From 61e4ad1347f51a84400cbf87633cc99f657f9ad7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 9 Dec 2020 20:28:46 +0100 Subject: Make unprivileged user/group for the internal client resp. webserver configurable. --- Changelog | 2 ++ Makefile | 12 +++++++++++- config/lacme.conf | 20 ++++++++++---------- lacme | 8 ++++---- lacme.8.md | 22 ++++++++++------------ 5 files changed, 37 insertions(+), 27 deletions(-) diff --git a/Changelog b/Changelog index f94e81e..a9f137e 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,7 @@ lacme (0.7.1) upstream; + * Unprivileged user/group for the internal client resp. webserver are + now configurable at install time. - lacme: delay webserver socket shutdown to after the process has terminated. - documentation: suggest to generate private key material with diff --git a/Makefile b/Makefile index a4098de..afc5c71 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,11 @@ mandir ?= $(datarootdir)/man man1dir ?= $(mandir)/man1 man8dir ?= $(mandir)/man8 +lacme_www_user ?= www-data +lacme_www_group ?= www-data +lacme_client_user ?= nobody +lacme_client_group ?= nogroup + $(BUILDDIR)/%: % mkdir -pv -- $(dir $@) cp --no-dereference --preserve=mode,links,xattr -vfT -- "$<" "$@" @@ -43,7 +48,12 @@ $(BUILDDIR)/%: % s#@@libexecdir@@#$(libexecdir)#g; \ s#@@datadir@@#$(datadir)#g; \ s#@@runstatedir@@#$(runstatedir)#g; \ - s#@@sysconfdir@@#$(sysconfdir)#g;" -- "$@" + s#@@sysconfdir@@#$(sysconfdir)#g; \ + s#@@lacme_www_user@@#$(lacme_www_user)#g; \ + s#@@lacme_www_group@@#$(lacme_www_group)#g; \ + s#@@lacme_client_user@@#$(lacme_client_user)#g; \ + s#@@lacme_client_group@@#$(lacme_client_group)#g;" \ + -- "$@" install: all install -m0644 -vDt $(sysconfdir)/lacme $(BUILDDIR)/config/*.conf $(BUILDDIR)/snippets/*.conf diff --git a/config/lacme.conf b/config/lacme.conf index 9f4db72..cc8488d 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -19,15 +19,15 @@ #socket = # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#user = nobody +#user = @@lacme_client_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#group = nogroup +#group = @@lacme_client_group@@ # Path to the ACME client executable. # @@ -72,15 +72,15 @@ #challenge-directory = # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#user = www-data +#user = @@lacme_www_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). +# Skip privilege drop if the value is empty (not recommended). # -#group = www-data +#group = @@lacme_www_group@@ # Path to the ACME webserver executable. # @@ -99,13 +99,13 @@ # an existing lacme-accountd(1) process via a UNIX-domain socket. # username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty. +# Skip privilege drop if the value is empty. # #user = # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty. +# Skip privilege drop if the value is empty. # #group = diff --git a/lacme b/lacme index 088e393..e4b8e01 100755 --- a/lacme +++ b/lacme @@ -91,8 +91,8 @@ do { my %valid = ( client => { socket => (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef), - user => 'nobody', - group => 'nogroup', + user => '@@lacme_client_user@@', + group => '@@lacme_client_group@@', command => '@@libexecdir@@/lacme/client', # the rest is for the ACME client map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ @@ -100,8 +100,8 @@ do { webserver => { listen => '@@runstatedir@@/lacme-www.socket', 'challenge-directory' => undef, - user => 'www-data', - group => 'www-data', + user => '@@lacme_www_user@@', + group => '@@lacme_www_group@@', command => '@@libexecdir@@/lacme/webserver', iptables => 'No' diff --git a/lacme.8.md b/lacme.8.md index 3840455..ecf87c3 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -168,17 +168,16 @@ of [ACME] commands and dialogues with the remote [ACME] server). *user* : The username to drop privileges to (setting both effective and real - uid). Preserve root privileges if the value is empty (not - recommended). - Default: `nobody`. + uid). Skip privilege drop if the value is empty (not recommended). + Default: `@@lacme_client_user@@`. *group* : The groupname to drop privileges to (setting both effective and real gid, and also setting the list of supplementary gids to that single - group). Preserve root privileges if the value is empty (not + group). Skip privilege drop if the value is empty (not recommended). - Default: `nogroup`. + Default: `@@lacme_client_group@@`. *command* @@ -245,17 +244,16 @@ served during certificate issuance. *user* : The username to drop privileges to (setting both effective and real - uid). Preserve root privileges if the value is empty (not - recommended). - Default: `www-data`. + uid). Skip privilege drop if the value is empty (not recommended). + Default: `@@lacme_www_user@@`. *group* : The groupname to drop privileges to (setting both effective and real gid, and also setting the list of supplementary gids to that single - group). Preserve root privileges if the value is empty (not + group). Skip privilege drop if the value is empty (not recommended). - Default: `www-data`. + Default: `@@lacme_www_group@@`. *command* @@ -283,13 +281,13 @@ UNIX-domain socket. *user* : The username to drop privileges to (setting both effective and real - uid). Preserve root privileges if the value is empty. + uid). Skip privilege drop if the value is empty. *group* : The groupname to drop privileges to (setting both effective and real gid, and also setting the list of supplementary gids to that single - group). Preserve root privileges if the value is empty. + group). Skip privilege drop if the value is empty. *command* -- cgit v1.2.3