diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2005-11-23 17:58:01 +0000 |
---|---|---|
committer | Noriko Hosoi <nhosoi@redhat.com> | 2005-11-23 17:58:01 +0000 |
commit | 1ec891b3465abaabaffb28f2e8eb437dd4368f98 (patch) | |
tree | fe667b919052a3d97b89e85c2cd207b6942db722 /ldap/servers/slapd/log.c | |
parent | f8dda515699b63542c9cd9cf62dff1c8e5feda1e (diff) | |
download | ds-1ec891b3465abaabaffb28f2e8eb437dd4368f98.tar.gz ds-1ec891b3465abaabaffb28f2e8eb437dd4368f98.tar.xz ds-1ec891b3465abaabaffb28f2e8eb437dd4368f98.zip |
[173687] deadlock caused by error log rotation and logging
Modified to change the owner to the "localuser" if the error log file is not
owned by the user.
Diffstat (limited to 'ldap/servers/slapd/log.c')
-rw-r--r-- | ldap/servers/slapd/log.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c index e880f86f..c8054d96 100644 --- a/ldap/servers/slapd/log.c +++ b/ldap/servers/slapd/log.c @@ -48,6 +48,7 @@ #include "log.h" #include "fe.h" +#include <pwd.h> /* getpwnam */ #if defined( XP_WIN32 ) #include <fcntl.h> @@ -3225,6 +3226,17 @@ log__open_errorlogfile(int logfile_state, int locked) char tbuf[TBUFSIZE]; struct logfileinfo *logp; char buffer[BUFSIZ]; + struct passwd *pw = NULL; + + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( slapdFrontendConfig->localuser != NULL ) { + if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) + return LOG_UNABLE_TO_OPENFILE; + } + else { + return LOG_UNABLE_TO_OPENFILE; + } if (!locked) LOG_ERROR_LOCK_WRITE( ); @@ -3287,6 +3299,12 @@ log__open_errorlogfile(int logfile_state, int locked) return LOG_UNABLE_TO_OPENFILE; } + /* make sure the logfile is owned by the localuser. If one of the + * alternate ns-slapd modes, such as db2bak, tries to log an error + * at startup, it will create the logfile as root! + */ + slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1); + loginfo.log_error_fdes = fp; if (logfile_state == LOGFILE_REOPENED) { /* we have all the information */ |