cn/openvpn-status-web
1
0
Fork 0
mirror of https://github.com/cmur2/openvpn-status-web.git synced 2024-12-22 12:54:24 +01:00
Code Releases Activity

Allow dropping privs

Browse Source
This commit is contained in:
cn 2013-05-03 22:26:07 +02:00
parent c885e875ad
commit e0c3073d82
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -26,6 +26,9 @@ Create a configuration file in YAML format somewhere:
# listen address and port # listen address and port
host: "0.0.0.0" host: "0.0.0.0"
port: "8080" port: "8080"
# optional: drop priviliges in case you want to but you should give this user at least read access on the log files
user: "nobody"
group: "nogroup"
# logfile is optional, logs to STDOUT else # logfile is optional, logs to STDOUT else
logfile: "openvpn-status-web.log" logfile: "openvpn-status-web.log"
# display name for humans and the status file path # display name for humans and the status file path

4
lib/openvpn-status-web.rb
View File

@ -105,6 +105,10 @@ module OpenVPNStatusWeb
OpenVPNStatusWeb.logger.info "Starting..." OpenVPNStatusWeb.logger.info "Starting..."
# drop privs (first change group than user)
Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
# configure rack # configure rack
app = Daemon.new(config['vpns']) app = Daemon.new(config['vpns'])
if ENV['RACK_ENV'] == "development" if ENV['RACK_ENV'] == "development"