Chrooting and user substituting are removed. It can be done within systemd unit.

2022-03-20 18:28:20 +04:00 · 2022-03-20 18:28:20 +04:00 · 5037a6103f
parent b2aec04023
commit 5037a6103f
2 changed files with 0 additions and 40 deletions
--- a/cmd/dwelling-upload/main.go
+++ b/cmd/dwelling-upload/main.go
@ -11,34 +11,12 @@ import (
 	"log"
 	"os"
 	"os/signal"
-	"os/user"
-	"strconv"
 	"syscall"
 )

 var configPath *string = flag.String("conf", "config.yaml", "path to configuration file")
 var logToStdout *bool = flag.Bool("log-stdout", false, "write logs to stdout")

-func substituteUser(username string) error {
-	u, err := user.Lookup(username)
-	if err != nil {
-		return err
-	}
-
-	uid, err := strconv.Atoi(u.Uid)
-	if err != nil {
-		return err
-	}
-
-	if os.Getuid() != uid {
-		if err := syscall.Setuid(uid); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 func main() {
 	flag.Parse()

@ -53,16 +31,6 @@ func main() {
 		}
 	}()

-	if config.Chroot != "" {
-		if err := syscall.Chroot(config.Chroot); err != nil {
-			log.Fatalln("failed to chroot:", err)
-		}
-	}
-
-	if err := substituteUser(config.User); err != nil {
-		log.Fatalf("failed to change user to %s: %s", config.User, err)
-	}
-
 	if *logToStdout {
 		config.Log.ToStdout = true
 	}
--- a/configs/config.yaml
+++ b/configs/config.yaml
@ -5,14 +5,6 @@ listen_on: "unix /tmp/dwelling-upload.sock"
 # Salt for hash of uploaded files.
 # Aim is to make links bruteforcing useless.
 hash_salt: "iyP3oZWHI3xO3XBF7s78Vg"
-# User a program runs as. Make sure that all
-# paths are accessible by that user.
-user: "dwupload"
-# Chroot directory. No chrooting if empty.
-# Make sure all directories are created within
-# chroot directory. All paths becomes related
-# to chroot.
-chroot: ""
 # Logging options.
 log:
  # Output messages to stdout as well as to theirs files.