Base: Add a "lookup" user+group that runs LookupServer
LookupServer now runs as lookup:lookup, allowing connections from other members of the "lookup" group. This is enforced through file system permissions by having the service socket (/tmp/portal/lookup) be mode 0660. Now the LookupServer program can't overwrite other people's files if it starts misbehaving. That's pretty cool :^)
This commit is contained in:
Andreas Kling
parent
7dd03b46ee
commit
f5d9f11e52
Notes:
sideshowbarker
2024-07-19 10:14:21 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/f5d9f11e52a
3 changed files with 4 additions and 1 deletions
|
|
@ -13,10 +13,11 @@ User=anon
|
|||
|
||||
[LookupServer]
|
||||
Socket=/tmp/portal/lookup
|
||||
SocketPermissions=660
|
||||
Lazy=1
|
||||
Priority=low
|
||||
KeepAlive=1
|
||||
User=anon
|
||||
User=lookup
|
||||
|
||||
[WindowServer]
|
||||
Socket=/tmp/portal/window
|
||||
|
|
|
|||
|
|
@ -3,4 +3,5 @@ wheel:x:1:anon
|
|||
tty:x:2:
|
||||
phys:x:3:anon
|
||||
audio:x:4:anon
|
||||
lookup:x:10:anon
|
||||
users:x:100:anon
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
root:x:0:0:root:/:/bin/sh
|
||||
lookup:x:10:10:LookupServer,,,:/:/bin/false
|
||||
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
|
||||
nona:x:200:200:Nona,,,:/home/nona:/bin/sh
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue