diff --git a/debian/shadowsocks.default b/debian/shadowsocks.default index eb6e15a6..5b60264b 100644 --- a/debian/shadowsocks.default +++ b/debian/shadowsocks.default @@ -18,6 +18,3 @@ DAEMON_ARGS="" # User and group to run the server as USER=root GROUP=root - -# Number of maximum file descriptors -MAXFD=1024 diff --git a/debian/shadowsocks.init b/debian/shadowsocks.init index 8013228f..a1e52a2b 100644 --- a/debian/shadowsocks.init +++ b/debian/shadowsocks.init @@ -45,9 +45,6 @@ SCRIPTNAME=/etc/init.d/$NAME # do_start() { - # Modify the file descriptor limit - ulimit -n ${MAXFD} - # Take care of pidfile permissions mkdir /var/run/$NAME 2>/dev/null || true chown "$USER:$GROUP" /var/run/$NAME @@ -59,7 +56,7 @@ do_start() start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON -- \ - -c "$CONFFILE" -u -f $PIDFILE $DAEMON_ARGS \ + -c "$CONFFILE" -a "$USER" -u -f $PIDFILE $DAEMON_ARGS \ || return 2 } diff --git a/src/local.c b/src/local.c index fff3f2af..81f290d8 100644 --- a/src/local.c +++ b/src/local.c @@ -797,6 +797,7 @@ int main (int argc, char **argv) int i, c; int pid_flags = 0; + char *user = NULL; char *local_port = NULL; char *local_addr = NULL; char *password = NULL; @@ -812,7 +813,7 @@ int main (int argc, char **argv) opterr = 0; - while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:i:c:b:uv")) != -1) + while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:i:c:b:a:uv")) != -1) { switch (c) { @@ -848,6 +849,9 @@ int main (int argc, char **argv) case 'b': local_addr = optarg; break; + case 'a': + user = optarg; + break; case 'u': udprelay = 1; break; @@ -955,6 +959,10 @@ int main (int argc, char **argv) udprelay_init(local_addr, local_port, remote_addr[0].host, remote_addr[0].port, m, listen_ctx.timeout, iface); } + // setuid + if (user != NULL) + run_as(user); + ev_run (loop, 0); #ifdef __MINGW32__ diff --git a/src/redir.c b/src/redir.c index 01b54911..0b234409 100644 --- a/src/redir.c +++ b/src/redir.c @@ -660,6 +660,7 @@ int main (int argc, char **argv) int i, c; int pid_flags = 0; + char *user = NULL; char *local_port = NULL; char *local_addr = NULL; char *password = NULL; @@ -674,7 +675,7 @@ int main (int argc, char **argv) opterr = 0; - while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:c:b:")) != -1) + while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:c:b:a:")) != -1) { switch (c) { @@ -707,6 +708,9 @@ int main (int argc, char **argv) case 'b': local_addr = optarg; break; + case 'a': + user = optarg; + break; } } @@ -796,6 +800,10 @@ int main (int argc, char **argv) ev_io_init (&listen_ctx.io, accept_cb, listenfd, EV_READ); ev_io_start (loop, &listen_ctx.io); + // setuid + if (user != NULL) + run_as(user); + ev_run (loop, 0); return 0; diff --git a/src/server.c b/src/server.c index a4ea49f2..f28915d6 100644 --- a/src/server.c +++ b/src/server.c @@ -898,6 +898,7 @@ int main (int argc, char **argv) int i, c; int pid_flags = 0; + char *user = NULL; char *password = NULL; char *timeout = NULL; char *method = NULL; @@ -913,7 +914,7 @@ int main (int argc, char **argv) opterr = 0; - while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:c:i:d:uv")) != -1) + while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:c:i:d:a:uv")) != -1) { switch (c) { @@ -946,6 +947,9 @@ int main (int argc, char **argv) dns_thread_num = atoi(optarg); if (!dns_thread_num) FATAL("Invalid DNS thread number"); break; + case 'a': + user = optarg; + break; case 'u': udprelay = 1; break; @@ -1052,6 +1056,10 @@ int main (int argc, char **argv) udprelay_init(server_host[0], server_port, asyncns, m, listen_ctx.timeout, iface); } + // setuid + if (user != NULL) + run_as(user); + // start ev loop ev_run (loop, 0); return 0; diff --git a/src/tunnel.c b/src/tunnel.c index d5ccb208..4c06119c 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -704,6 +704,7 @@ int main (int argc, char **argv) int i, c; int pid_flags = 0; + char *user = NULL; char *local_port = NULL; char *local_addr = NULL; char *password = NULL; @@ -722,7 +723,7 @@ int main (int argc, char **argv) opterr = 0; - while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:i:c:b:L:uv")) != -1) + while ((c = getopt (argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:uv")) != -1) { switch (c) { @@ -764,6 +765,9 @@ int main (int argc, char **argv) case 'L': tunnel_addr_str = optarg; break; + case 'a': + user = optarg; + break; case 'v': verbose = 1; break; @@ -873,6 +877,10 @@ int main (int argc, char **argv) tunnel_addr, m, listen_ctx.timeout, iface); } + // setuid + if (user != NULL) + run_as(user); + ev_run (loop, 0); #ifdef __MINGW32__