View Javadoc

1   //========================================================================
2   //Copyright 2004-2008 Mort Bay Consulting Pty. Ltd.
3   //------------------------------------------------------------------------
4   //Licensed under the Apache License, Version 2.0 (the "License");
5   //you may not use this file except in compliance with the License.
6   //You may obtain a copy of the License at 
7   //http://www.apache.org/licenses/LICENSE-2.0
8   //Unless required by applicable law or agreed to in writing, software
9   //distributed under the License is distributed on an "AS IS" BASIS,
10  //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11  //See the License for the specific language governing permissions and
12  //limitations under the License.
13  //========================================================================
14  
15  package org.mortbay.setuid;
16  
17  import org.mortbay.jetty.Connector;
18  import org.mortbay.jetty.Server;
19  import org.mortbay.log.Log;
20  
21  /**
22   * This extension of {@link Server} will make a JNI call to set the unix UID.
23   *
24   * This can be used to start the server as root so that privileged ports may
25   * be accessed and then switch to a non-root user for security.
26   * Depending on the value of {@link #setStartServerAsPrivileged(boolean)}, either the
27   * server will be started and then the UID set; or the {@link Server#getConnectors()} will be 
28   * opened with a call to {@link Connector#open()}, the UID set and then the server is started.
29   * The later is the default and avoids any webapplication code being run as a privileged user,
30   * but will not work if the application code also needs to open privileged ports.
31   *
32   *<p>
33   * The configured umask is set before the server is started and the configured
34   * uid is set after the server is started.
35   * </p>
36   * @author gregw
37   *
38   */
39  public class SetUIDServer extends Server
40  {
41      private int _uid=0;
42      private int _gid=0;
43      private int _umask=0;
44      private boolean _startServerAsPrivileged;
45      
46      public void setUsername(String username)
47      {
48          Passwd passwd = SetUID.getpwnam(username);
49          _uid = passwd.getPwUid();
50      }
51      
52      public String getUsername()
53      {
54          Passwd passwd = SetUID.getpwuid(_uid);
55          return passwd.getPwName();
56      }
57      
58      public void setGroupname(String groupname)
59      {
60          Group group = SetUID.getgrnam(groupname);
61          _gid = group.getGrGid();
62      }
63      
64      public String getGroupname()
65      {
66          Group group = SetUID.getgrgid(_gid);
67          return group.getGrName();
68      }
69  
70  
71      public int getUmask ()
72      {
73          return _umask;
74      }
75  
76      public void setUmask(int umask)
77      {
78          _umask=umask;
79      }
80      
81      public int getUid()
82      {
83          return _uid;
84      }
85  
86      public void setUid(int uid)
87      {
88          _uid=uid;
89      }
90      
91      public void setGid(int gid)
92      {
93          _gid=gid;
94      }
95      
96      public int getGid()
97      {
98          return _gid;
99      }
100 
101     protected void doStart() throws Exception
102     {
103         if (_umask!=0)
104         {
105             Log.info("Setting umask=0"+Integer.toString(_umask,8));
106             SetUID.setumask(_umask);
107         }
108         
109         if (_startServerAsPrivileged)
110         {
111             super.doStart();
112             if (_gid!=0)
113             {
114                 Log.info("Setting GID="+_gid);
115                 SetUID.setgid(_gid);
116             }
117             if (_uid!=0)
118             {
119                 Log.info("Setting UID="+_uid);
120                 SetUID.setuid(_uid);
121             }
122         }
123         else
124         {
125             Connector[] connectors = getConnectors();
126             for (int i=0;connectors!=null && i<connectors.length;i++)
127                 connectors[i].open();
128             if (_gid!=0)
129             {
130                 Log.info("Setting GID="+_gid);
131                 SetUID.setgid(_gid);
132             }
133             if (_uid!=0)
134             {
135                 Log.info("Setting UID="+_uid);
136                 SetUID.setuid(_uid);
137             }
138             super.doStart();
139         }
140     }
141 
142     /* ------------------------------------------------------------ */
143     /**
144      * @return the startServerAsPrivileged 
145      */
146     public boolean isStartServerAsPrivileged()
147     {
148         return _startServerAsPrivileged;
149     }
150 
151     /* ------------------------------------------------------------ */
152     /**
153      * @see {@link Connector#open()}
154      * @param startServerAsPrivileged if true, the server is started and then the process UID is switched. If false, the connectors are opened, the UID is switched and then the server is started.
155      */
156     public void setStartServerAsPrivileged(boolean startContextsAsPrivileged)
157     {
158         _startServerAsPrivileged=startContextsAsPrivileged;
159     }
160     
161 }