Run as nonroot user on Linux (with CAP_NET_ADMIN and CAP_NET_RAW added).
- ZT will only drop root privileges if zerotier-one user exists. It is created by Debian postinst script - in other cases the user has to be created by administrator. - Linux >=4.3 with ambient capabilities is required, otherwise ZT will silently - "-U" option now also disables privileges dropping
This commit is contained in:
Michał Zieliński
parent
88e3fe699c
commit
344a25c133
5 changed files with 197 additions and 3 deletions
14
one.cpp
14
one.cpp
|
|
@ -44,6 +44,10 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <signal.h>
|
||||
|
||||
#ifdef __linux__
|
||||
#include "osdep/LinuxDropPrivileges.hpp"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <string>
|
||||
|
|
@ -900,7 +904,7 @@ static void printHelp(const char *cn,FILE *out)
|
|||
fprintf(out,"Available switches:" ZT_EOL_S);
|
||||
fprintf(out," -h - Display this help" ZT_EOL_S);
|
||||
fprintf(out," -v - Show version" ZT_EOL_S);
|
||||
fprintf(out," -U - Run as unprivileged user (skip privilege check)" ZT_EOL_S);
|
||||
fprintf(out," -U - Skip privilege check and do not attempt to drop privileges" ZT_EOL_S);
|
||||
fprintf(out," -p<port> - Port for UDP and TCP/HTTP (default: 9993, 0 for random)" ZT_EOL_S);
|
||||
|
||||
#ifdef __UNIX_LIKE__
|
||||
|
|
@ -1141,6 +1145,14 @@ int main(int argc,char **argv)
|
|||
#endif // __WINDOWS__
|
||||
|
||||
#ifdef __UNIX_LIKE__
|
||||
|
||||
#ifndef ZT_ONE_RUN_AS_ROOT
|
||||
#ifdef __linux__
|
||||
if (!skipRootCheck)
|
||||
dropPrivileges(homeDir);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
std::string pidPath(homeDir + ZT_PATH_SEPARATOR_S + ZT_PID_PATH);
|
||||
{
|
||||
// Write .pid file to home folder
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue