| Drop root check |
| |
| rpcbind needs to bind to port 111, which is a privileged port. In |
| order to ensure that it can do this, rpcbind helpfully hardcodes a |
| check to ensure that geteuid() returns 0 instead of printing a message |
| only if it fails to bind to the correct port. |
| |
| Remove this check so that we can run it as a non-root user. It will |
| still be able to bind to port 111 since we will give it the |
| CAP_NET_BIND_SERVICE capability, which is really all it needs. |
| |
| --- src/rpcbind.c 2016-11-28 12:47:28.000000000 -0800 |
| +++ src/rpcbind.c.new 2017-11-13 15:32:42.344159067 -0800 |
| @@ -171,11 +171,6 @@ |
| setrlimit(RLIMIT_NOFILE, &rl); |
| } |
| |
| - if (geteuid()) { /* This command allowed only to root */ |
| - fprintf(stderr, "Sorry. You are not superuser\n"); |
| - exit(1); |
| - } |
| - |
| /* |
| * Make sure we use the local service file |
| * for service lookkups |
| @@ -268,18 +263,6 @@ |
| mkdir_warmstart(p->pw_uid); |
| } |
| #endif |
| - if (setgid(p->pw_gid) == -1) { |
| - syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid); |
| - exit(1); |
| - } |
| - if (setgroups(0, NULL) == -1) { |
| - syslog(LOG_ERR, "dropping supplemental groups failed: %m"); |
| - exit(1); |
| - } |
| - if (setuid(p->pw_uid) == -1) { |
| - syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid); |
| - exit(1); |
| - } |
| } |
| |
| #ifdef WARMSTART |