Drop privs to nobody if mosquitto user does not exist.

eclipse · Aug 7, 2019 · 570c367 · 570c367
1 parent 1c1ccae
commit 570c367
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 10 deletions.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -1,3 +1,9 @@
+Broker:
+- When running as root, if dropping privileges to the "mosquitto" user fails,
+ then try "nobody" instead. This reduces the burden on users installing
+ Mosquitto themselves.
+
+
 1.6.4 - 20190801
 ================
 

diff --git a/man/mosquitto.conf.5.xml b/man/mosquitto.conf.5.xml
@@ -845,12 +845,15 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S
  <term><option>user</option> <replaceable>username</replaceable></term>
  <listitem>
  <para>When run as root, change to this user and its primary
- group on startup. If mosquitto is unable to change to
- this user and group, it will exit with an error. The
- user specified must have read/write access to the
- persistence database if it is to be written. If run as
- a non-root user, this setting has no effect. Defaults
- to mosquitto.</para>
+ group on startup. If set to "mosquitto" or left unset,
+ and if the "mosquitto" user does not exist, then
+ mosquitto will change to the "nobody" user instead.
+ If this is set to another value and mosquitto is unable
+ to change to this user and group, it will exit with an
+ error. The user specified must have read/write access
+ to the persistence database if it is to be written. If
+ run as a non-root user, this setting has no effect.
+ Defaults to mosquitto.</para>
  <para>This setting has no effect on Windows and so you
  should run mosquitto as the user you wish it to run
  as.</para>

diff --git a/mosquitto.conf b/mosquitto.conf
@@ -192,9 +192,11 @@
 # When run as root, drop privileges to this user and its primary
 # group.
 # Set to root to stay as root, but this is not recommended.
+# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+# then it will drop privileges to the "nobody" user instead.
 # If run as a non-root user, this setting has no effect.
-# Note that on Windows this has no effect and so mosquitto should
-# be started by the user you wish it to run as.
+# Note that on Windows this has no effect and so mosquitto should be started by
+# the user you wish it to run as.
 #user mosquitto
 
 # =================================================================

diff --git a/src/mosquitto.c b/src/mosquitto.c
@@ -104,8 +104,17 @@ int drop_privileges(struct mosquitto__config *config, bool temporary)
  if(config->user && strcmp(config->user, "root")){
  pwd = getpwnam(config->user);
  if(!pwd){
- log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid user '%s'.", config->user);
- return 1;
+ if(strcmp(config->user, "mosquitto")){
+ log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to '%s' because this user does not exist.", config->user);
+ return 1;
+ }else{
+ log__printf(NULL, MOSQ_LOG_ERR, "Warning: Unable to drop privileges to '%s' because this user does not exist. Trying 'nobody' instead.", config->user);
+ pwd = getpwnam("nobody");
+ if(!pwd){
+ log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to drop privileges to 'nobody'.");
+ return 1;
+ }
+ }
  }
  if(initgroups(config->user, pwd->pw_gid) == -1){
  err = strerror(errno);