Drop privs to nobody if mosquitto user does not exist.

2019-08-07 10:42:03 +01:00 · 2019-08-07 10:42:03 +01:00 · 570c3674fb
commit 570c3674fb
parent 1c1ccaee52
4 changed files with 30 additions and 10 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,9 @@
+Broker:
+- When running as root, if dropping privileges to the "mosquitto" user fails,
+  then try "nobody" instead. This reduces the burden on users installing
+  Mosquitto themselves.
+
+
 1.6.4 - 20190801
 ================

--- a/man/mosquitto.conf.5.xml
+++ b/man/mosquitto.conf.5.xml
@ -845,12 +845,15 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S
 				<term><option>user</option> <replaceable>username</replaceable></term>
 				<listitem>
 					<para>When run as root, change to this user and its primary
-						group on startup.  If mosquitto is unable to change to
-						this user and group, it will exit with an error. The
-						user specified must have read/write access to the
-						persistence database if it is to be written. If run as
-						a non-root user, this setting has no effect. Defaults
-						to mosquitto.</para>
+						group on startup. If set to "mosquitto" or left unset,
+						and if the "mosquitto" user does not exist, then
+						mosquitto will change to the "nobody" user instead.
+						If this is set to another value and mosquitto is unable
+						to change to this user and group, it will exit with an
+						error. The user specified must have read/write access
+						to the persistence database if it is to be written. If
+						run as a non-root user, this setting has no effect.
+						Defaults to mosquitto.</para>
 					<para>This setting has no effect on Windows and so you
 						should run mosquitto as the user you wish it to run
 						as.</para>
--- a/mosquitto.conf
+++ b/mosquitto.conf
@ -192,9 +192,11 @@
 # When run as root, drop privileges to this user and its primary
 # group.
 # Set to root to stay as root, but this is not recommended.
+# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+# then it will drop privileges to the "nobody" user instead.
 # If run as a non-root user, this setting has no effect.
-# Note that on Windows this has no effect and so mosquitto should
-# be started by the user you wish it to run as.
+# Note that on Windows this has no effect and so mosquitto should be started by
+# the user you wish it to run as.
 #user mosquitto

 # =================================================================
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@ -104,8 +104,17 @@ int drop_privileges(struct mosquitto__config *config, bool temporary)
 		if(config->user && strcmp(config->user, "root")){
 			pwd = getpwnam(config->user);
 			if(!pwd){
-				log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid user '%s'.", config->user);
-				return 1;
+				if(strcmp(config->user, "mosquitto")){
+					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to '%s' because this user does not exist.", config->user);
+					return 1;
+				}else{
+					log__printf(NULL, MOSQ_LOG_ERR, "Warning: Unable to drop privileges to '%s' because this user does not exist. Trying 'nobody' instead.", config->user);
+					pwd = getpwnam("nobody");
+					if(!pwd){
+						log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to 'nobody'.");
+						return 1;
+					}
+				}
 			}
 			if(initgroups(config->user, pwd->pw_gid) == -1){
 				err = strerror(errno);