issue #5621

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@7004 65c4cc65-6c06-0410-ace0-fbb531ad65f3

issue #5621
6f4fabf0 · Kevin P. Fleming · 145daf44 · 6f4fabf0 · 6f4fabf0 · 6f4fabf0
Commit 6f4fabf0 authored 19 years ago by Kevin P. Fleming
--- a/ChangeLog
+++ b/ChangeLog
 2005-11-07  Kevin P. Fleming  <kpfleming@digium.com>
+	* asterisk.c: support 'runuser' and 'rungroup' options in asterisk.conf (issue #5621)
 	* res/Makefile, apps/Makefile, channels/Makefile, Makefile: support WITHOUT_ZAPTEL define to forcibly avoid building Zaptel support (issue #5634)
 	* Makefile: various fixes (issue #5633)

--- a/asterisk.c
+++ b/asterisk.c
@@ -194,6 +194,8 @@ char ast_config_AST_KEY_DIR[AST_CONFIG_MAX_PATH];
 char ast_config_AST_PID[AST_CONFIG_MAX_PATH];
 char ast_config_AST_SOCKET[AST_CONFIG_MAX_PATH];
 char ast_config_AST_RUN_DIR[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_PERMISSIONS[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0";
@@ -1885,6 +1887,12 @@ static void ast_readconfig(void) {
 			} else if ((sscanf(v->value, "%lf", &option_maxload) != 1) || (option_maxload < 0.0)) {
 				option_maxload = 0.0;
 			}
+		/* What user to run as */
+		} else if (!strcasecmp(v->name, "runuser")) {
+			ast_copy_string(ast_config_AST_RUN_USER, v->value, sizeof(ast_config_AST_RUN_USER));
+		/* What group to run as */
+		} else if (!strcasecmp(v->name, "rungroup")) {
+			ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP));
 		}
 		v = v->next;
 	}
@@ -2047,6 +2055,10 @@ int main(int argc, char *argv[])
 		ast_verbose("[ Reading Master Configuration ]");
 	ast_readconfig();
+	if ((!rungroup) && !ast_strlen_zero(ast_config_AST_RUN_GROUP))
+		rungroup = ast_config_AST_RUN_GROUP;
+	if ((!runuser) && !ast_strlen_zero(ast_config_AST_RUN_USER))
+		runuser = ast_config_AST_RUN_USER;
 #ifndef __CYGWIN__
 	if (!is_child_of_nonroot && ast_set_priority(option_highpriority)) {
@@ -2064,6 +2076,10 @@ int main(int argc, char *argv[])
 			ast_log(LOG_WARNING, "Unable to setgid to %d (%s)\n", gr->gr_gid, rungroup);
 			exit(1);
 		}
+		if (setgroups(0, NULL)) {
+			ast_log(LOG_WARNING, "Unable to drop unneeded groups\n");
+			exit(1);
+		}
 		if (option_verbose)
 			ast_verbose("Running as group '%s'\n", rungroup);
 	}

--- a/doc/README.asterisk.conf
+++ b/doc/README.asterisk.conf
@@ -49,6 +49,9 @@ nocolor = yes | no				; Disable ANSI colors (-n)
 dumpcore = yes | no				; Dump core on failure (-g)
 quiet = yes | no				; Run quietly (-q)
 timestamp = yes | no				; Force timestamping on log entries to console (-T)
+user = asterisk					; User to run asterisk as (-U) NOTE: will require changes to
+						; directory and device permisions
+group = asterisk				; Group to run asterisk as (-G)
 ;These options have no command line equivalent
 cache_record_files = yes | no			; Cache record() files in another directory until completion