\&
.RB [ \-p
.IR path ]
+.RB [ \-U
+.IR user ]
+.RB [ \-G
+.IR group ]
.RB [ \-S
.IB arg , arg ,\fR...]
.
(e.g.,
.BR \-a ).
.TP
+.BI "\-U, \-\-setuid=" user
+Set uid to that of
+.I user
+(either a user name or integer uid) after initialization. Also set gid
+to
+.IR user 's
+primary group, unless overridden by a
+.B \-G
+option. If a new
+.BR tripe (8)
+server is going to be spawned then it is also passed corresponding
+.B \-U
+and
+.B \-G
+options.
+.TP
+.BI "\-G, \-\-setgid=" group
+Set gid to that of
+.I group
+(either a group name or integer gid) after initialization. If a new
+.BR tripe (8)
+server is going to be spawned then it is also passed a corresponding
+.B \-G
+option.
+.TP
.B "\-l, \-\-syslog"
Send warnings and trace messages to the
.BR syslog (8)
\n\
-D, --daemon Become a background task after connecting.\n\
-d, --directory=DIR Select current directory [default " CONFIGDIR "].\n\
+-U, --setuid=USER Set uid to USER after initialization.\n\
+-G, --setgid=GROUP Set gid to GROUP after initialization.\n\
-a, --admin-socket=FILE Select socket to connect to\n\
[default " SOCKETDIR "/tripesock].\n\
-P, --pidfile=FILE Write process-id to FILE.\n\
string_v spawnopts = DA_INIT;
char *p;
FILE *pidfp = 0;
+ uid_t u = -1;
+ gid_t g = -1;
ego(argv[0]);
{ "version", 0, 0, 'v' },
{ "usage", 0, 0, 'u' },
{ "daemon", 0, 0, 'D' },
+ { "uid", OPTF_ARGREQ, 0, 'U' },
+ { "setuid", OPTF_ARGREQ, 0, 'U' },
+ { "gid", OPTF_ARGREQ, 0, 'G' },
+ { "setgid", OPTF_ARGREQ, 0, 'G' },
{ "directory", OPTF_ARGREQ, 0, 'd' },
{ "admin-socket", OPTF_ARGREQ, 0, 'a' },
{ "spawn", 0, 0, 's' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+hvuDd:a:sp:S:lwf:nP:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "+hvuDU:G:d:a:sp:S:lwf:nP:", opts, 0, 0, 0);
if (i < 0)
break;
switch (i) {
case 'D':
f |= f_daemon | f_noinput;
break;
+ case 'U':
+ u = u_getuser(optarg, &g);
+ break;
+ case 'G':
+ g = u_getgroup(optarg);
+ break;
case 'd':
dir = optarg;
break;
sigaction(SIGCHLD, &sa, 0);
DA_PUSH(&spawnopts, 0);
+ if (g != (gid_t)-1) putarg(&spawnopts, "-G%lu", (unsigned long)g);
+ if (u != (uid_t)-1) putarg(&spawnopts, "-U%lu", (unsigned long)u);
putarg(&spawnopts, "-a%s", sock);
putarg(&spawnopts, "-d.");
putarg(&spawnopts, "-F");
}
}
+ u_setugid(u, g);
if (f & f_daemon) {
if (daemonize())
die(EXIT_FAILURE, "error becoming daemon: %s", strerror(errno));