Loading src/authdb.cpp +23 −23 Original line number Diff line number Diff line Loading @@ -678,6 +678,29 @@ int main(int argc,char *argv[]){ } } /* Drop privileges after all sockets are bound */ #ifndef _WIN32 if (getuid() == 0) { struct passwd *pw = getpwnam("authdb"); if (pw) { if (setgid(pw->pw_gid) != 0) { std::cerr << "setgid failed" << std::endl; return 1; } if (initgroups("authdb", pw->pw_gid) != 0) { std::cerr << "initgroups failed" << std::endl; return 1; } if (setuid(pw->pw_uid) != 0) { std::cerr << "setuid failed" << std::endl; return 1; } } else { std::cerr << "user authdb not found, running as root" << std::endl; } } #endif // Instantiate session store: cluster-aware or local-only std::unique_ptr<authdb::Session> sessionStore; if (clusterEnabled) { Loading Loading @@ -751,29 +774,6 @@ int main(int argc,char *argv[]){ /* Init plugins while still root — bind privileged ports (88, 389, etc.) */ pluginMgr.initAll(); /* Drop privileges after all sockets are bound */ #ifndef _WIN32 if (getuid() == 0) { struct passwd *pw = getpwnam("authdb"); if (pw) { if (setgid(pw->pw_gid) != 0) { std::cerr << "setgid failed" << std::endl; return 1; } if (initgroups("authdb", pw->pw_gid) != 0) { std::cerr << "initgroups failed" << std::endl; return 1; } if (setuid(pw->pw_uid) != 0) { std::cerr << "setuid failed" << std::endl; return 1; } } else { std::cerr << "user authdb not found, running as root" << std::endl; } } #endif /* Start each plugin in its own background thread (runs as unprivileged user) */ std::vector<std::thread> pluginThreads; for (auto &[pname, lp] : pluginMgr.plugins()) { Loading Loading
src/authdb.cpp +23 −23 Original line number Diff line number Diff line Loading @@ -678,6 +678,29 @@ int main(int argc,char *argv[]){ } } /* Drop privileges after all sockets are bound */ #ifndef _WIN32 if (getuid() == 0) { struct passwd *pw = getpwnam("authdb"); if (pw) { if (setgid(pw->pw_gid) != 0) { std::cerr << "setgid failed" << std::endl; return 1; } if (initgroups("authdb", pw->pw_gid) != 0) { std::cerr << "initgroups failed" << std::endl; return 1; } if (setuid(pw->pw_uid) != 0) { std::cerr << "setuid failed" << std::endl; return 1; } } else { std::cerr << "user authdb not found, running as root" << std::endl; } } #endif // Instantiate session store: cluster-aware or local-only std::unique_ptr<authdb::Session> sessionStore; if (clusterEnabled) { Loading Loading @@ -751,29 +774,6 @@ int main(int argc,char *argv[]){ /* Init plugins while still root — bind privileged ports (88, 389, etc.) */ pluginMgr.initAll(); /* Drop privileges after all sockets are bound */ #ifndef _WIN32 if (getuid() == 0) { struct passwd *pw = getpwnam("authdb"); if (pw) { if (setgid(pw->pw_gid) != 0) { std::cerr << "setgid failed" << std::endl; return 1; } if (initgroups("authdb", pw->pw_gid) != 0) { std::cerr << "initgroups failed" << std::endl; return 1; } if (setuid(pw->pw_uid) != 0) { std::cerr << "setuid failed" << std::endl; return 1; } } else { std::cerr << "user authdb not found, running as root" << std::endl; } } #endif /* Start each plugin in its own background thread (runs as unprivileged user) */ std::vector<std::thread> pluginThreads; for (auto &[pname, lp] : pluginMgr.plugins()) { Loading