Check if privddrop was successful#345
Merged
dnzbk merged 3 commits intonzbgetcom:developfrom Aug 9, 2024
Merged
Conversation
When starting nzbget with `DaemonUsername=_not_root` in nzbget.conf for
the first time, a couple of directories, and nzbget.log, are created in
${MainDir} with as owner root. This causes an issue as these cannot be
used by nzbget after privileges have been dropped to `_not_root`.
Expected behaviour is that nzbget creates these directories with as
owner `_not_root`.
Previously discussed in nzbget/nzbget#500 and
nzbget/nzbget#512.
Currently, if nzbget is daemonized as root, and an invalid `DaemonUsername` is set, privileges are not dropped. Consequence is that nzbget runs with elevated privileges, which is undesirable for any software with network-facing interfaces. This should address nzbgetcom#113.
dnzbk
approved these changes
Aug 9, 2024
Collaborator
|
Thank you! |
beertje44
pushed a commit
to beertje44/nzbget
that referenced
this pull request
Dec 4, 2024
Currently, if nzbget is daemonized as root, and an invalid `DaemonUsername` is set, privileges are not dropped. Consequence is that nzbget runs with elevated privileges, which is undesirable for any software with network-facing interfaces.
bob-beck
pushed a commit
to openbsd/ports
that referenced
this pull request
Nov 23, 2025
correct ownership. Based on nzbgetcom/nzbget#345 Bump REVISION
bket
added a commit
to bket/nzbget
that referenced
this pull request
Jan 26, 2026
PR nzbgetcom#345 introduced checks for successful privdrop and ensured that missing files/directories were created as `DaemonUsername`. However, this was partly reverted due to regressions in extensions (nzbgetcom#353). This partial revert caused a side effect where missing files and folders are once again created by `root` during startup. This commit fixes the ownership issue by explicitly calling chown(2) after creation, ensuring the privdropped daemon can access its data.
bket
added a commit
to bket/nzbget
that referenced
this pull request
Feb 15, 2026
PR nzbgetcom#345 introduced checks for successful privdrop and ensured that missing files/directories were created as `DaemonUsername`. However, this was partly reverted due to regressions in extensions (nzbgetcom#353). This partial revert caused a side effect where missing files and folders are once again created by `root` during startup. This commit fixes the ownership issue by explicitly calling chown(2) after creation, ensuring the privdropped daemon can access its data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes file-/dir-permission issues when starting nzbget with
DaemonUsername=_not_root, and checks that privileges are dropped when daemonizing as root.Lib changes
No changes.
Testing
Build- and run tested on OpenBSD
Tested by @dnzbk on Linux Debian 12 and macOS Ventura