From 4a5d4889a081abcda1cef6bea8a5d67ebddf0b3e Mon Sep 17 00:00:00 2001 From: Ayman Bagabas Date: Wed, 25 May 2022 09:37:45 -0400 Subject: [PATCH] feat: use flag and add comment --- examples/{non-root => setuid}/main.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) rename examples/{non-root => setuid}/main.go (69%) diff --git a/examples/non-root/main.go b/examples/setuid/main.go similarity index 69% rename from examples/non-root/main.go rename to examples/setuid/main.go index 352212734..4c05e5fb2 100644 --- a/examples/non-root/main.go +++ b/examples/setuid/main.go @@ -1,10 +1,15 @@ //go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris // +build darwin dragonfly freebsd linux netbsd openbsd solaris +// This is an example of binding soft-serve ssh port to a restricted port (<1024) and +// then droping root privileges to a different user to run the server. +// Make sure you run this as root. + package main import ( "context" + "flag" "fmt" "log" "net" @@ -17,31 +22,29 @@ import ( "github.com/charmbracelet/soft-serve/server" ) -const ( - port = 22 - gid = 1000 - uid = 1000 -) - var ( - addr = fmt.Sprintf(":%d", port) + port = flag.Int("port", 22, "port to listen on") + gid = flag.Int("gid", 1000, "group id to run as") + uid = flag.Int("uid", 1000, "user id to run as") ) func main() { + flag.Parse() + addr := fmt.Sprintf(":%d", *port) // To listen on port 22 we need root privileges ls, err := net.Listen("tcp", addr) if err != nil { log.Fatalf("Can't listen: %s", err) } // We don't need root privileges any more - if err := syscall.Setgid(gid); err != nil { + if err := syscall.Setgid(*gid); err != nil { log.Fatalf("Setgid error: %s", err) } - if err := syscall.Setuid(uid); err != nil { + if err := syscall.Setuid(*uid); err != nil { log.Fatalf("Setuid error: %s", err) } cfg := config.DefaultConfig() - cfg.Port = port + cfg.Port = *port s := server.NewServer(cfg) done := make(chan os.Signal, 1)