Base: Add a "lookup" user+group that runs LookupServer

LookupServer now runs as lookup:lookup, allowing connections from other members of the "lookup" group. This is enforced through file system permissions by having the service socket (/tmp/portal/lookup) be mode 0660. Now the LookupServer program can't overwrite other people's files if it starts misbehaving. That's pretty cool :^)
abyesilyurt · Jan 9, 2020 · f5d9f11 · f5d9f11
1 parent 7dd03b4
commit f5d9f11
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/Base/etc/SystemServer.ini b/Base/etc/SystemServer.ini
@@ -13,10 +13,11 @@ User=anon
 
 [LookupServer]
 Socket=/tmp/portal/lookup
+SocketPermissions=660
 Lazy=1
 Priority=low
 KeepAlive=1
-User=anon
+User=lookup
 
 [WindowServer]
 Socket=/tmp/portal/window

diff --git a/Base/etc/group b/Base/etc/group
@@ -3,4 +3,5 @@ wheel:x:1:anon
 tty:x:2:
 phys:x:3:anon
 audio:x:4:anon
+lookup:x:10:anon
 users:x:100:anon
diff --git a/Base/etc/passwd b/Base/etc/passwd
@@ -1,3 +1,4 @@
 root:x:0:0:root:/:/bin/sh
+lookup:x:10:10:LookupServer,,,:/:/bin/false
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh