admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

uid and gid variables (no change at runtime)

Browse Source
This commit is contained in:
Quentin McGaw
2020-07-08 22:13:59 +00:00
parent 765f06e5a8
commit 7450ffce2b
1 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
cmd/gluetun/main.go
View File

@@ -88,17 +88,20 @@ func _main(background context.Context, args []string) int {
fatalOnError(err) fatalOnError(err)
logger.Info(allSettings.String()) logger.Info(allSettings.String())
// Should never change
uid, gid := allSettings.System.UID, allSettings.System.GID
providerConf := provider.New(allSettings.VPNSP, logger, client, fileManager, firewallConf) providerConf := provider.New(allSettings.VPNSP, logger, client, fileManager, firewallConf)
if !allSettings.Firewall.Enabled { if !allSettings.Firewall.Enabled {
firewallConf.Disable() firewallConf.Disable()
} }
err = alpineConf.CreateUser("nonrootuser", allSettings.System.UID) err = alpineConf.CreateUser("nonrootuser", uid)
fatalOnError(err) fatalOnError(err)
err = fileManager.SetOwnership("/etc/unbound", allSettings.System.UID, allSettings.System.GID) err = fileManager.SetOwnership("/etc/unbound", uid, gid)
fatalOnError(err) fatalOnError(err)
err = fileManager.SetOwnership("/etc/tinyproxy", allSettings.System.UID, allSettings.System.GID) err = fileManager.SetOwnership("/etc/tinyproxy", uid, gid)
fatalOnError(err) fatalOnError(err)
if err := ovpnConf.CheckTUN(); err != nil { if err := ovpnConf.CheckTUN(); err != nil {
@@ -132,8 +135,8 @@ func _main(background context.Context, args []string) int {
err = providerConf.BuildConf( err = providerConf.BuildConf(
connections, connections,
allSettings.OpenVPN.Verbosity, allSettings.OpenVPN.Verbosity,
allSettings.System.UID, uid,
allSettings.System.GID, gid,
allSettings.OpenVPN.Root, allSettings.OpenVPN.Root,
allSettings.OpenVPN.Cipher, allSettings.OpenVPN.Cipher,
allSettings.OpenVPN.Auth, allSettings.OpenVPN.Auth,
@@ -162,8 +165,8 @@ func _main(background context.Context, args []string) int {
allSettings.TinyProxy.Port, allSettings.TinyProxy.Port,
allSettings.TinyProxy.User, allSettings.TinyProxy.User,
allSettings.TinyProxy.Password, allSettings.TinyProxy.Password,
allSettings.System.UID, uid,
allSettings.System.GID) gid)
fatalOnError(err) fatalOnError(err)
err = firewallConf.AllowAnyIncomingOnPort(ctx, allSettings.TinyProxy.Port) err = firewallConf.AllowAnyIncomingOnPort(ctx, allSettings.TinyProxy.Port)
fatalOnError(err) fatalOnError(err)
@@ -187,8 +190,8 @@ func _main(background context.Context, args []string) int {
allSettings.ShadowSocks.Password, allSettings.ShadowSocks.Password,
allSettings.ShadowSocks.Method, allSettings.ShadowSocks.Method,
nameserver, nameserver,
allSettings.System.UID, uid,
allSettings.System.GID) gid)
fatalOnError(err) fatalOnError(err)
err = firewallConf.AllowAnyIncomingOnPort(ctx, allSettings.ShadowSocks.Port) err = firewallConf.AllowAnyIncomingOnPort(ctx, allSettings.ShadowSocks.Port)
fatalOnError(err) fatalOnError(err)
@@ -209,12 +212,11 @@ func _main(background context.Context, args []string) int {
unboundDone := make(chan struct{}) unboundDone := make(chan struct{})
serverDone := make(chan struct{}) serverDone := make(chan struct{})
openvpnLooper := openvpn.NewLooper(ovpnConf, allSettings.OpenVPN, logger, streamMerger, fatalOnError, allSettings.System.UID, allSettings.System.GID) openvpnLooper := openvpn.NewLooper(ovpnConf, allSettings.OpenVPN, logger, streamMerger, fatalOnError, uid, gid)
// wait for restartOpenvpn // wait for restartOpenvpn
go openvpnLooper.Run(ctx, restartOpenvpn, openvpnDone) go openvpnLooper.Run(ctx, restartOpenvpn, openvpnDone)
unboundLooper := dns.NewLooper(dnsConf, allSettings.DNS, logger, unboundLooper := dns.NewLooper(dnsConf, allSettings.DNS, logger, streamMerger, uid, gid)
streamMerger, allSettings.System.UID, allSettings.System.GID)
// wait for restartUnbound // wait for restartUnbound
go unboundLooper.Run(ctx, restartUnbound, unboundDone) go unboundLooper.Run(ctx, restartUnbound, unboundDone)
@@ -357,9 +359,10 @@ func onConnected(allSettings settings.Settings,
routingConf routing.Routing, defaultInterface string, routingConf routing.Routing, defaultInterface string,
providerConf provider.Provider, providerConf provider.Provider,
) { ) {
uid, gid := allSettings.System.UID, allSettings.System.GID
if allSettings.OpenVPN.Provider.PortForwarding.Enabled { if allSettings.OpenVPN.Provider.PortForwarding.Enabled {
time.AfterFunc(5*time.Second, func() { time.AfterFunc(5*time.Second, func() {
setupPortForwarding(logger, providerConf, allSettings.OpenVPN.Provider.PortForwarding.Filepath, allSettings.System.UID, allSettings.System.GID) setupPortForwarding(logger, providerConf, allSettings.OpenVPN.Provider.PortForwarding.Filepath, uid, gid)
}) })
} }
@@ -378,7 +381,7 @@ func onConnected(allSettings settings.Settings,
err = fileManager.WriteLinesToFile( err = fileManager.WriteLinesToFile(
string(allSettings.System.IPStatusFilepath), string(allSettings.System.IPStatusFilepath),
[]string{publicIP.String()}, []string{publicIP.String()},
files.Ownership(allSettings.System.UID, allSettings.System.GID), files.Ownership(uid, gid),
files.Permissions(0400)) files.Permissions(0400))
if err != nil { if err != nil {
logger.Error(err) logger.Error(err)