file-logger: Set owner/group of log file
The file is usually opened/created by root, however, if user/group IDs are configured and the configuration is reloaded, the file will be reopened as configured user. Like with UNIX sockets we only attempt to change the user if we have CAP_CHOWN allowing a start as regular user. We don't have chown() on Windows, so check for it.
This commit is contained in:
parent
db772305c6
commit
b06374f6a5
|
@ -661,7 +661,7 @@ AC_CHECK_FUNC(
|
|||
]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
|
||||
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
|
||||
AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
|
||||
|
||||
AC_CHECK_FUNC([syslog], [
|
||||
|
|
|
@ -243,6 +243,25 @@ METHOD(file_logger_t, open_, void,
|
|||
this->filename, strerror(errno));
|
||||
return;
|
||||
}
|
||||
#ifdef HAVE_CHOWN
|
||||
if (lib->caps->check(lib->caps, CAP_CHOWN))
|
||||
{
|
||||
if (chown(this->filename, lib->caps->get_uid(lib->caps),
|
||||
lib->caps->get_gid(lib->caps)) != 0)
|
||||
{
|
||||
DBG1(DBG_NET, "changing owner/group for '%s' failed: %s",
|
||||
this->filename, strerror(errno));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (chown(this->filename, -1, lib->caps->get_gid(lib->caps)) != 0)
|
||||
{
|
||||
DBG1(DBG_NET, "changing group for '%s' failed: %s",
|
||||
this->filename, strerror(errno));
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_CHOWN */
|
||||
#ifdef HAVE_SETLINEBUF
|
||||
if (flush_line)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue