diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 13:59:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 21:43:45 +0200 |
commit | 4546e283498ffe2511cb566b9159714c671e326b (patch) | |
tree | bf4f149d7423f0110cb5d968a44c178acc9c9371 /src/util/debug.c | |
parent | ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a (diff) | |
download | sssd-4546e283498ffe2511cb566b9159714c671e326b.tar.gz sssd-4546e283498ffe2511cb566b9159714c671e326b.tar.xz sssd-4546e283498ffe2511cb566b9159714c671e326b.zip |
SSSD: Chown the log files
We need to chown the log files before dropping root to make sure they
are usable by the SSSD user. Unfortunately, we can't just rely on
passing the fd opened by root, because we need to be also able to rotate
the log files.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util/debug.c')
-rw-r--r-- | src/util/debug.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/util/debug.c b/src/util/debug.c index a99d5403a..413757091 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -297,6 +297,39 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level, free(message); } +/* In cases SSSD used to run as the root user, but runs as the SSSD user now, + * we need to chown the log files + */ +int chown_debug_file(const char *filename, + uid_t uid, gid_t gid) +{ + char *logpath; + const char *log_file; + errno_t ret; + + if (filename == NULL) { + log_file = debug_log_file; + } else { + log_file = filename; + } + + ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, log_file); + if (ret == -1) { + return ENOMEM; + } + + ret = chown(logpath, uid, gid); + free(logpath); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, "chown failed for [%s]: [%d]\n", + log_file, ret); + return ret; + } + + return EOK; +} + int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec) { FILE *f = NULL; |