diff options
| author |   Laurent Ghigonis <laurent@p1sec.com> | 2013-08-26 11:44:10 +0200 |
|---|---|---|
| committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-08-26 11:44:10 +0200 |
| commit | 4ab97f842057295d91612b5aeb19b19e5e3a77dd (patch) | |
| tree | e539e089ea1c57b3be99e8cd4f7551b9091d4e2c | |
| parent | WIP (diff) | |
| download | glouglou-4ab97f842057295d91612b5aeb19b19e5e3a77dd.tar.xz glouglou-4ab97f842057295d91612b5aeb19b19e5e3a77dd.zip | |
WIP, permissions
| -rw-r--r-- | v3/glougloud/Makefile | 32 | ||||
| -rw-r--r-- | v3/glougloud/glougloud.h | 1 | ||||
| -rw-r--r-- | v3/glougloud/redis.c | 2 |
3 files changed, 14 insertions, 21 deletions
diff --git a/v3/glougloud/Makefile b/v3/glougloud/Makefile index d1d88ca..abb0098 100644 --- a/v3/glougloud/Makefile +++ b/v3/glougloud/Makefile @@ -5,7 +5,6 @@ CFLAGS+=-Wall -g LDFLAGS=-levent -ldnet -lglouglou -ldl -lhiredis USER_PROBES = _glougloud_probe USER_VIZ = _glougloud_viz -USER_DEFAULT = _glougloud GLOUGLOUD_HOME = "/var/lib/glougloud" GLOUGLOUD_CHROOT = "$(GLOUGLOUD_HOME)/chroot" @@ -17,27 +16,22 @@ all: $(CC) $(OBJECTS) -o $(PROG) $(LDFLAGS) install: $(PROG) - @echo "creating glougloud home $(GLOUGLOUD_HOME)" - sudo mkdir -p $(GLOUGLOUD_HOME) - @echo "creating glougloud chroot $(GLOUGLOUD_CHROOT)" - sudo mkdir -p $(GLOUGLOUD_CHROOT) - sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket - @echo "creating 3 users: $(USER_DEFAULT), $(USER_PROBES), $(USER_VIZ)" - cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_DEFAULT)" ;\ - echo $$cmdp; $$($$cmdp) ;\ - cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_PROBES)" ;\ - echo $$cmdp; $$($$cmdp) ;\ - cmdp="usermod -a -G $(USER_DEFAULT) $(USER_PROBES)" ;\ - echo $$cmdp; $$($$cmdp) ;\ + @echo "creating 2 users: $(USER_PROBES), $(USER_VIZ)" cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_VIZ)" ;\ echo $$cmdp; $$($$cmdp) ;\ - cmdp="usermod -a -G $(USER_DEFAULT) $(USER_VIZ)" ;\ - echo $$cmdp; $$($$cmdp) ; - @echo "setting ownership for glougloud chroot $(GLOUGLOUD_CHROOT)" - sudo chown -R root:$(USER_DEFAULT) $(GLOUGLOUD_HOME) - chmod -R 750 $(GLOUGLOUD_HOME) - chmod 770 $(GLOUGLOUD_CHROOT)/socket + cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -g $(USER_VIZ) -s /sbin/nologin $(USER_PROBES)" ;\ + echo $$cmdp; $$($$cmdp) ;\ echo done + @echo "creating home $(GLOUGLOUD_HOME)" + sudo mkdir -p $(GLOUGLOUD_HOME) + chmod 755 $(GLOUGLOUD_HOME) + @echo "creating chroot $(GLOUGLOUD_CHROOT)" + sudo mkdir -p $(GLOUGLOUD_CHROOT) + chmod 755 $(GLOUGLOUD_CHROOT) + sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket + chown $(USER_PROBES):$(USER_VIZ) $(GLOUGLOUD_CHROOT)/socket + chmod 750 $(GLOUGLOUD_CHROOT)/socket + @echo done @echo "installation of $(PROG)" mkdir -p $(BINDIR) install -m 0755 $(PROG) $(BINDIR) diff --git a/v3/glougloud/glougloud.h b/v3/glougloud/glougloud.h index 3f59603..7249183 100644 --- a/v3/glougloud/glougloud.h +++ b/v3/glougloud/glougloud.h @@ -5,7 +5,6 @@ #include <hiredis/hiredis.h> #include <hiredis/async.h> -#define GLOUGLOUD_USER_DEFAULT "_glougloud" #define GLOUGLOUD_USER_PROBES "_glougloud_probe" #define GLOUGLOUD_USER_VIZ "_glougloud_viz" #define GLOUGLOUD_LOGFILE "/var/log/glougloud.log" diff --git a/v3/glougloud/redis.c b/v3/glougloud/redis.c index 6fca983..65351d3 100644 --- a/v3/glougloud/redis.c +++ b/v3/glougloud/redis.c @@ -30,7 +30,7 @@ redis_init(struct glougloud *ggd) { _redis->pid = fork(); if (_redis->pid > 0) return 0; - droppriv(GLOUGLOUD_USER_DEFAULT, 0, NULL); + droppriv(GLOUGLOUD_USER_PROBES, 0, NULL); path = getenv("PATH"); snprintf(newpath, sizeof(newpath), "%s:/sbin:/usr/sbin:/usr/local/sbin", path); |