Base: Add a "lookup" user+group that runs LookupServer
LookupServer now runs as lookup:lookup, allowing connections from other members of the "lookup" group. This is enforced through file system permissions by having the service socket (/tmp/portal/lookup) be mode 0660. Now the LookupServer program can't overwrite other people's files if it starts misbehaving. That's pretty cool :^)
This commit is contained in:
Andreas Kling
parent
7dd03b46ee
commit
f5d9f11e52
Notes:
sideshowbarker
2024-07-19 10:14:21 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/f5d9f11e52a
3 changed files with 4 additions and 1 deletions
|
|
@ -13,10 +13,11 @@ User=anon
|
||||||
|
|
||||||
[LookupServer]
|
[LookupServer]
|
||||||
Socket=/tmp/portal/lookup
|
Socket=/tmp/portal/lookup
|
||||||
|
SocketPermissions=660
|
||||||
Lazy=1
|
Lazy=1
|
||||||
Priority=low
|
Priority=low
|
||||||
KeepAlive=1
|
KeepAlive=1
|
||||||
User=anon
|
User=lookup
|
||||||
|
|
||||||
[WindowServer]
|
[WindowServer]
|
||||||
Socket=/tmp/portal/window
|
Socket=/tmp/portal/window
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,5 @@ wheel:x:1:anon
|
||||||
tty:x:2:
|
tty:x:2:
|
||||||
phys:x:3:anon
|
phys:x:3:anon
|
||||||
audio:x:4:anon
|
audio:x:4:anon
|
||||||
|
lookup:x:10:anon
|
||||||
users:x:100:anon
|
users:x:100:anon
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
root:x:0:0:root:/:/bin/sh
|
root:x:0:0:root:/:/bin/sh
|
||||||
|
lookup:x:10:10:LookupServer,,,:/:/bin/false
|
||||||
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
|
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
|
||||||
nona:x:200:200:Nona,,,:/home/nona:/bin/sh
|
nona:x:200:200:Nona,,,:/home/nona:/bin/sh
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue