예제 #1
0
func (info *Info) serviceMain() error {
	if *forkFlag {
		isParent, err := daemon.Fork()
		if err != nil {
			return err
		}

		if isParent {
			os.Exit(0)
		}

		*daemonizeFlag = true
	}

	err := daemon.Init()
	if err != nil {
		return err
	}

	err = systemdUpdateStatus("\n")
	if err == nil {
		info.systemd = true
	}

	if *daemonizeFlag || info.systemd {
		err := daemon.Daemonize()
		if err != nil {
			return err
		}
	}

	if *pidfileFlag != "" {
		info.pidFileName = *pidfileFlag

		err = info.openPIDFile()
		if err != nil {
			return err
		}

		defer info.closePIDFile()
	}

	return info.runInteractively()
}
예제 #2
0
func (h *ihandler) DropPrivileges() error {
	if h.dropped {
		return nil
	}

	if *forkFlag {
		isParent, err := daemon.Fork()
		if err != nil {
			return err
		}

		if isParent {
			os.Exit(0)
		}

		*daemonizeFlag = true
	}

	if *daemonizeFlag || h.info.systemd {
		err := daemon.Daemonize()
		if err != nil {
			return err
		}
	}

	if *uidFlag != "" && *gidFlag == "" {
		gid, err := passwd.GetGIDForUID(*uidFlag)
		if err != nil {
			return err
		}
		*gidFlag = strconv.FormatInt(int64(gid), 10)
	}

	if h.info.DefaultChroot == "" {
		h.info.DefaultChroot = "/"
	}

	chrootPath := *chrootFlag
	if chrootPath == "" {
		chrootPath = h.info.DefaultChroot
	}

	uid := -1
	gid := -1
	if *uidFlag != "" {
		var err error
		uid, err = passwd.ParseUID(*uidFlag)
		if err != nil {
			return err
		}

		gid, err = passwd.ParseGID(*gidFlag)
		if err != nil {
			return err
		}
	}

	if *dropprivsFlag {
		chrootErr, err := daemon.DropPrivileges(uid, gid, chrootPath)
		if err != nil {
			return fmt.Errorf("Failed to drop privileges: %v", err)
		}
		if chrootErr != nil && *chrootFlag != "" && *chrootFlag != "/" {
			return fmt.Errorf("Failed to chroot: %v", chrootErr)
		}
	} else if *chrootFlag != "" && *chrootFlag != "/" {
		return fmt.Errorf("Must set dropprivs to use chroot")
	}

	if !h.info.AllowRoot && daemon.IsRoot() {
		return fmt.Errorf("Daemon must not run as root or with capabilities; run as non-root user or use -uid")
	}

	h.dropped = true
	return nil
}