mirror of
https://github.com/nextcloud/server.git
synced 2026-06-13 02:31:33 -04:00
e48a7c5cf8
The previous implementation attempted to set GID after dropping root UID, which would fail (silently) and made the posix_setgid() call effectively a no-op. This swaps the order to set the target GID first. Also refactored for clarity: - Renamed dropPrivileges to switchToConfigFileOwner for clearer intent - Update docblock to explicitly state best-effort limitations - Use more descriptive variable names - Re-organized for readability Signed-off-by: Josh <josh.t.richards@gmail.com>
44 lines
1.1 KiB
PHP
Executable file
44 lines
1.1 KiB
PHP
Executable file
#!/usr/bin/env php
|
|
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
if (posix_getuid() === 0) {
|
|
switchToConfigFileOwner();
|
|
}
|
|
|
|
require_once __DIR__ . '/console.php';
|
|
|
|
/**
|
|
* Attempt to switch process identity to match the config file when run as root.
|
|
*
|
|
* This is a convenience for the operator to allow `occ` to run without manual
|
|
* user switching. It drops primary root privileges but is not a true sandbox.
|
|
*
|
|
* Note: Best-effort only. Will not change privileges if config file owner has
|
|
* no passwd entry. Does not clear environment variables nor supplementary groups.
|
|
* Failures are ignored here as downstream checks validate the final UID state.
|
|
*/
|
|
function switchToConfigFileOwner(): void {
|
|
$configPath = __DIR__ . '/config/config.php';
|
|
$targetUid = @fileowner($configPath);
|
|
|
|
if ($targetUid === false) {
|
|
return;
|
|
}
|
|
|
|
$ownerInfo = posix_getpwuid($targetUid);
|
|
if ($ownerInfo === false) {
|
|
return;
|
|
}
|
|
|
|
$targetGid = $ownerInfo['gid'];
|
|
|
|
posix_setgid($targetGid);
|
|
posix_setuid($targetUid);
|
|
}
|