2 upstream request header file "
|
||||
<< path
|
||||
<< " failed: "
|
||||
<< strerror(error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(get_config()->http2_upstream_dump_response_header_file) {
|
||||
auto path = get_config()->http2_upstream_dump_response_header_file.get();
|
||||
auto f = open_file_for_write(path);
|
||||
|
||||
if(f == nullptr) {
|
||||
LOG(FATAL) << "Failed to open http2 upstream response header file: "
|
||||
<< path;
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
mod_config()->http2_upstream_dump_response_header = f;
|
||||
|
||||
if(get_config()->uid != 0) {
|
||||
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
|
||||
auto error = errno;
|
||||
LOG(WARNING) << "Changing owner of http2 upstream response header file"
|
||||
<< " "
|
||||
<< path
|
||||
<< " failed: "
|
||||
<< strerror(error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(get_config()->npn_list.empty()) {
|
||||
mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST);
|
||||
}
|
||||
|
|
|
@ -192,7 +192,6 @@ bool is_secure(const char *filename)
|
|||
}
|
||||
} // namespace
|
||||
|
||||
namespace {
|
||||
FILE* open_file_for_write(const char *filename)
|
||||
{
|
||||
auto f = fopen(filename, "wb");
|
||||
|
@ -205,7 +204,6 @@ FILE* open_file_for_write(const char *filename)
|
|||
|
||||
return f;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
std::string read_passwd_from_file(const char *filename)
|
||||
{
|
||||
|
@ -735,21 +733,13 @@ int parse_config(const char *opt, const char *optarg)
|
|||
}
|
||||
|
||||
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
|
||||
auto f = open_file_for_write(optarg);
|
||||
if(f == nullptr) {
|
||||
return -1;
|
||||
}
|
||||
mod_config()->http2_upstream_dump_request_header = f;
|
||||
mod_config()->http2_upstream_dump_request_header_file = strcopy(optarg);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) {
|
||||
auto f = open_file_for_write(optarg);
|
||||
if(f == nullptr) {
|
||||
return -1;
|
||||
}
|
||||
mod_config()->http2_upstream_dump_response_header = f;
|
||||
mod_config()->http2_upstream_dump_response_header_file = strcopy(optarg);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -187,6 +187,8 @@ struct Config {
|
|||
std::unique_ptr<char[]> downstream_http_proxy_userinfo;
|
||||
// host in http proxy URI
|
||||
std::unique_ptr<char[]> downstream_http_proxy_host;
|
||||
std::unique_ptr<char[]> http2_upstream_dump_request_header_file;
|
||||
std::unique_ptr<char[]> http2_upstream_dump_response_header_file;
|
||||
// Rate limit configuration per worker (thread)
|
||||
ev_token_bucket_cfg *worker_rate_limit_cfg;
|
||||
// list of supported NPN/ALPN protocol strings in the order of
|
||||
|
@ -316,6 +318,8 @@ const char* str_syslog_facility(int facility);
|
|||
// Returns integer value of syslog |facility| string.
|
||||
int int_syslog_facility(const char *strfacility);
|
||||
|
||||
FILE* open_file_for_write(const char *filename);
|
||||
|
||||
} // namespace shrpx
|
||||
|
||||
#endif // SHRPX_CONFIG_H
|
||||
|
|
Loading…
Reference in New Issue