diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 13:59:49 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 21:43:45 +0200 |
| commit | 4546e283498ffe2511cb566b9159714c671e326b (patch) | |
| tree | bf4f149d7423f0110cb5d968a44c178acc9c9371 /src/util | |
| parent | ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a (diff) | |
| download | sssd-4546e283498ffe2511cb566b9159714c671e326b.tar.gz sssd-4546e283498ffe2511cb566b9159714c671e326b.tar.xz sssd-4546e283498ffe2511cb566b9159714c671e326b.zip | |
SSSD: Chown the log files
We need to chown the log files before dropping root to make sure they
are usable by the SSSD user. Unfortunately, we can't just rely on
passing the fd opened by root, because we need to be also able to rotate
the log files.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/debug.c | 33 | ||||
| -rw-r--r-- | src/util/server.c | 6 | ||||
| -rw-r--r-- | src/util/util.h | 1 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/util/debug.c b/src/util/debug.c index a99d5403a..413757091 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -297,6 +297,39 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level, free(message); } +/* In cases SSSD used to run as the root user, but runs as the SSSD user now, + * we need to chown the log files + */ +int chown_debug_file(const char *filename, + uid_t uid, gid_t gid) +{ + char *logpath; + const char *log_file; + errno_t ret; + + if (filename == NULL) { + log_file = debug_log_file; + } else { + log_file = filename; + } + + ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, log_file); + if (ret == -1) { + return ENOMEM; + } + + ret = chown(logpath, uid, gid); + free(logpath); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, "chown failed for [%s]: [%d]\n", + log_file, ret); + return ret; + } + + return EOK; +} + int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec) { FILE *f = NULL; diff --git a/src/util/server.c b/src/util/server.c index 3a84dee0c..a908470cd 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -427,6 +427,12 @@ int server_setup(const char *name, int flags, struct tevent_signal *tes; struct logrotate_ctx *lctx; + ret = chown_debug_file(NULL, uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot chown the debug files, debugging might not work!\n"); + } + ret = become_user(uid, gid); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, diff --git a/src/util/util.h b/src/util/util.h index cc5588c18..df83aac7d 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -218,6 +218,7 @@ errno_t set_debug_file_from_fd(const int fd); /* From debug.c */ void ldb_debug_messages(void *context, enum ldb_debug_level level, const char *fmt, va_list ap); +int chown_debug_file(const char *filename, uid_t uid, gid_t gid); int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec); int open_debug_file(void); int rotate_debug_files(void); |