[X2Go-Commits] [x2gobroker] 01/02: Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd.

Tue Feb 25 13:56:36 CET 2014

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gobroker.

commit 76a202a89db4c8da7587075da96c995b76e507ca
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Feb 25 13:52:09 2014 +0100

    Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd.
---
 bin/x2gobroker            |   30 +++++++++++++++++++++++++++++-
 debian/changelog          |    2 ++
 man/man1/x2gobroker.1     |    5 +++++
 x2gobroker-daemon.service |    2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/bin/x2gobroker b/bin/x2gobroker
index 5086845..a8ef7ab 100755
--- a/bin/x2gobroker
+++ b/bin/x2gobroker
@@ -27,6 +27,8 @@ import argparse
 import socket
 import logging
 import atexit
+import pwd, grp
+
 
 try:
     import daemon
@@ -41,7 +43,6 @@ try:
 except ImportError:
     CAN_DAEMONIZE = False
 
-
 def prep_http_mode():
 
     global urls
@@ -92,6 +93,25 @@ from x2gobroker import __VERSION__
 from x2gobroker import __AUTHOR__
 from x2gobroker.loggers import logger_broker, logger_access, logger_error, tornado_log_request
 
+def drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER):
+    if os.getuid() != 0:
+        # We're not root so, like, whatever dude
+        return
+
+    # Get the uid/gid from the name
+    running_uid = pwd.getpwnam(uid).pw_uid
+    running_gid = grp.getgrnam(gid).gr_gid
+
+    # Remove group privileges
+    os.setgroups([])
+
+    # Try setting the new uid/gid
+    os.setgid(running_gid)
+    os.setuid(running_uid)
+
+    # Ensure a very conservative umask
+    old_umask = os.umask(077)
+
 interactive_mode_warning = False
 # check effective UID the broker runs as and complain appropriately...
 if x2gobroker.defaults.X2GOBROKER_USER != x2gobroker.defaults.X2GOBROKER_DAEMON_USER and os.geteuid() != 0:
@@ -118,6 +138,11 @@ if __name__ == "__main__":
             {'args':['-P', '--pidfile'], 'default': pidfile, 'help': 'Alternative file path for the daemon\'s PID file', },
             {'args':['-L', '--logdir'], 'default': daemon_logdir, 'help': 'Directory where log files for the process\'s stdout and stderr can be created', },
         ])
+    if os.getuid() == 0:
+        daemon_options.extend([
+            {'args':['--drop-privileges'], 'default': False, 'action': 'store_true', 'help': 'Drop privileges to uid X2GOBROKER_DAEMON_USER and gid X2GOBROKER_DAEMON_GROUP', },
+        ])
+
     sshbroker_options = [
         {'args':['--task'], 'default': None, 'metavar': 'BROKER_TASK', 'help': 'broker task (listsessions, selectsession, setpass, testcon', },
         {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this user name', },
@@ -140,6 +165,9 @@ if __name__ == "__main__":
 
     cmdline_args = p.parse_args()
 
+    if cmdline_args.drop_privileges:
+        drop_privileges()
+
     if cmdline_args.config_file is not None:
         x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file
 
diff --git a/debian/changelog b/debian/changelog
index 63dce8c..b0e6113 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -86,6 +86,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
     - Provide symlink x2gobroker-daemon.
     - Provide systemd service files for x2gobroker-daemon and
       x2gobroker-authservice.
+    - Add --drop-privileges feature so that x2gobroker-daemon can drop root
+      privileges when started via systemd.
   * debian/control:
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
     + Fix SYNOPSIS texts.
diff --git a/man/man1/x2gobroker.1 b/man/man1/x2gobroker.1
index 00ccc1f..5159d60 100644
--- a/man/man1/x2gobroker.1
+++ b/man/man1/x2gobroker.1
@@ -80,6 +80,11 @@ Custom PID file location when daemonizing (default: <RUNDIR>/x2gobroker/x2gobrok
 .TP
 \*(T<\fB\-L, \-\-logdir\fR\*(T>
 Directory where stdout/stderr will be redirected after having daemonized (default: /var/log/x2gobroker/).
+.TP
+\*(T<\fB\-D, \-\-drop\-privileges\fR\*(T>
+If started as root, drop privileges to uid X2GO_DAEMON_USER and gid X2GO_DAEMON_GROUP (as configured
+in \fI/etc/x2go/broker/defaults.conf\fR on systemd systems or \fI/etc/defaults/python-x2gobroker\fR
+on SystemV systems).
 .SH "FILES"
 /etc/x2go/x2gobroker.conf, /etc/x2go/broker/* (configuration files)
 .PP
diff --git a/x2gobroker-daemon.service b/x2gobroker-daemon.service
index fa13e00..20438d6 100644
--- a/x2gobroker-daemon.service
+++ b/x2gobroker-daemon.service
@@ -3,7 +3,7 @@ Description=X2Go Session Broker Daemon
 
 [Service]
 Type=forking
-ExecStart=/usr/bin/x2gobroker-daemon
+ExecStart=/usr/bin/x2gobroker-daemon -D --drop-privileges
 PIDFile=/run/x2gobroker/x2gobroker-daemon.pid
 
 [Install]

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git

