Do user switch after SSL keys are initialized

Since SSL private keys are usually stored as readable by root only, and
if a user to switch to is specified, the switch will already have taken
place before the SSL keys are read. This means that umurmur still won't
have permission to read the keys. The fix is to switch users after
initialization.

The second problem occurs when systemd is used. If systemd is used, it's
better to let systemd handle the daemonizing of the process. However,
this means that the process will never switch users when the systemd
service is started. So this fixes that by switching the user in all
cases.

diff --git a/src/main.c b/src/main.c
index a18363dd721bc579bdbcd842e295d4c8b0223132..d98fb6aca3a89b42fa3d4fbe2d21d51cd74208ec 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -322,13 +322,6 @@ int main(int argc, char **argv)
                        Log_init(false);
                        if (pidfile != NULL)
                                lockfile(pidfile);
-
-                       switch_user();
-
-                       /* Reopen log file. If user switch results in access denied, we catch
-                        * it early.
-                        */
-                       Log_reset();
                }
                else Log_init(true);
 
@@ -365,6 +358,12 @@ int main(int argc, char **argv)
                        setscheduler();
 #endif
 
+               switch_user();
+               /* Reopen log file. If user switch results in access denied, we catch
+                * it early.
+                */
+               Log_reset();
+
                Server_run();
 
 #ifdef USE_SHAREDMEMORY_API