5 // TODO: open log-file as non-root
6 // TODO: open socket as root ?
7 // TODO: so best should be: start mediaserv as root and then drop privileges
10 // Definition of non-inline non-template functions
17 #include <sys/types.h>
23 #include "Utils/Exception.hh"
24 #include "Utils/DaemonTools.hh"
25 #include "Server/HTTPLogger.hh"
26 #include "Server/SimpleHTTPServer.hh"
27 #include "Socket/TCPSocketHandle.hh"
31 ///////////////////////////////cc.p////////////////////////////////////////
33 #define THROW_SYSERR(cmd,e) if (e) throw senf::SystemException(#cmd,errno)
35 int main(int argc, char** argv)
38 struct ::passwd * pw = getpwnam("media"); THROW_SYSERR( getpwnam, !pw );
39 struct ::group * gr = getgrnam("media"); THROW_SYSERR( getgrnam, !gr );
40 THROW_SYSERR( setegid,::setegid(gr->gr_gid) < 0 );
41 THROW_SYSERR( seteuid, ::seteuid(pw->pw_uid) < 0 );
42 g0dil::mediaserv::HTTPLogger logger ("log/access.log");
43 THROW_SYSERR( seteuid, ::seteuid(0) < 0 );
44 THROW_SYSERR( setegid, ::setegid(0) );
46 // We have to make sure not to access any sytem files after the chroot
47 // (initgroups accesses /etc/group, redirect_stdio accesses /dev/null)
48 senf::redirect_stdio();
49 THROW_SYSERR( initgroups, ::initgroups("media",gr->gr_gid) < 0 );
50 THROW_SYSERR( chdir, chdir("wwwroot") < 0 );
51 THROW_SYSERR( chroot, chroot(".") < 0 );
52 senf::TCPv4ServerSocketHandle socket (argv[1]);
53 THROW_SYSERR( setregid, ::setregid(gr->gr_gid,gr->gr_gid) < 0 );
54 THROW_SYSERR( setreuid, ::setreuid(pw->pw_uid,pw->pw_uid) < 0 );
56 socket.blocking(false);
57 socket.protocol().reuseaddr(true);
58 g0dil::mediaserv::SimpleHTTPServer server (socket,logger);
60 senf::Scheduler::instance().process();
62 catch (std::exception const & ex) {
63 logger.failedRequest(ex.what());
66 catch (std::exception const & ex) {
67 std::cerr << ex.what() << "\n";
73 ///////////////////////////////cc.e////////////////////////////////////////