From: Wim de With <nauxuron@wimdewith.com>
Date: Tue, 5 Jan 2016 14:04:59 +0000 (+0100)
Subject: Do user switch after SSL keys are initialized
X-Git-Url: http://git.code-monkey.de/?p=umurmur.git;a=commitdiff_plain;h=571e132795d595c7c4ce39b5b1bc9aae6a72f4cd

Do user switch after SSL keys are initialized

Since SSL private keys are usually stored as readable by root only, and
if a user to switch to is specified, the switch will already have taken
place before the SSL keys are read. This means that umurmur still won't
have permission to read the keys. The fix is to switch users after
initialization.

The second problem occurs when systemd is used. If systemd is used, it's
better to let systemd handle the daemonizing of the process. However,
this means that the process will never switch users when the systemd
service is started. So this fixes that by switching the user in all
cases.
---

diff --git a/src/main.c b/src/main.c
index a18363d..d98fb6a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -322,13 +322,6 @@ int main(int argc, char **argv)
 			Log_init(false);
 			if (pidfile != NULL)
 				lockfile(pidfile);
-
-			switch_user();
-
-			/* Reopen log file. If user switch results in access denied, we catch
-			 * it early.
-			 */
-			Log_reset();
 		}
 		else Log_init(true);
 
@@ -365,6 +358,12 @@ int main(int argc, char **argv)
 			setscheduler();
 #endif
 
+		switch_user();
+		/* Reopen log file. If user switch results in access denied, we catch
+		 * it early.
+		 */
+		Log_reset();
+
 		Server_run();
 
 #ifdef USE_SHAREDMEMORY_API