aboutsummaryrefslogtreecommitdiffstats
path: root/lib/plum/rack/server.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plum/rack/server.rb')
-rw-r--r--lib/plum/rack/server.rb22
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/plum/rack/server.rb b/lib/plum/rack/server.rb
index 1f3d32c..9a0caf4 100644
--- a/lib/plum/rack/server.rb
+++ b/lib/plum/rack/server.rb
@@ -17,6 +17,10 @@ module Plum
@logger.info("Plum #{::Plum::VERSION}")
@logger.info("Config: #{config}")
+
+ if @config[:user]
+ drop_privileges
+ end
end
def start
@@ -100,6 +104,24 @@ module Plum
ensure
upstream.close if upstream
end
+
+ def drop_privileges
+ begin
+ user = @config[:user]
+ group = @config[:group] || user
+ @logger.info "Dropping process privilege to #{user}:#{group}"
+
+ cuid, cgid = Process.euid, Process.egid
+ tuid, tgid = Etc.getpwnam(user).uid, Etc.getgrnam(group).gid
+
+ Process.initgroups(user, tgid)
+ Process::GID.change_privilege(tgid)
+ Process::UID.change_privilege(tuid)
+ rescue Errno::EPERM => e
+ @ogger.fatal "Could not change privilege: #{e}"
+ exit 2
+ end
+ end
end
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 10:11:54 +0000