summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_runtime.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nxt_runtime.c')
-rw-r--r--src/nxt_runtime.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/nxt_runtime.c b/src/nxt_runtime.c
index 06478f72..de41ba4d 100644
--- a/src/nxt_runtime.c
+++ b/src/nxt_runtime.c
@@ -692,14 +692,26 @@ nxt_runtime_conf_init(nxt_task_t *task, nxt_runtime_t *rt)
rt->state = NXT_STATE;
rt->control = NXT_CONTROL_SOCK;
+ nxt_memzero(&rt->capabilities, sizeof(nxt_capabilities_t));
+
if (nxt_runtime_conf_read_cmd(task, rt) != NXT_OK) {
return NXT_ERROR;
}
- if (nxt_user_cred_get(task, &rt->user_cred, rt->group) != NXT_OK) {
+ if (nxt_capability_set(task, &rt->capabilities) != NXT_OK) {
return NXT_ERROR;
}
+ if (rt->capabilities.setid) {
+ if (nxt_user_cred_get(task, &rt->user_cred, rt->group) != NXT_OK) {
+ return NXT_ERROR;
+ }
+
+ } else {
+ nxt_log(task, NXT_LOG_WARN, "Unit is running unprivileged, then it "
+ "cannot use arbitrary user and group.");
+ }
+
/* An engine's parameters. */
interface = nxt_service_get(rt->services, "engine", rt->engine);
generated by cgit (git 2.34.1) at 2024-11-17 13:35:48 +0000