From 2f6fb43152cc0bdd627d9edadc06a8b8bec5efee Mon Sep 17 00:00:00 2001
From: bush <bush@6irc.us>
Date: Sat, 21 Feb 2015 19:12:26 +1100
Subject: [PATCH 1/3] added a feature to change uid/gid after startup to bind
 ports lower than 1024 on Linux

---
 config.template.yaml | 6 ++++++
 lib/config.js        | 7 ++++++-
 lib/server.js        | 3 +++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/config.template.yaml b/config.template.yaml
index acc16472..d325dead 100644
--- a/config.template.yaml
+++ b/config.template.yaml
@@ -192,3 +192,9 @@ ffmpeg:
   enabled: false
 
 link-domain-blacklist: []
+
+# Drop root if started as root!!
+setuid:
+  enabled: false
+  group: 'users'
+  user: 'user'
diff --git a/lib/config.js b/lib/config.js
index 818e0c57..686d85eb 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -99,7 +99,12 @@ var defaults = {
     ffmpeg: {
         enabled: false
     },
-    "link-domain-blacklist": []
+    "link-domain-blacklist": [],
+    setuid: {
+        enabled: false,
+        "group": "users",
+        "user": "nobody"
+    },
 };
 
 /**
diff --git a/lib/server.js b/lib/server.js
index 5291041a..88032089 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -108,6 +108,9 @@ var Server = function () {
 
     // background tasks init ----------------------------------------------
     require("./bgtask")(self);
+
+    // setuid
+    require("./setuid");
 };
 
 Server.prototype.getHTTPIP = function (req) {

From 960f94bfb6d5760f08da9a7246030c34f4477764 Mon Sep 17 00:00:00 2001
From: bush <bush@6irc.us>
Date: Sat, 21 Feb 2015 19:13:55 +1100
Subject: [PATCH 2/3] Forgot the new file :o

---
 lib/setuid.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 lib/setuid.js

diff --git a/lib/setuid.js b/lib/setuid.js
new file mode 100644
index 00000000..da29266e
--- /dev/null
+++ b/lib/setuid.js
@@ -0,0 +1,15 @@
+var Config = require("./config");
+
+if (Config.get("setuid.enabled")) {
+    setTimeout(function() {
+        try {
+            console.log('Old User ID: ' + process.getuid() + ', Old Group ID: ' + process.getgid());
+            process.setgid(Config.get("setuid.group"));
+            process.setuid(Config.get("setuid.user"));
+            console.log('New User ID: ' + process.getuid() + ', New Group ID: ' + process.getgid());
+        } catch (err) {
+            console.log('Cowardly refusing to keep the process alive as root.');
+            process.exit(1);
+        }
+    }, 15);
+};

From ca0f0c40861a21b4cdde5517762f3f609e3725ce Mon Sep 17 00:00:00 2001
From: bush6 <bush@6irc.us>
Date: Tue, 24 Feb 2015 08:08:43 +1000
Subject: [PATCH 3/3] set uid timeout

Allow the timeout to be changed allowing more time before dropping root
privledges
---
 config.template.yaml | 2 ++
 lib/config.js        | 3 ++-
 lib/setuid.js        | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/config.template.yaml b/config.template.yaml
index d325dead..d92d6fd4 100644
--- a/config.template.yaml
+++ b/config.template.yaml
@@ -198,3 +198,5 @@ setuid:
   enabled: false
   group: 'users'
   user: 'user'
+# how long to wait in ms before changing uid/gid
+  timeout: 15
diff --git a/lib/config.js b/lib/config.js
index 686d85eb..5b849d0f 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -103,7 +103,8 @@ var defaults = {
     setuid: {
         enabled: false,
         "group": "users",
-        "user": "nobody"
+        "user": "nobody",
+        "timeout": 15
     },
 };
 
diff --git a/lib/setuid.js b/lib/setuid.js
index da29266e..82345531 100644
--- a/lib/setuid.js
+++ b/lib/setuid.js
@@ -11,5 +11,5 @@ if (Config.get("setuid.enabled")) {
             console.log('Cowardly refusing to keep the process alive as root.');
             process.exit(1);
         }
-    }, 15);
+    }, (Config.get("setuid.timeout")));
 };