d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop privs to nobody if mosquitto user does not exist.

Browse Source
This commit is contained in:
Roger A. Light 2019-08-07 10:42:03 +01:00
parent 1c1ccaee52
commit 570c3674fb
4 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog.txt
View File

@ -1,3 +1,9 @@
Broker:
- When running as root, if dropping privileges to the "mosquitto" user fails,
then try "nobody" instead. This reduces the burden on users installing
Mosquitto themselves.
1.6.4 - 20190801 1.6.4 - 20190801
================ ================

15
man/mosquitto.conf.5.xml
View File

@ -845,12 +845,15 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S
<term><option>user</option> <replaceable>username</replaceable></term> <term><option>user</option> <replaceable>username</replaceable></term>
<listitem> <listitem>
<para>When run as root, change to this user and its primary <para>When run as root, change to this user and its primary
group on startup. If mosquitto is unable to change to group on startup. If set to "mosquitto" or left unset,
this user and group, it will exit with an error. The and if the "mosquitto" user does not exist, then
user specified must have read/write access to the mosquitto will change to the "nobody" user instead.
persistence database if it is to be written. If run as If this is set to another value and mosquitto is unable
a non-root user, this setting has no effect. Defaults to change to this user and group, it will exit with an
to mosquitto.</para> error. The user specified must have read/write access
to the persistence database if it is to be written. If
run as a non-root user, this setting has no effect.
Defaults to mosquitto.</para>
<para>This setting has no effect on Windows and so you <para>This setting has no effect on Windows and so you
should run mosquitto as the user you wish it to run should run mosquitto as the user you wish it to run
as.</para> as.</para>

6
mosquitto.conf
View File

@ -192,9 +192,11 @@
# When run as root, drop privileges to this user and its primary # When run as root, drop privileges to this user and its primary
# group. # group.
# Set to root to stay as root, but this is not recommended. # Set to root to stay as root, but this is not recommended.
# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
# then it will drop privileges to the "nobody" user instead.
# If run as a non-root user, this setting has no effect. # If run as a non-root user, this setting has no effect.
# Note that on Windows this has no effect and so mosquitto should # Note that on Windows this has no effect and so mosquitto should be started by
# be started by the user you wish it to run as. # the user you wish it to run as.
#user mosquitto #user mosquitto
# ================================================================= # =================================================================

13
src/mosquitto.c
View File

@ -104,8 +104,17 @@ int drop_privileges(struct mosquitto__config *config, bool temporary)
if(config->user && strcmp(config->user, "root")){ if(config->user && strcmp(config->user, "root")){
pwd = getpwnam(config->user); pwd = getpwnam(config->user);
if(!pwd){ if(!pwd){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid user '%s'.", config->user); if(strcmp(config->user, "mosquitto")){
return 1; log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to '%s' because this user does not exist.", config->user);
return 1;
}else{
log__printf(NULL, MOSQ_LOG_ERR, "Warning: Unable to drop privileges to '%s' because this user does not exist. Trying 'nobody' instead.", config->user);
pwd = getpwnam("nobody");
if(!pwd){
log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to 'nobody'.");
return 1;
}
}
} }
if(initgroups(config->user, pwd->pw_gid) == -1){ if(initgroups(config->user, pwd->pw_gid) == -1){
err = strerror(errno); err = strerror(errno);