From cc6d8d9636520948665288594538c794be013245 Mon Sep 17 00:00:00 2001 From: bol-van Date: Sat, 6 Nov 2021 22:11:29 +0300 Subject: [PATCH] init.d: sysv extreme passwd survival --- init.d/sysv/functions | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/init.d/sysv/functions b/init.d/sysv/functions index 1d88bcc..a9f6c50 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -52,19 +52,33 @@ prepare_user() # also its good idea not to run tpws as root user_exists $WS_USER || { # fallback to daemon if we cant add WS_USER - useradd_compat $WS_USER || WS_USER=daemon + useradd_compat $WS_USER || { + for user in daemon nobody; do + user_exists $user && { + WS_USER=$user + return 0 + } + done + return 1 + } } } +# this complex user selection allows to survive in any locked/readonly/minimalistic environment [ -n "$WS_USER" ] || WS_USER=tpws -prepare_user +if prepare_user; then + USEROPT="--user=$WS_USER" +else + WS_USER=1 + USEROPT="--uid $WS_USER:$WS_USER" +fi PIDDIR=/var/run IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh" [ -n "$QNUM" ] || QNUM=200 [ -n "$NFQWS" ] || NFQWS="$ZAPRET_BASE/nfq/nfqws" -NFQWS_OPT_BASE="--user=$WS_USER --dpi-desync-fwmark=$DESYNC_MARK" +NFQWS_OPT_BASE="$USEROPT --dpi-desync-fwmark=$DESYNC_MARK" NFQWS_OPT_DESYNC_HTTP="${NFQWS_OPT_DESYNC_HTTP:-$NFQWS_OPT_DESYNC}" NFQWS_OPT_DESYNC_HTTPS="${NFQWS_OPT_DESYNC_HTTPS:-$NFQWS_OPT_DESYNC}" @@ -75,7 +89,7 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt" [ -f "$HOSTLIST" ] || HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts-user.txt" -TPWS_OPT_BASE="--user=$WS_USER" +TPWS_OPT_BASE="$USEROPT" TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4" TPWS_OPT_BASE6="--bind-addr=::1" TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"