blob: b60cd62c9a5b5b2c9c34f0e8f5ab233fa6c5b4f0 [file] [log] [blame]
Drop root check
rpcbind needs to bind to port 111, which is a privileged port. In
order to ensure that it can do this, rpcbind helpfully hardcodes a
check to ensure that geteuid() returns 0 instead of printing a message
only if it fails to bind to the correct port.
Remove this check so that we can run it as a non-root user. It will
still be able to bind to port 111 since we will give it the
CAP_NET_BIND_SERVICE capability, which is really all it needs.
--- src/rpcbind.c 2016-11-28 12:47:28.000000000 -0800
+++ src/rpcbind.c.new 2017-11-13 15:32:42.344159067 -0800
@@ -171,11 +171,6 @@
setrlimit(RLIMIT_NOFILE, &rl);
}
- if (geteuid()) { /* This command allowed only to root */
- fprintf(stderr, "Sorry. You are not superuser\n");
- exit(1);
- }
-
/*
* Make sure we use the local service file
* for service lookkups
@@ -268,18 +263,6 @@
mkdir_warmstart(p->pw_uid);
}
#endif
- if (setgid(p->pw_gid) == -1) {
- syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
- exit(1);
- }
- if (setgroups(0, NULL) == -1) {
- syslog(LOG_ERR, "dropping supplemental groups failed: %m");
- exit(1);
- }
- if (setuid(p->pw_uid) == -1) {
- syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
- exit(1);
- }
}
#ifdef WARMSTART