On Apr 28, 2004 at 01:03, Zeus Ng zeus.ng@isquare.com.au wrote:
In the main.c file, there is a comment saying that 'we need to open fifo before do_suid() and start the fifo server after all the socket are initialized, to inherit them'. I'm wondering why SER has to do it like that.
You are using unstable (cvs HEAD branch). Since this is a moving target, you should send mails realted to it on serdev@lists.iptel.org. serusers is about stable.
Can't SER lower its privileges first (do_suid), then open fifo and start the fifo server? The reason being that I want to run SER with an unprivileged user. With the current implementation, the fifo file will be created by root which is not accessible to anyone else. Unless I change the fifo_mode to 0666, which I don't want to, I can't make SER more secure and yet accessible.
Check out the latest cvs (from yesterday). Paste from the NEWS file: sock_mode = <permissions> (e.g. sock_mode=0600: default value = 0660) ser unix sockets and fifo will be created with this permissions (old name fifo_mode is still supported, but deprecated) sock_user = username|"uid" sock_group = groupname|"gid" change the owner and/or group of the ser unix sockets or fifo Short example config snippet: sock_mode=0600 # ser socket/fifo mode sock_user="www-data" # ser socket/fifo owner sock_group=nogroup user=nobody # ser user (ser will suid to it)
sock_* is synonim to fifo_* (e.g. sock_mode=0600 will be applied both to fifo and unix sockets).
Andrei