From aba90429b32f362f89cb53c115f9b67b54250b5b Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 1 Nov 2025 14:54:36 +0100
Subject: Added if block

---
 FICS/ficsmain.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'FICS')

diff --git a/FICS/ficsmain.c b/FICS/ficsmain.c
index c9d6f35..bf5aafb 100644
--- a/FICS/ficsmain.c
+++ b/FICS/ficsmain.c
@@ -298,6 +298,19 @@ main(int argc, char *argv[])
 	settings_init();
 	settings_read_conf(FICS_SETTINGS);
 
+	if (is_super_user()) {
+		if (strncmp(FICS_PREFIX, "/home", 5) == 0)
+			errx(1, "Do not run as root");
+		else if (read_the_group_permissions_file("/etc/group") != 0)
+			errx(1, "Failed to read the group permissions file");
+		else if (fics_addgroup(settings_get("sysgroup")) != 0)
+			errx(1, "Failed to add the system group");
+		else if (prep_dir_for_privdrop(FICS_PREFIX) != 0)
+			errx(1, "Dir preparation failed");
+		else if (drop_root_privileges(FICS_PREFIX) != 0)
+			errx(1, "Privdrop failed");
+	}
+
 	if (net_init(port)) {
 		fprintf(stderr, "FICS: Network initialize failed on port %d.\n",
 		    port);
-- 
cgit v1.2.3