diff --git a/README.md b/README.md index b21a0bf..5a9ba29 100644 --- a/README.md +++ b/README.md @@ -395,6 +395,9 @@ facility. chroot happens immediately after reading the config file. All other paths specified in the config file (e.g. `DocBase`, `KeyPath`, `AccessLog`) must be specified relative to `ChrootDir`. +* `UnprivUsername`: The username of an unprivileged user on the system + which MollyBrown will change setuid() to if started by the superuser + or when run as a setuid binary (default value "nobody"). ## .molly files diff --git a/config.go b/config.go index e1bfc79..3fd5248 100644 --- a/config.go +++ b/config.go @@ -17,6 +17,7 @@ type Config struct { DocBase string HomeDocBase string ChrootDir string + UnprivUsername string GeminiExt string DefaultLang string DefaultEncoding string @@ -61,6 +62,7 @@ func getConfig(filename string) (Config, error) { config.DocBase = "/var/gemini/" config.HomeDocBase = "users" config.ChrootDir = "" + config.UnprivUsername = "nobody" config.GeminiExt = "gmi" config.DefaultLang = "" config.DefaultEncoding = "" diff --git a/main.go b/main.go index 121836b..2b1a71b 100644 --- a/main.go +++ b/main.go @@ -47,13 +47,13 @@ func main() { uid := os.Getuid() nobody_uid := -1 if uid == 0 { - nobody_user, err := user.Lookup("nobody") + nobody_user, err := user.Lookup(config.UnprivUsername) if err != nil { - log.Fatal("Running as root but could not lookup UID for user " + "nobody" + ": " + err.Error()) + log.Fatal("Running as root but could not lookup UID for user " + config.UnprivUsername + ": " + err.Error()) } nobody_uid, err = strconv.Atoi(nobody_user.Uid) if err != nil { - log.Fatal("Running as root but could not lookup UID fr user " + "nobody" + ": " + err.Error()) + log.Fatal("Running as root but could not lookup UID for user " + config.UnprivUsername + ": " + err.Error()) } }