From 03e3be7b1af8f0a7bdb78666a8b7c41ea0923dc8 Mon Sep 17 00:00:00 2001 From: Alexey Milovidov Date: Fri, 20 May 2022 02:38:50 +0200 Subject: [PATCH] Maybe fix error --- programs/main.cpp | 52 ++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/programs/main.cpp b/programs/main.cpp index 243159d9bf5..bee1496095c 100644 --- a/programs/main.cpp +++ b/programs/main.cpp @@ -355,31 +355,7 @@ void setUserAndGroup() static constexpr size_t buf_size = 16384; /// Linux man page says it is enough. Nevertheless, we will check if it's not enough and throw. std::unique_ptr buf(new char[buf_size]); - const char * env_uid = getenv("CLICKHOUSE_SETUID"); - if (env_uid && env_uid[0]) - { - /// Is it numeric id or name? - uid_t uid = 0; - if (!tryParse(uid, env_uid) || uid == 0) - { - passwd entry{}; - passwd * result{}; - - if (0 != getpwnam_r(env_uid, &entry, buf.get(), buf_size, &result)) - throwFromErrno(fmt::format("Cannot do 'getpwnam_r' to obtain uid from user name, specified in the CLICKHOUSE_SETUID environment variable ({})", env_uid), ErrorCodes::SYSTEM_ERROR); - - if (!result) - throw Exception("User {} specified in the CLICKHOUSE_SETUID environment variable is not found in the system", ErrorCodes::BAD_ARGUMENTS); - - uid = entry.pw_uid; - } - - if (uid == 0) - throw Exception("User specified in the CLICKHOUSE_SETUID environment variable has id 0, but dropping privileges to uid 0 does not make sense", ErrorCodes::BAD_ARGUMENTS); - - if (0 != setuid(uid)) - throwFromErrno(fmt::format("Cannot do 'setuid' to user, specified in the CLICKHOUSE_SETUID environment variable ({})", env_uid), ErrorCodes::SYSTEM_ERROR); - } + /// Set the group first, because if we set user, the privileges will be already dropped and we will not be able to set the group later. const char * env_gid = getenv("CLICKHOUSE_SETGID"); if (env_gid && env_gid[0]) @@ -405,6 +381,32 @@ void setUserAndGroup() if (0 != setgid(gid)) throwFromErrno(fmt::format("Cannot do 'setgid' to user, specified in the CLICKHOUSE_SETGID environment variable ({})", env_gid), ErrorCodes::SYSTEM_ERROR); } + + const char * env_uid = getenv("CLICKHOUSE_SETUID"); + if (env_uid && env_uid[0]) + { + /// Is it numeric id or name? + uid_t uid = 0; + if (!tryParse(uid, env_uid) || uid == 0) + { + passwd entry{}; + passwd * result{}; + + if (0 != getpwnam_r(env_uid, &entry, buf.get(), buf_size, &result)) + throwFromErrno(fmt::format("Cannot do 'getpwnam_r' to obtain uid from user name, specified in the CLICKHOUSE_SETUID environment variable ({})", env_uid), ErrorCodes::SYSTEM_ERROR); + + if (!result) + throw Exception("User {} specified in the CLICKHOUSE_SETUID environment variable is not found in the system", ErrorCodes::BAD_ARGUMENTS); + + uid = entry.pw_uid; + } + + if (uid == 0) + throw Exception("User specified in the CLICKHOUSE_SETUID environment variable has id 0, but dropping privileges to uid 0 does not make sense", ErrorCodes::BAD_ARGUMENTS); + + if (0 != setuid(uid)) + throwFromErrno(fmt::format("Cannot do 'setuid' to user, specified in the CLICKHOUSE_SETUID environment variable ({})", env_uid), ErrorCodes::SYSTEM_ERROR); + } }