Base: Run ProtocolServer as a separate "protocol" user

This is probably not the final design we'll want for this, but for now
let's run the HTTP client code as a separate user to reduce exposure
for the standard "anon" user account.

Note that "protocol" is also added to the "lookup" group, in order to
allow ProtocolServer to contact LookupServer for DNS requests.

3 files changed, 5 insertions, 2 deletions

diff --git a/Base/etc/SystemServer.ini b/Base/etc/SystemServer.ini
index c31b61f1c0..348f05b685 100644
--- a/Base/etc/SystemServer.ini
+++ b/Base/etc/SystemServer.ini
@@ -6,10 +6,11 @@ Priority=high
 
 [ProtocolServer]
 Socket=/tmp/portal/protocol
+SocketPermissions=660
 Lazy=1
 Priority=low
 KeepAlive=1
-User=anon
+User=protocol
 
 [LookupServer]
 Socket=/tmp/portal/lookup
diff --git a/Base/etc/group b/Base/etc/group
index 840a9dae5c..e41861da50 100644
--- a/Base/etc/group
+++ b/Base/etc/group
@@ -3,5 +3,6 @@ wheel:x:1:anon
 tty:x:2:
 phys:x:3:anon
 audio:x:4:anon
-lookup:x:10:anon
+lookup:x:10:protocol,anon
+protocol:x:11:anon
 users:x:100:anon
diff --git a/Base/etc/passwd b/Base/etc/passwd
index 159f969ede..e23a6d09d3 100644
--- a/Base/etc/passwd
+++ b/Base/etc/passwd
@@ -1,4 +1,5 @@
 root:x:0:0:root:/:/bin/sh
 lookup:x:10:10:LookupServer,,,:/:/bin/false
+protocol:x:11:11:ProtocolServer,,,:/:/bin/false
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh