setuid/gid implemented

author: Özgür Kesim <oec@codeblau.de> 2013-07-30 09:08:37 +0200
committer: Özgür Kesim <oec@codeblau.de> 2013-07-30 09:08:37 +0200
commit: 87e9f8152f15e7a0baf63891d4c0aa96da5d58fb (patch)
tree: 69702750dc04e883ade24d9bbb02f716cd996ae3 /tlsserver.go
parent: 34bbc146bb7df8cdec9bceb75f00d29301164d2f (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/tlsserver.go b/tlsserver.go
index 3022f0e..9d3806d 100644
--- a/tlsserver.go
+++ b/tlsserver.go
@@ -8,12 +8,15 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"syscall"
 )
 
 var (
 	cfile = flag.String("cert", "cert.pem", "Certificate file in PEM format")
 	kfile = flag.String("key", "key.pem", "Key file in PEM format")
 	port = flag.Int("port", 1234, "Port to bind to")
+	uid = flag.Int("uid", -1, "UID to run under")
+	gid = flag.Int("gid", -1, "GID to run under")
 	args []string
 	nargs int
 )
@@ -50,6 +53,25 @@ func main() {
 	}
 	defer sock.Close()
 
+	// set uid/gid
+	if *gid >= 0 {
+		err := syscall.Setgid(*gid)
+		if err != nil {
+			fmt.Println("Couldn't setgid to", *gid, ":", err)
+			os.Exit(4)
+		}
+	}
+
+	if *uid >= 0 {
+		err := syscall.Setuid(*uid)
+		if err != nil {
+			fmt.Println("Couldn't setuid to", *uid, ":", err)
+			os.Exit(4)
+		}
+	}
+
+
+
 	// accept-loop
 	for {
 		conn, err := sock.Accept()
author	Özgür Kesim <oec@codeblau.de>	2013-07-30 09:08:37 +0200
committer	Özgür Kesim <oec@codeblau.de>	2013-07-30 09:08:37 +0200
commit	87e9f8152f15e7a0baf63891d4c0aa96da5d58fb (patch)
tree	69702750dc04e883ade24d9bbb02f716cd996ae3 /tlsserver.go
parent	34bbc146bb7df8cdec9bceb75f00d29301164d2f (diff)