0003363: Patch for run-time configuration of setuid/setgid user and group. - UnrealIRCd Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003363	unreal	ircd	public	2007-05-25 17:06	2007-06-17 06:41

Reporter	adrianp	Assigned To	~~stskeeps~~
Priority	normal	Severity	feature	Reproducibility	N/A
Status	resolved	Resolution	fixed
Platform	i386	OS	NetBSD	OS Version	3.1
Product Version	3.2.6
Fixed in Version	3.3-alpha0

Summary	0003363: Patch for run-time configuration of setuid/setgid user and group.
Description	This is a resubmission of http://bugs.unrealircd.org/view.php?id=2100 The setuid/setgid configuration of unrealircd currently require a user to hack config.h and define a IRC_UID and IRC_GID at compile time. When the server is run it then does a setuid/setgid to that user/group. In terms of portability (i.e. compiling a pre-made binary and transporting it to another system) this is a bit of a limitation. It means that on the new system a new user/group has to be created with the same uid/gid that is compiled into the binary. The simple way round this is to allow the uid/gid to be specified run-time as opposed to compile time. I've attached a set of patches to achieve this. When you run ircd all you have to do is specify -u user:group (e.g. ./ircd -u nobody:nogroup) and that's it. No hardcoded uid/gid. I've tested this on NetBSD and the code seems ok. It should be pretty portable as well to other UNIX-like OS'es.
Additional Information	The patch is primarily based on the way that ntpd 4.2.0 deals with the same issue. The main people this should benefit is any OS (NetBSD, FreeBSD, Linux, OpenBSD etc.) that have pre-packaged binaries available for their users.
Tags	No tags attached.
Attached Files	unrealircd.tar.gz (2,333 bytes) Unreal3.2.diff (6,737 bytes)

3rd party modules

~~stskeeps~~ 2007-05-25 17:17 reporter ~0014223	I'd prefer if you changed the patch to not have the user:group specified in the command line, and instead had a hard-coded username/group which you -then- lookup and switch to. This would be more sane, in my opinion, and would solve your problem. I'm still by nature against binary packages beside win32, but if you do the patch in the way I just said, I would probably accept it.

~~stskeeps~~ 2007-06-12 15:24 reporter ~0014344	Could one of the other coders take this patch and alter it in the way I described, to use http://www.opengroup.org/onlinepubs/007908799/xsh/getpwnam.html ?

adrianp 2007-06-16 15:05 reporter ~0014372	Here's an updated patch that uses getpwnam as suggested.

~~stskeeps~~ 2007-06-17 06:41 reporter ~0014376	Patched in 3.2.7 backports and 3.3 .2440. Thanks for the patch.

Date Modified	Username	Field	Change
2007-05-25 17:06	adrianp	New Issue
2007-05-25 17:06	adrianp	File Added: unrealircd.tar.gz
2007-05-25 17:11	~~stskeeps~~	Status	new => feedback
2007-05-25 17:17	~~stskeeps~~	Note Added: 0014223
2007-06-12 15:24	~~stskeeps~~	Note Added: 0014344
2007-06-16 15:04	adrianp	File Added: Unreal3.2.diff
2007-06-16 15:05	adrianp	Note Added: 0014372
2007-06-17 06:41	~~stskeeps~~	Status	feedback => resolved
2007-06-17 06:41	~~stskeeps~~	Fixed in Version	=> 3.3-alpha0
2007-06-17 06:41	~~stskeeps~~	Resolution	open => fixed
2007-06-17 06:41	~~stskeeps~~	Assigned To	=> stskeeps
2007-06-17 06:41	~~stskeeps~~	Note Added: 0014376