From d3f47cfba9327e8e1e6d0be709500d0b081e5171 Mon Sep 17 00:00:00 2001 From: ad Date: Wed, 6 Oct 1999 21:54:10 +0000 Subject: [PATCH] A colon is the preferred way to split a user and group name pair; make this possible and depreciate the use of dot. --- usr.sbin/inetd/inetd.8 | 29 +++++++++++++++-------------- usr.sbin/inetd/inetd.c | 28 ++++++++++++++++------------ 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 805521c9fc97..d2fd550ad247 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: inetd.8,v 1.23 1999/09/10 03:26:49 simonb Exp $ +.\" $NetBSD: inetd.8,v 1.24 1999/10/06 21:54:10 ad Exp $ .\" .\" Copyright (c) 1998 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -127,8 +127,8 @@ fields of the configuration file are as follows: [addr:]service-name socket-type protocol[,sndbuf=size][,rcvbuf=size] -wait/nowait[.max] -user[.group] +wait/nowait[:max] +user[:group] server-program server program arguments .Ed @@ -141,8 +141,8 @@ based service, the entry would contain these fields. service-name/version socket-type rpc/protocol[,sndbuf=size][,rcvbuf=size] -wait/nowait[.max] -user[.group] +wait/nowait[:max] +user[:group] server-program server program arguments .Ed @@ -292,8 +292,8 @@ suffix (separated from .Dq wait or .Dq nowait -by a dot) specifies the maximum number of server instances that may be -spawned from +by a dot or a colon) specifies the maximum number of server instances that may +be spawned from .Nm within an interval of 60 seconds. When omitted, .Dq max @@ -316,13 +316,14 @@ is usually the only stream server marked as wait. .Pp The .Em user -entry should contain the user name of the user as whom the server -should run. This allows for servers to be given less permission -than root. An optional group name can be specified by appending a dot to -the user name followed by the group name. This allows for servers to run with -a different (primary) group id than specified in the password file. If a group -is specified and user is not root, the supplementary groups associated with -that user will still be set. +entry should contain the user name of the user as whom the server should +run. This allows for servers to be given less permission than root. An +optional group name can be specified by appending a colon to the user name +followed by the group name (it is possible to use a dot in lieu of a colon, +however this feature is provided only for backward compatibility). This allows +for servers to run with a different (primary) group id than specified in the +password file. If a group is specified and user is not root, the +supplementary groups associated with that user will still be set. .Pp The .Em server-program diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index c5109fcad54a..d8c5406af1fb 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -1,4 +1,4 @@ -/* $NetBSD: inetd.c,v 1.54 1999/09/15 09:59:41 itojun Exp $ */ +/* $NetBSD: inetd.c,v 1.55 1999/10/06 21:54:10 ad Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -77,7 +77,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1991, 1993, 1994\n\ #if 0 static char sccsid[] = "@(#)inetd.c 8.4 (Berkeley) 4/13/94"; #else -__RCSID("$NetBSD: inetd.c,v 1.54 1999/09/15 09:59:41 itojun Exp $"); +__RCSID("$NetBSD: inetd.c,v 1.55 1999/10/06 21:54:10 ad Exp $"); #endif #endif /* not lint */ @@ -108,8 +108,8 @@ __RCSID("$NetBSD: inetd.c,v 1.54 1999/09/15 09:59:41 itojun Exp $"); * name a tcpmux service * socket type stream/dgram/raw/rdm/seqpacket * protocol must be in /etc/protocols - * wait/nowait[.max] single-threaded/multi-threaded, max # - * user[.group] user/group to run daemon as + * wait/nowait[:max] single-threaded/multi-threaded, max # + * user[:group] user/group to run daemon as * server program full path name * server program arguments maximum of MAXARGS (20) * @@ -117,8 +117,8 @@ __RCSID("$NetBSD: inetd.c,v 1.54 1999/09/15 09:59:41 itojun Exp $"); * service name/version must be in /etc/rpc * socket type stream/dgram/raw/rdm/seqpacket * protocol must be in /etc/protocols - * wait/nowait[.max] single-threaded/multi-threaded - * user[.group] user to run daemon as + * wait/nowait[:max] single-threaded/multi-threaded + * user[:group] user to run daemon as * server program full path name * server program arguments maximum of MAXARGS (20) * @@ -172,7 +172,7 @@ __RCSID("$NetBSD: inetd.c,v 1.54 1999/09/15 09:59:41 itojun Exp $"); */ /* - * Here's the scoop concerning the user.group feature: + * Here's the scoop concerning the user:group feature: * * 1) set-group-option off. * @@ -1561,8 +1561,9 @@ do { \ arg = sskip(&cp); { char *cp; - cp = strchr(arg, '.'); - if (cp) { + if ((cp = strchr(arg, ':')) == NULL) + cp = strchr(arg, '.'); + if (cp != NULL) { *cp++ = '\0'; sep->se_max = atoi(cp); } else @@ -1590,8 +1591,11 @@ do { \ } } sep->se_user = newstr(sskip(&cp)); - if ((sep->se_group = strchr(sep->se_user, '.'))) + if ((sep->se_group = strchr(sep->se_user, ':')) != NULL) *sep->se_group++ = '\0'; + else if ((sep->se_group = strchr(sep->se_user, '.')) != NULL) + *sep->se_group++ = '\0'; + sep->se_server = newstr(sskip(&cp)); if (strcmp(sep->se_server, "internal") == 0) { struct biltin *bi; @@ -2072,7 +2076,7 @@ print_service(action, sep) { if (isrpcservice(sep)) fprintf(stderr, - "%s: %s rpcprog=%d, rpcvers = %d/%d, proto=%s, wait.max=%d.%d, user.group=%s.%s builtin=%lx server=%s" + "%s: %s rpcprog=%d, rpcvers = %d/%d, proto=%s, wait:max=%d.%d, user:group=%s.%s builtin=%lx server=%s" #ifdef IPSEC " policy=\"%s\"" #endif @@ -2087,7 +2091,7 @@ print_service(action, sep) ); else fprintf(stderr, - "%s: %s proto=%s, wait.max=%d.%d, user.group=%s.%s builtin=%lx server=%s" + "%s: %s proto=%s, wait:max=%d.%d, user:group=%s.%s builtin=%lx server=%s" #ifdef IPSEC " policy=%s" #endif