faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

conf: create directories before dropping root

Browse source 
Create logdir and dumpdir before dropping root. Set their uid/gid to the
user chronyd will switch to. This allows chronyd to create the
directories in a directory where the user won't have write permissions
(e.g. /var/lib).
This commit is contained in:
Miroslav Lichvar 2015-08-10 17:02:12 +02:00
parent e7100e106d
commit 6d42dd8603
6 changed files with 29 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
conf.c
View file

@ -1258,6 +1258,15 @@ parse_include(char *line)
/* ================================================== */
void
CNF_CreateDirs(uid_t uid, gid_t gid)
{
UTI_CreateDirAndParents(logdir, 0755, uid, gid);
UTI_CreateDirAndParents(dumpdir, 0755, uid, gid);
}
/* ================================================== */
void
CNF_AddInitSources(void)
{

2
conf.h
View file

@ -39,6 +39,8 @@ extern char *CNF_GetRtcDevice(void);
extern void CNF_ReadFile(const char *filename);
extern void CNF_ParseLine(const char *filename, int number, char *line);
extern void CNF_CreateDirs(uid_t uid, gid_t gid);
extern void CNF_AddInitSources(void);
extern void CNF_AddSources(void);
extern void CNF_AddBroadcasts(void);

12
logging.c
View file

@ -299,18 +299,6 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...)
/* ================================================== */
void
LOG_CreateLogFileDir(void)
{
const char *logdir;
logdir = CNF_GetLogDir();
UTI_CreateDirAndParents(logdir, 0755, 0, 0);
}
/* ================================================== */
void
LOG_CycleLogFiles(void)
{

1
logging.h
View file

@ -142,7 +142,6 @@ extern LOG_FileID LOG_FileOpen(const char *name, const char *banner);
FORMAT_ATTRIBUTE_PRINTF(2, 3)
extern void LOG_FileWrite(LOG_FileID id, const char *format, ...);
extern void LOG_CreateLogFileDir(void);
extern void LOG_CycleLogFiles(void);
#endif /* GOT_LOGGING_H */

5
main.c
View file

@ -493,12 +493,13 @@ int main
if ((pw = getpwnam(user)) == NULL)
LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
/* Create all directories before dropping root */
CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
/* Drop root privileges if the user has non-zero uid or gid */
if (pw->pw_uid || pw->pw_gid)
SYS_DropRoot(pw->pw_uid, pw->pw_gid);
LOG_CreateLogFileDir();
REF_Initialise();
SST_Initialise();
NIO_Initialise(address_family);

30
sources.c
View file

@ -1092,23 +1092,23 @@ SRC_DumpSources(void)
direc_len = strlen(direc);
file_len = direc_len + 24;
filename = MallocArray(char, file_len); /* a bit of slack */
if (UTI_CreateDirAndParents(direc, 0755, 0, 0)) {
for (i=0; i<n_sources; i++) {
a = (sources[i]->ref_id) >> 24;
b = ((sources[i]->ref_id) >> 16) & 0xff;
c = ((sources[i]->ref_id) >> 8) & 0xff;
d = ((sources[i]->ref_id)) & 0xff;
snprintf(filename, file_len-1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
out = fopen(filename, "w");
if (!out) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
} else {
SST_SaveToFile(sources[i]->stats, out);
fclose(out);
}
for (i = 0; i < n_sources; i++) {
a = (sources[i]->ref_id) >> 24;
b = ((sources[i]->ref_id) >> 16) & 0xff;
c = ((sources[i]->ref_id) >> 8) & 0xff;
d = ((sources[i]->ref_id)) & 0xff;
snprintf(filename, file_len - 1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
out = fopen(filename, "w");
if (!out) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
} else {
SST_SaveToFile(sources[i]->stats, out);
fclose(out);
}
}
Free(filename);
}