diff options
| -rw-r--r-- | src/util/debug.c | 33 | ||||
| -rw-r--r-- | src/util/server.c | 6 | ||||
| -rw-r--r-- | src/util/util.h | 1 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/util/debug.c b/src/util/debug.c index a99d5403a..413757091 100644 --- a/src/util/debug.c +++ b/src/util/debug.c @@ -297,6 +297,39 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level, free(message); } +/* In cases SSSD used to run as the root user, but runs as the SSSD user now, + * we need to chown the log files + */ +int chown_debug_file(const char *filename, + uid_t uid, gid_t gid) +{ + char *logpath; + const char *log_file; + errno_t ret; + + if (filename == NULL) { + log_file = debug_log_file; + } else { + log_file = filename; + } + + ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, log_file); + if (ret == -1) { + return ENOMEM; + } + + ret = chown(logpath, uid, gid); + free(logpath); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, "chown failed for [%s]: [%d]\n", + log_file, ret); + return ret; + } + + return EOK; +} + int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec) { FILE *f = NULL; diff --git a/src/util/server.c b/src/util/server.c index 3a84dee0c..a908470cd 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -427,6 +427,12 @@ int server_setup(const char *name, int flags, struct tevent_signal *tes; struct logrotate_ctx *lctx; + ret = chown_debug_file(NULL, uid, gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot chown the debug files, debugging might not work!\n"); + } + ret = become_user(uid, gid); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, diff --git a/src/util/util.h b/src/util/util.h index cc5588c18..df83aac7d 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -218,6 +218,7 @@ errno_t set_debug_file_from_fd(const int fd); /* From debug.c */ void ldb_debug_messages(void *context, enum ldb_debug_level level, const char *fmt, va_list ap); +int chown_debug_file(const char *filename, uid_t uid, gid_t gid); int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec); int open_debug_file(void); int rotate_debug_files(void); |