From 6de1109854f58592f5df7f1dba935bcad762b8c1 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Fri, 17 Jan 2020 17:22:19 +0300
Subject: [PATCH] Change to a non-root user after starting the server

---
 onedns/cli.py    |  4 ++++
 onedns/server.py | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/onedns/cli.py b/onedns/cli.py
index 4e68080..dc0cc94 100644
--- a/onedns/cli.py
+++ b/onedns/cli.py
@@ -12,6 +12,7 @@ def daemon(args, one_args, **kwargs):
     srv = server.OneDNS(args.domain, one_kwargs=one_args)
     srv.daemon(dns_port=args.dns_port,
                sync_interval=args.sync_interval,
+               user=args.user,
                test=test, test_vms=test_vms)
 
 
@@ -58,6 +59,9 @@ def get_parser():
     daemon_parser.add_argument(
         '--sync-interval', required=False, default=5 * 60, type=positive_int,
         help="time in seconds between ONE syncs")
+    daemon_parser.add_argument(
+        '--user', required=False, default='nobody',
+        help="system user name to setuid() to")
 
     shell_parser = subparsers.add_parser('shell')
     shell_parser.set_defaults(func=shell)
diff --git a/onedns/server.py b/onedns/server.py
index 7f3c057..61116d0 100644
--- a/onedns/server.py
+++ b/onedns/server.py
@@ -1,5 +1,7 @@
 import re
 import time
+import pwd
+import os
 
 from onedns import zone
 from onedns import resolver
@@ -61,7 +63,7 @@ class OneDNS(resolver.DynamicResolver):
         log.info("Adding VM {id}: {vm}".format(id=vm.id, vm=vm.name))
         for name, ip in dns_entries.items():
             self._check_for_duplicates(vm.id, name, ip, zone=zone)
-            self.add_host(name, ip, zone=zone)
+            self.add_host(name.lower(), ip, zone=zone)
 
     def remove_vm(self, vm, zone=None):
         dns_entries = self._get_vm_dns_entries(vm)
@@ -93,9 +95,15 @@ class OneDNS(resolver.DynamicResolver):
     def daemon(self, *args, **kwargs):
         test = kwargs.pop('test', False)
         test_vms = kwargs.pop('test_vms', None)
+        user = kwargs.pop('user', 'nobody')
         sync_interval = kwargs.pop('sync_interval', 5 * 60)
         if self._udp_server is None or not self._udp_server.isAlive():
             self.start(*args, **kwargs)
+        _, _, uid, gid, _, root, shell = pwd.getpwnam(user)
+        os.chdir('/')
+        os.setgroups([])
+        os.setgid(gid)
+        os.setuid(uid)
         while self._udp_server.isAlive():
             try:
                 self.sync(vms=test_vms)