Browse Source

Base: Add a "lookup" user+group that runs LookupServer

LookupServer now runs as lookup:lookup, allowing connections from other
members of the "lookup" group.

This is enforced through file system permissions by having the service
socket (/tmp/portal/lookup) be mode 0660.

Now the LookupServer program can't overwrite other people's files if it
starts misbehaving. That's pretty cool :^)
Andreas Kling 5 years ago
parent
commit
f5d9f11e52
3 changed files with 4 additions and 1 deletions
  1. 2 1
      Base/etc/SystemServer.ini
  2. 1 0
      Base/etc/group
  3. 1 0
      Base/etc/passwd

+ 2 - 1
Base/etc/SystemServer.ini

@@ -13,10 +13,11 @@ User=anon
 
 
 [LookupServer]
 [LookupServer]
 Socket=/tmp/portal/lookup
 Socket=/tmp/portal/lookup
+SocketPermissions=660
 Lazy=1
 Lazy=1
 Priority=low
 Priority=low
 KeepAlive=1
 KeepAlive=1
-User=anon
+User=lookup
 
 
 [WindowServer]
 [WindowServer]
 Socket=/tmp/portal/window
 Socket=/tmp/portal/window

+ 1 - 0
Base/etc/group

@@ -3,4 +3,5 @@ wheel:x:1:anon
 tty:x:2:
 tty:x:2:
 phys:x:3:anon
 phys:x:3:anon
 audio:x:4:anon
 audio:x:4:anon
+lookup:x:10:anon
 users:x:100:anon
 users:x:100:anon

+ 1 - 0
Base/etc/passwd

@@ -1,3 +1,4 @@
 root:x:0:0:root:/:/bin/sh
 root:x:0:0:root:/:/bin/sh
+lookup:x:10:10:LookupServer,,,:/:/bin/false
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh