From 25539273164f161127bf96ef4da443882fde7d08 Mon Sep 17 00:00:00 2001 From: Jan Schaumann Date: Fri, 10 Mar 2023 14:35:23 -0500 Subject: [PATCH 1/2] add command-line options "-g", "-u", "-p" -g GROUP, --group GROUP change eGID to this group (default: None) -p PIDFILE, --pidfile PIDFILE name of the file to write the current pid to (default: None) -u USER, --user USER change eUID to this user (default: None) --- postfix_mta_sts_resolver/daemon.py | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/postfix_mta_sts_resolver/daemon.py b/postfix_mta_sts_resolver/daemon.py index b4f304c..f079f25 100644 --- a/postfix_mta_sts_resolver/daemon.py +++ b/postfix_mta_sts_resolver/daemon.py @@ -3,8 +3,11 @@ import os import argparse import asyncio +import grp import logging +import pwd import signal +import sys from functools import partial from .asdnotify import AsyncSystemdNotifier @@ -26,12 +29,18 @@ def parse_args(): help="config file location", metavar="FILE", default=defaults.CONFIG_LOCATION) + parser.add_argument("-g", "--group", + help="change eGID to this group") parser.add_argument("-l", "--logfile", help="log file location", metavar="FILE") parser.add_argument("--disable-uvloop", help="do not use uvloop even if it is available", action="store_true") + parser.add_argument("-p", "--pidfile", + help="name of the file to write the current pid to") + parser.add_argument("-u", "--user", + help="change eUID to this user") return parser.parse_args() @@ -96,8 +105,24 @@ async def amain(cfg, loop): # pragma: no cover def main(): # pragma: no cover - # Parse command line arguments and setup basic logging args = parse_args() + if args.pidfile is not None: + with open(args.pidfile, 'w') as f: + f.write(str(os.getpid())) + if args.group is not None: + try: + g = grp.getgrnam(args.group) + os.setegid(g.gr_gid) + except Exception as e: + print("Unable to change eGID to '{}': {}".format(args.group, e), file=sys.stderr) + return os.EX_OSERR + if args.user is not None: + try: + p = pwd.getpwnam(args.user) + os.seteuid(p.pw_uid) + except Exception as e: + print("Unable to change eUID to '{}': {}".format(args.user, e), file=sys.stderr) + return os.EX_OSERR with utils.AsyncLoggingHandler(args.logfile) as log_handler: logger = utils.setup_logger('MAIN', args.verbosity, log_handler) utils.setup_logger('STS', args.verbosity, log_handler) From 7f9f791427bfb0b90fb65a57673162995555d0c2 Mon Sep 17 00:00:00 2001 From: Jan Schaumann Date: Fri, 10 Mar 2023 14:44:35 -0500 Subject: [PATCH 2/2] document '-u', '-p', '-g' --- man/mta-sts-daemon.1.adoc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/man/mta-sts-daemon.1.adoc b/man/mta-sts-daemon.1.adoc index b8ef6ac..df64f60 100644 --- a/man/mta-sts-daemon.1.adoc +++ b/man/mta-sts-daemon.1.adoc @@ -29,13 +29,22 @@ successful authentication of that site when forwarding mail there. *-v, --verbosity* _VERBOSITY_:: set log verbosity level: _debug_, _info_ (default), _warn_, _error_, or _fatal_. - *-c, --config* _FILE_:: config file location (default: _/etc/mta-sts-daemon.yml_) +*-g, --group* _GROUP_:: + change eGID to this group (default: _none_) + *-l, --logfile* _FILE_:: log file location (default: _none_) +*-p, --pidfile* _PIDFILE_:: + name of the file to write the current pid to (default: _none_) + +*-u, --user* _USER_:: + change eUID to this user (default: _none_) + + *--disable-uvloop*:: do not use uvloop even if it is available (default: enabled if available)