cn
/
openvpn-status-web
mirror of https://github.com/cmur2/openvpn-status-web.git
1
0
Fork 0
Code Releases Activity

Allow dropping privs

This commit is contained in:
cn 2013-05-03 22:26:07 +02:00
parent c885e875ad
commit e0c3073d82
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -26,6 +26,9 @@ Create a configuration file in YAML format somewhere:
# listen address and port
host: "0.0.0.0"
port: "8080"
# optional: drop priviliges in case you want to but you should give this user at least read access on the log files
user: "nobody"
group: "nogroup"
# logfile is optional, logs to STDOUT else
logfile: "openvpn-status-web.log"
# display name for humans and the status file path

4
lib/openvpn-status-web.rb
View File

@ -105,6 +105,10 @@ module OpenVPNStatusWeb
OpenVPNStatusWeb.logger.info "Starting..."
# drop privs (first change group than user)
Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
# configure rack
app = Daemon.new(config['vpns'])
if ENV['RACK_ENV'] == "development"