diff --git a/configure.ac b/configure.ac index 22dd2e64..223fc2d1 100644 --- a/configure.ac +++ b/configure.ac @@ -37,7 +37,7 @@ AC_CHECK_HEADERS(endian.h sys/endian.h arpa/inet.h sys/poll.h syslog.h) AC_CHECK_HEADERS(alloca.h pthread.h stdio.h math.h signal.h sys/prctl.h) AC_CHECK_HEADERS(sys/types.h sys/socket.h sys/stat.h linux/un.h netdb.h) AC_CHECK_HEADERS(stdint.h netinet/in.h netinet/tcp.h sys/ioctl.h) -AC_CHECK_HEADERS(libpq-fe.h postgresql/libpq-fe.h) +AC_CHECK_HEADERS(libpq-fe.h postgresql/libpq-fe.h grp.h) PTHREAD_LIBS="-lpthread" MATH_LIBS="-lm" diff --git a/src/ckpool.c b/src/ckpool.c index de3ad49c..3d01ca32 100644 --- a/src/ckpool.c +++ b/src/ckpool.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -422,6 +423,7 @@ static bool write_pid(ckpool_t *ckp, const char *path, pid_t pid) static void create_process_unixsock(proc_instance_t *pi) { unixsock_t *us = &pi->us; + ckpool_t *ckp = pi->ckp; us->path = strdup(pi->ckp->socket_dir); realloc_strcat(&us->path, pi->sockname); @@ -429,6 +431,8 @@ static void create_process_unixsock(proc_instance_t *pi) us->sockd = open_unix_server(us->path); if (unlikely(us->sockd < 0)) quit(1, "Failed to open %s socket", pi->sockname); + if (chown(us->path, -1, ckp->gr_gid)) + quit(1, "Failed to set %s to group id %d", us->path, ckp->gr_gid); } static void write_namepid(proc_instance_t *pi) @@ -746,11 +750,14 @@ int main(int argc, char **argv) memset(&ckp, 0, sizeof(ckp)); ckp.loglevel = LOG_NOTICE; - while ((c = getopt(argc, argv, "c:kl:n:ps:")) != -1) { + while ((c = getopt(argc, argv, "c:g:kl:n:ps:")) != -1) { switch (c) { case 'c': ckp.config = optarg; break; + case 'g': + ckp.grpnam = optarg; + break; case 'k': ckp.killold = true; break; @@ -783,6 +790,15 @@ int main(int argc, char **argv) prctl(PR_SET_NAME, buf, 0, 0, 0); memset(buf, 0, 15); + if (ckp.grpnam) { + struct group *group = getgrnam(ckp.grpnam); + + if (!group) + quit(1, "Failed to find group %s", ckp.grpnam); + ckp.gr_gid = group->gr_gid; + } else + ckp.gr_gid = getegid(); + if (!ckp.config) { ckp.config = strdup(ckp.name); realloc_strcat(&ckp.config, ".conf"); diff --git a/src/ckpool.h b/src/ckpool.h index c03d4d6d..2d7e361f 100644 --- a/src/ckpool.h +++ b/src/ckpool.h @@ -67,6 +67,9 @@ struct ckpool_instance { char *name; /* Directory where sockets are created */ char *socket_dir; + /* Group ID for unix sockets */ + char *grpnam; + gid_t gr_gid; /* Directory where logs are written */ char *logdir; /* Logfile */