From: Wim de With Date: Tue, 5 Jan 2016 14:04:59 +0000 (+0100) Subject: Do user switch after SSL keys are initialized X-Git-Url: http://git.code-monkey.de/?a=commitdiff_plain;ds=inline;h=571e132795d595c7c4ce39b5b1bc9aae6a72f4cd;hp=-c;p=umurmur.git Do user switch after SSL keys are initialized Since SSL private keys are usually stored as readable by root only, and if a user to switch to is specified, the switch will already have taken place before the SSL keys are read. This means that umurmur still won't have permission to read the keys. The fix is to switch users after initialization. The second problem occurs when systemd is used. If systemd is used, it's better to let systemd handle the daemonizing of the process. However, this means that the process will never switch users when the systemd service is started. So this fixes that by switching the user in all cases. --- 571e132795d595c7c4ce39b5b1bc9aae6a72f4cd diff --git a/src/main.c b/src/main.c index a18363d..d98fb6a 100644 --- a/src/main.c +++ b/src/main.c @@ -322,13 +322,6 @@ int main(int argc, char **argv) Log_init(false); if (pidfile != NULL) lockfile(pidfile); - - switch_user(); - - /* Reopen log file. If user switch results in access denied, we catch - * it early. - */ - Log_reset(); } else Log_init(true); @@ -365,6 +358,12 @@ int main(int argc, char **argv) setscheduler(); #endif + switch_user(); + /* Reopen log file. If user switch results in access denied, we catch + * it early. + */ + Log_reset(); + Server_run(); #ifdef USE_SHAREDMEMORY_API