summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLou Berger <lberger@labn.net>2016-09-06 16:52:31 +0200
committerDonald Sharp <sharpd@cumulusnetworks.com>2016-09-09 22:06:59 +0200
commita008f49a85c3891eb4ac469346bec24036fd0e87 (patch)
treebb58434396b8de8df2ec5c31c53cbaec158fc548
parentbgpd: Fix startup a bit more (diff)
downloadfrr-a008f49a85c3891eb4ac469346bec24036fd0e87.tar.xz
frr-a008f49a85c3891eb4ac469346bec24036fd0e87.zip
bgpd: Add flag to not change e{u,g}id on startup and run as unprivileged user
* bgp_main.c: add -S / --skip_runas flag to not change effective user/group on start up. Enables bgpd to be run by unprivileged user.
-rw-r--r--bgpd/bgp_main.c19
-rw-r--r--doc/bgpd.85
2 files changed, 20 insertions, 4 deletions
diff --git a/bgpd/bgp_main.c b/bgpd/bgp_main.c
index 54e732977..5ef8154fa 100644
--- a/bgpd/bgp_main.c
+++ b/bgpd/bgp_main.c
@@ -68,6 +68,7 @@ static const struct option longopts[] =
{ "no_kernel", no_argument, NULL, 'n'},
{ "user", required_argument, NULL, 'u'},
{ "group", required_argument, NULL, 'g'},
+ { "skip_runas", no_argument, NULL, 'S'},
{ "version", no_argument, NULL, 'v'},
{ "dryrun", no_argument, NULL, 'C'},
{ "help", no_argument, NULL, 'h'},
@@ -163,6 +164,7 @@ redistribution between different routing protocols.\n\n\
-n, --no_kernel Do not install route to kernel.\n\
-u, --user User to run as\n\
-g, --group Group to run as\n\
+-S, --skip_runas Skip user and group run as\n\
-v, --version Print program version\n\
-C, --dryrun Check configuration for validity and exit\n\
-h, --help Display this help and exit\n\
@@ -200,9 +202,12 @@ sigint (void)
zlog_notice ("Terminating on signal");
if (! retain_mode)
- bgp_terminate ();
+ {
+ bgp_terminate ();
+ if (bgpd_privs.user) /* NULL if skip_runas flag set */
+ zprivs_terminate (&bgpd_privs);
+ }
- zprivs_terminate (&bgpd_privs);
bgp_exit (0);
exit (0);
@@ -408,6 +413,7 @@ main (int argc, char **argv)
char *progname;
struct thread thread;
int tmp_port;
+ int skip_runas = 0;
/* Set umask before anything for security */
umask (0027);
@@ -421,7 +427,7 @@ main (int argc, char **argv)
/* Command line argument treatment. */
while (1)
{
- opt = getopt_long (argc, argv, "df:i:z:hp:l:A:P:rnu:g:vC", longopts, 0);
+ opt = getopt_long (argc, argv, "df:i:z:hp:l:A:P:rnu:g:vCS", longopts, 0);
if (opt == EOF)
break;
@@ -479,6 +485,9 @@ main (int argc, char **argv)
case 'g':
bgpd_privs.group = optarg;
break;
+ case 'S': /* skip run as = override bgpd_privs */
+ skip_runas = 1;
+ break;
case 'v':
print_version (progname);
exit (0);
@@ -497,7 +506,11 @@ main (int argc, char **argv)
zlog_default = openzlog (progname, ZLOG_BGP, 0,
LOG_CONS|LOG_NDELAY|LOG_PID, LOG_DAEMON);
+
+ if (skip_runas)
+ memset (&bgpd_privs, 0, sizeof (bgpd_privs));
zprivs_init (&bgpd_privs);
+
#if defined(HAVE_CUMULUS)
zlog_set_level (NULL, ZLOG_DEST_SYSLOG, zlog_default->default_lvl);
#endif
diff --git a/doc/bgpd.8 b/doc/bgpd.8
index 67143c2c5..7e90eaec5 100644
--- a/doc/bgpd.8
+++ b/doc/bgpd.8
@@ -6,7 +6,7 @@ software
.SH SYNOPSIS
.B bgpd
[
-.B \-dhrv
+.B \-dhrSv
] [
.B \-f
.I config-file
@@ -74,6 +74,9 @@ Specify the user to run as. Default is \fIquagga\fR.
\fB\-r\fR, \fB\-\-retain\fR
When the program terminates, retain routes added by \fBbgpd\fR.
.TP
+\fB\-S\fR, \fB\-\-skip_runas\fR
+Skip setting the process effective user and group.
+.TP
\fB\-v\fR, \fB\-\-version\fR
Print the version and exit.
.SH FILES