run pveproxy as unpriviledged user (www-data)

[pve-manager.git] / bin / pveproxy

diff --git a/bin/pveproxy b/bin/pveproxy
index 2d0865e698ae9a0bd4d307aeb8597c5b7b209793..05a89d10652588adc5c8220a4dab3e182dcac20b 100755 (executable)
--- a/bin/pveproxy
+++ b/bin/pveproxy
@@ -6,6 +6,7 @@ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
 
 use lib '..'; #  fixme
 use strict;
+use English;
 use Getopt::Long;
 use POSIX ":sys_wait_h";
 use Socket;
@@ -21,7 +22,7 @@ use File::Find;
 use Data::Dumper;
 
 
-my $pidfile = "/var/run/pveproxy.pid";
+my $pidfile = "/var/run/pveproxy/pveproxy.pid";
 my $lockfile = "/var/lock/pveproxy.lck";
 
 my $opt_debug;
@@ -42,6 +43,16 @@ $SIG{'__WARN__'} = sub {
 
 $0 = "pveproxy";
 
+# run as www-data
+my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
+POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
+$EGID = "$gid $gid"; # this calls setgroups
+my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
+POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
+
+# just to be sure
+die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
+
 PVE::APIDaemon::enable_debug() if $opt_debug;
 
 sub add_dirs {
@@ -77,7 +88,7 @@ eval {
        max_conn => 500,
        max_requests => 1000,
        trusted_env => 0, # not trusted, anyone can connect
-       logfile => '/var/log/pve/access.log',
+       logfile => '/var/log/pveproxy/access.log',
        lockfile => $lockfile,
        ssl => {
            key_file => '/etc/pve/local/pve-ssl.key',
@@ -103,6 +114,7 @@ if ($err) {
     exit (-1);
 }
 
+
 if ($opt_debug || !($cpid = fork ())) {
 
     $SIG{PIPE} = 'IGNORE';