@@ -21,6 +21,7 @@ Post-v2.4.0
targets to run a new system testsuite. These tests can be run inside
a Vagrant box. See INSTALL.md for details
- Dropped support for GRE64 tunnel.
+ - Added --user option to ovsdb-server.
v2.4.0 - 20 Aug 2015
@@ -50,3 +50,12 @@ core dumps into the current working directory and the root directory
is not a good directory to use.
.IP
This option has no effect when \fB\-\-detach\fR is not specified.
+.
+.TP
+\fB\-\-user\fR
+Causes \fB\*(PN\fR to run as a non-root user specified in "user:group".
+Short forms "user" and ":group" are also allowed, with current user or group
+assumed respectively. The process must be started by root to make use
+of this option.
+.IP
+Currently only ovsdb-server actually implements this option.
@@ -1,4 +1,4 @@
-/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
+/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -221,6 +221,10 @@ main(int argc, char *argv[])
process_init();
parse_options(&argc, &argv, &remotes, &unixctl_path, &run_command);
+ /* Drop root privileges and become the new user as soon as possible.
+ * OVSDB server does not need root privileges. If --user option is
+ * not specified, the following function is essentially no-op. */
+ daemon_become_new_user();
/* Create and initialize 'config_tmpfile' as a temporary file to hold
* ovsdb-server's most basic configuration, and then save our initial
Add support for running ovsdb-server as a non-root user, specified by the --user option. If specified, all I/O access and all sub-processes will be perfromed as the new user. Signed-off-by: Andy Zhou <azhou@nicira.com> --- v2: rewording the man page. --- NEWS | 1 + lib/daemon.man | 9 +++++++++ ovsdb/ovsdb-server.c | 6 +++++- 3 files changed, 15 insertions(+), 1 deletion(-)