From 4ab97f842057295d91612b5aeb19b19e5e3a77dd Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Mon, 26 Aug 2013 11:44:10 +0200
Subject: WIP, permissions

---
 v3/glougloud/Makefile    | 32 +++++++++++++-------------------
 v3/glougloud/glougloud.h |  1 -
 v3/glougloud/redis.c     |  2 +-
 3 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/v3/glougloud/Makefile b/v3/glougloud/Makefile
index d1d88ca..abb0098 100644
--- a/v3/glougloud/Makefile
+++ b/v3/glougloud/Makefile
@@ -5,7 +5,6 @@ CFLAGS+=-Wall -g
 LDFLAGS=-levent -ldnet -lglouglou -ldl -lhiredis
 USER_PROBES = _glougloud_probe
 USER_VIZ = _glougloud_viz
-USER_DEFAULT = _glougloud
 GLOUGLOUD_HOME = "/var/lib/glougloud"
 GLOUGLOUD_CHROOT = "$(GLOUGLOUD_HOME)/chroot"
 
@@ -17,27 +16,22 @@ all:
 	$(CC) $(OBJECTS) -o $(PROG) $(LDFLAGS)
 
 install: $(PROG)
-	@echo "creating glougloud home $(GLOUGLOUD_HOME)"
-	sudo mkdir -p $(GLOUGLOUD_HOME)
-	@echo "creating glougloud chroot $(GLOUGLOUD_CHROOT)"
-	sudo mkdir -p $(GLOUGLOUD_CHROOT)
-	sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket
-	@echo "creating 3 users: $(USER_DEFAULT), $(USER_PROBES), $(USER_VIZ)"
-	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_DEFAULT)" ;\
-	echo $$cmdp; $$($$cmdp) ;\
-	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_PROBES)" ;\
-	echo $$cmdp; $$($$cmdp) ;\
-	cmdp="usermod -a -G $(USER_DEFAULT) $(USER_PROBES)" ;\
-	echo $$cmdp; $$($$cmdp) ;\
+	@echo "creating 2 users: $(USER_PROBES), $(USER_VIZ)"
 	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_VIZ)" ;\
 	echo $$cmdp; $$($$cmdp) ;\
-	cmdp="usermod -a -G $(USER_DEFAULT) $(USER_VIZ)" ;\
-	echo $$cmdp; $$($$cmdp) ;
-	@echo "setting ownership for glougloud chroot $(GLOUGLOUD_CHROOT)"
-	sudo chown -R root:$(USER_DEFAULT) $(GLOUGLOUD_HOME)
-	chmod -R 750 $(GLOUGLOUD_HOME)
-	chmod 770 $(GLOUGLOUD_CHROOT)/socket
+	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -g $(USER_VIZ) -s /sbin/nologin $(USER_PROBES)" ;\
+	echo $$cmdp; $$($$cmdp) ;\
 	echo done
+	@echo "creating home $(GLOUGLOUD_HOME)"
+	sudo mkdir -p $(GLOUGLOUD_HOME)
+	chmod 755 $(GLOUGLOUD_HOME)
+	@echo "creating chroot $(GLOUGLOUD_CHROOT)"
+	sudo mkdir -p $(GLOUGLOUD_CHROOT)
+	chmod 755 $(GLOUGLOUD_CHROOT)
+	sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket
+	chown $(USER_PROBES):$(USER_VIZ) $(GLOUGLOUD_CHROOT)/socket
+	chmod 750 $(GLOUGLOUD_CHROOT)/socket
+	@echo done
 	@echo "installation of $(PROG)"
 	mkdir -p $(BINDIR)
 	install -m 0755 $(PROG) $(BINDIR)
diff --git a/v3/glougloud/glougloud.h b/v3/glougloud/glougloud.h
index 3f59603..7249183 100644
--- a/v3/glougloud/glougloud.h
+++ b/v3/glougloud/glougloud.h
@@ -5,7 +5,6 @@
 #include <hiredis/hiredis.h>
 #include <hiredis/async.h>
 
-#define GLOUGLOUD_USER_DEFAULT "_glougloud"
 #define GLOUGLOUD_USER_PROBES "_glougloud_probe"
 #define GLOUGLOUD_USER_VIZ "_glougloud_viz"
 #define GLOUGLOUD_LOGFILE "/var/log/glougloud.log"
diff --git a/v3/glougloud/redis.c b/v3/glougloud/redis.c
index 6fca983..65351d3 100644
--- a/v3/glougloud/redis.c
+++ b/v3/glougloud/redis.c
@@ -30,7 +30,7 @@ redis_init(struct glougloud *ggd) {
 	_redis->pid = fork();
 	if (_redis->pid > 0)
 		return 0;
-	droppriv(GLOUGLOUD_USER_DEFAULT, 0, NULL);
+	droppriv(GLOUGLOUD_USER_PROBES, 0, NULL);
 	path = getenv("PATH");
 	snprintf(newpath, sizeof(newpath),
 		"%s:/sbin:/usr/sbin:/usr/local/sbin", path);
-- 
cgit v1.2.3-59-g8ed1b