partage

Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.z3bra.org/partage.git
Log | Files | Refs

commit 9143f6b3f876591bd91ac2a883d1704be39da3a6
parent d0302b9d7d7d65c177fa6d8b3982cb9f42480662
Author: Willy Goiffon <dev@z3bra.org>
Date:   Tue, 19 Oct 2021 09:42:00 +0200

Provide ability to drop privileges on start

Diffstat:
Mpartage.go | 29+++++++++++++++++++++++++++++
1 file changed, 29 insertions(+), 0 deletions(-)

diff --git a/partage.go b/partage.go @@ -7,9 +7,11 @@ import ( "io/ioutil" "net/http" "os" + "os/user" "time" "path" "syscall" + "strconv" "path/filepath" "html/template" "encoding/json" @@ -32,6 +34,8 @@ type metadata struct { var conf struct { bind string + user string + group string baseuri string filepath string metapath string @@ -218,6 +222,8 @@ func uploader(w http.ResponseWriter, r *http.Request) { func main() { flag.StringVar(&conf.bind, "bind", "0.0.0.0:8080", "Address to bind to (default: 0.0.0.0:8080)") + flag.StringVar(&conf.user, "user", "", "User to drop privileges to on startup (default: current user)") + flag.StringVar(&conf.group, "group", "", "Group to drop privileges to on startup (default: user's group)") flag.StringVar(&conf.baseuri, "baseuri", "http://127.0.0.1:8080", "Base URI to use for links (default: http://127.0.0.1:8080)") flag.StringVar(&conf.filepath, "filepath", "./files", "Path to save files to (default: ./files)") flag.StringVar(&conf.metapath, "metapath", "./meta", "Path to save metadata to (default: ./meta)") @@ -235,6 +241,29 @@ func main() { syscall.Chroot(conf.chroot) } + if conf.user != "" { + u, err := user.Lookup(conf.user) + if err != nil { + fmt.Println(err) + return + } + + uid, _ := strconv.Atoi(u.Uid) + gid, _ := strconv.Atoi(u.Gid) + + if conf.group != "" { + g, err := user.LookupGroup(conf.group) + if err != nil { + fmt.Println(err) + return + } + gid, _ = strconv.Atoi(g.Gid) + } + + syscall.Setuid(uid) + syscall.Setgid(gid) + } + http.HandleFunc("/", uploader) http.Handle(conf.filectx, http.StripPrefix(conf.filectx, http.FileServer(http.Dir(conf.filepath)))) http.ListenAndServe(conf.bind, nil)