If needed, drop privileges to pelican after startup of server

PelicanPlatform · Dec 23, 2024 · a09a240 · a09a240
1 parent 23e80f6
commit a09a240
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 0 deletions.
diff --git a/launchers/droppriv_unix.go b/launchers/droppriv_unix.go
@@ -0,0 +1,56 @@
+//go:build !windows
+
+/***************************************************************
+ *
+ * Copyright (C) 2024, Pelican Project, Morgridge Institute for Research
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you
+ * may not use this file except in compliance with the License.  You may
+ * obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ***************************************************************/
+
+package launchers
+
+import (
+	"syscall"
+
+	"github.com/pelicanplatform/pelican/config"
+	"github.com/pelicanplatform/pelican/param"
+	"github.com/pkg/errors"
+	log "github.com/sirupsen/logrus"
+)
+
+func dropPriveleges() (err error) {
+	log.Info("Dropping privileges to user ", param.Server_UnprivilegedUser.GetString())
+	var puser config.User
+	puser, err = config.GetPelicanUser()
+	if err != nil {
+		return
+	}
+	if puser.Uid == 0 {
+		err = errors.Errorf("unable to drop privileges to user (%s) with UID 0", puser.Username)
+		return
+	}
+	if puser.Gid == 0 {
+		err = errors.Errorf("unable to drop privileges to user (user %s, group %s) with GID 0", puser.Username, puser.Groupname)
+		return
+	}
+	if err = syscall.Setgid(puser.Gid); err != nil {
+		err = errors.Wrap(err, "failed to drop group privileges")
+		return
+	}
+	if err = syscall.Setuid(puser.Uid); err != nil {
+		err = errors.Wrap(err, "failed to drop user privileges")
+		return
+	}
+	return
+}
diff --git a/launchers/droppriv_windows.go b/launchers/droppriv_windows.go
@@ -0,0 +1,27 @@
+//go:build windows
+
+/***************************************************************
+ *
+ * Copyright (C) 2024, Pelican Project, Morgridge Institute for Research
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you
+ * may not use this file except in compliance with the License.  You may
+ * obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ***************************************************************/
+
+package launchers
+
+import "github.com/pkg/errors"
+
+func dropPriveleges() (err error) {
+	return errors.New("dropping privileges is not supported on Windows")
+}
diff --git a/launchers/launcher.go b/launchers/launcher.go
@@ -325,6 +325,13 @@ func LaunchModules(ctx context.Context, modules server_structs.ServerType) (serv
 		}
 	}
 
+	// Now that we've launched XRootD (which should drop their privileges to the xrootd user), we can drop our own
+	if config.IsRootExecution() && param.Server_DropPrivileges.GetBool() {
+		if err = dropPriveleges(); err != nil {
+			return
+		}
+	}
+
 	if modules.IsEnabled(server_structs.OriginType) || modules.IsEnabled(server_structs.CacheType) {
 		log.Debug("Launching periodic advertise of origin/cache server to the director")
 		if err = launcher_utils.LaunchPeriodicAdvertise(ctx, egrp, servers); err != nil {