allow winbindd to run as non-root so we can test it more easily

(This used to be commit 001129e2153633dbd079889b11331e9c27786e5b)

2 files changed, 7 insertions, 9 deletions

diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
index 8376007424..ed0075a358 100644
--- a/source3/nsswitch/wb_common.c
+++ b/source3/nsswitch/wb_common.c
@@ -99,7 +99,8 @@ static int open_pipe_sock(void)
 		return -1;
 	}
 	
-	if (!S_ISDIR(st.st_mode) || (st.st_uid != 0)) {
+	if (!S_ISDIR(st.st_mode) || 
+	    (st.st_uid != 0 && st.st_uid != geteuid())) {
 		return -1;
 	}
 	
@@ -128,7 +129,8 @@ static int open_pipe_sock(void)
 	
 	/* Check permissions on unix socket file */
 	
-	if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0)) {
+	if (!S_ISSOCK(st.st_mode) || 
+	    (st.st_uid != 0 && st.st_uid != geteuid())) {
 		return -1;
 	}
 	
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 9371078a79..b81d60dc66 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -167,7 +167,8 @@ static int create_sock(void)
             return -1;
         }
         
-        if ((st.st_uid != 0) || ((st.st_mode & 0777) != 0755)) {
+        if ((st.st_uid != sec_initial_uid()) || 
+	    ((st.st_mode & 0777) != 0755)) {
             DEBUG(0, ("invalid permissions on socket directory %s\n",
                       WINBINDD_SOCKET_DIR));
             return -1;
@@ -645,12 +646,7 @@ int main(int argc, char **argv)
 	BOOL interactive = False;
 	int opt, new_debuglevel = -1;
 
-	/* Must be root */
-
-	if(geteuid() != (uid_t)0) {
-		fprintf(stderr, "Must have effective user id of zero.\n");
-		exit(1);
-	}
+	sec_init();
 
 	/* Set environment variable so we don't recursively call ourselves.
 	   This may also be useful interactively. */