privileges are dropped prematurely when running as daemon under root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mosquitto |
New
|
Undecided
|
Unassigned |
Bug Description
When mosquitto is started as root (e.g. using an init.d script) and the private keys needed for SSL/TLS are only readable by the root user (as is common best practice), mosquitto is unable to read the required key files as the privileges are dropped before the initialization of the corresponding listeners.
As I really don't want to make my private keys readable by any other user than root, the dropping of privileges should be postponed to a point after the initialization of the listeners.
Tested version: 1.4 branch (Mercurial repository, commit 2d4f5c4abf05)
OS: Debian 6 (with private key files in /etc/ssl/private with owner root:root and 600 permissions)
I have tried to fix this problem by simply moving the respective lines of code further down in mosquitto.c::main (see attached diff), but I do not have a full understanding of the complete mosquitto codebase to gauge if this will cause any other side effects or problems.
Hi there,
I'm migrating bugs to Eclipse, the new url for this bug is:
https:/ /bugs.eclipse. org/bugs/ show_bug. cgi?id= 452914