[DAEMON-70] appcd-core: Drop priviledges and set uid/gid if root
| GitHub Issue | n/a |
|---|---|
| Type | New Feature |
| Priority | High |
| Status | Resolved |
| Resolution | Fixed |
| Resolution Date | 2017-05-03T14:44:40.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | Appc Daemon 1.0.0 |
| Components | appcd-core |
| Labels | n/a |
| Reporter | Chris Barber |
| Assignee | Chris Barber |
| Created | 2017-04-10T19:42:32.000+0000 |
| Updated | 2017-10-26T03:05:02.000+0000 |
Description
In Node, you can only change the user id if Node is launched as root. If the user launching the daemon is root, it would be essential that root privileges be dropped as soon as possible during the daemon initialization.
To check if the daemon is being run as root, check if
process.getuid() === 0. If the uid is zero, then get the uid/gid from in the config and call process.setuid() and/or process.setgid(). If there is no uid/gid in the config or the uid/gid is invalid, then the daemon should fatal error and exit.
Note that this only applies to macOS and Linux.
No comments