--
-local want_pposix_version = "0.3.3";
+local want_pposix_version = "0.3.4";
local pposix = assert(require "util.pposix");
if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end
-- Switch away from root and into the prosody user --
local switched_user, current_uid;
-local want_pposix_version = "0.3.3";
+local want_pposix_version = "0.3.4";
local ok, pposix = pcall(require, "util.pposix");
if ok and pposix then
local desired_user = config.get("*", "core", "prosody_user") or "prosody";
local desired_group = config.get("*", "core", "prosody_group") or desired_user;
local ok, err = pposix.setgid(desired_group);
+ if ok then
+ ok, err = pposix.initgroups(desired_user);
+ end
if ok then
ok, err = pposix.setuid(desired_user);
if ok then
* POSIX support functions for Lua
*/
-#define MODULE_VERSION "0.3.3"
+#define MODULE_VERSION "0.3.4"
#include <stdlib.h>
#include <math.h>
return 2;
}
+int lc_initgroups(lua_State* L)
+{
+ int ret;
+ gid_t gid;
+ struct passwd *p;
+
+ if(!lua_isstring(L, 1))
+ {
+ lua_pushnil(L);
+ lua_pushstring(L, "invalid-username");
+ return 2;
+ }
+ p = getpwnam(lua_tostring(L, 1));
+ if(!p)
+ {
+ lua_pushnil(L);
+ lua_pushstring(L, "no-such-user");
+ return 2;
+ }
+ if(lua_gettop(L) < 2)
+ lua_pushnil(L);
+ switch(lua_type(L, 2))
+ {
+ case LUA_TNIL:
+ gid = p->pw_gid;
+ break;
+ case LUA_TNUMBER:
+ gid = lua_tointeger(L, 2);
+ break;
+ default:
+ lua_pushnil(L);
+ lua_pushstring(L, "invalid-gid");
+ return 2;
+ }
+ ret = initgroups(lua_tostring(L, 1), gid);
+ switch(errno)
+ {
+ case 0:
+ lua_pushboolean(L, 1);
+ lua_pushnil(L);
+ break;
+ case ENOMEM:
+ lua_pushnil(L);
+ lua_pushstring(L, "no-memory");
+ break;
+ case EPERM:
+ lua_pushnil(L);
+ lua_pushstring(L, "permission-denied");
+ break;
+ default:
+ lua_pushnil(L);
+ lua_pushstring(L, "unknown-error");
+ }
+ return 2;
+}
+
int lc_umask(lua_State* L)
{
char old_mode_string[7];
{ "setuid", lc_setuid },
{ "setgid", lc_setgid },
+ { "initgroups", lc_initgroups },
{ "umask", lc_umask },