/*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/* --user: Only root can use this option. Switch to new uid:gid after
* initially running as root. */
static bool switch_user = false;
-static bool non_root_user = false;
static uid_t uid;
static gid_t gid;
static char *user = NULL;
switch_user = false;
}
- /* If --user is specified, make sure user switch has completed by now. */
- if (non_root_user) {
- ovs_assert(geteuid() && getuid());
- }
-
if (detach) {
pid_t pid;
}
static bool
-gid_verify(gid_t real, gid_t effective, gid_t saved)
+gid_verify(gid_t gid)
{
- gid_t r, e, s;
+ gid_t r, e;
- return (getresgid(&r, &e, &s) == 0 &&
- gid_matches(real, r) &&
- gid_matches(effective, e) &&
- gid_matches(saved, s));
+ r = getgid();
+ e = getegid();
+ return (gid_matches(gid, r) &&
+ gid_matches(gid, e));
}
static void
-daemon_switch_group(gid_t real, gid_t effective,
- gid_t saved)
+daemon_switch_group(gid_t gid)
{
- if ((setresgid(real, effective, saved) == -1) ||
- !gid_verify(real, effective, saved)) {
+ if ((setgid(gid) == -1) || !gid_verify(gid)) {
VLOG_FATAL("%s: fail to switch group to gid as %d, aborting",
pidfile, gid);
}
}
static bool
-uid_verify(const uid_t real, const uid_t effective, const uid_t saved)
+uid_verify(const uid_t uid)
{
- uid_t r, e, s;
+ uid_t r, e;
- return (getresuid(&r, &e, &s) == 0 &&
- uid_matches(real, r) &&
- uid_matches(effective, e) &&
- uid_matches(saved, s));
+ r = getuid();
+ e = geteuid();
+ return (uid_matches(uid, r) &&
+ uid_matches(uid, e));
}
static void
-daemon_switch_user(const uid_t real, const uid_t effective, const uid_t saved,
- const char *user)
+daemon_switch_user(const uid_t uid, const char *user)
{
- if ((setresuid(real, effective, saved) == -1) ||
- !uid_verify(real, effective, saved)) {
+ if ((setuid(uid) == -1) || !uid_verify(uid)) {
VLOG_FATAL("%s: fail to switch user to %s, aborting",
pidfile, user);
}
* that calling getuid() after each setuid() call to verify they
* are actually set, because checking return code alone is not
* sufficient. */
- daemon_switch_group(gid, gid, gid);
+ daemon_switch_group(gid);
if (user && initgroups(user, gid) == -1) {
VLOG_FATAL("%s: fail to add supplementary group gid %d, "
"aborting", pidfile, gid);
}
- daemon_switch_user(uid, uid, uid, user);
+ daemon_switch_user(uid, user);
}
/* Linux specific implementation of daemon_become_new_user()
* using libcap-ng. */
-#if defined __linux__ && HAVE_LIBCAPNG
static void
-daemon_become_new_user_linux(bool access_datapath)
+daemon_become_new_user_linux(bool access_datapath OVS_UNUSED)
{
+#if defined __linux__ && HAVE_LIBCAPNG
int ret;
ret = capng_get_caps_process();
VLOG_FATAL("%s: libcap-ng fail to switch to user and group "
"%d:%d, aborting", pidfile, uid, gid);
}
-}
#endif
+}
static void
daemon_become_new_user__(bool access_datapath)
{
+ /* If vlog file has been created, change its owner to the non-root user
+ * as specifed by the --user option. */
+ vlog_change_owner_unix(uid, gid);
+
if (LINUX) {
if (LIBCAPNG) {
daemon_become_new_user_linux(access_datapath);
assert_single_threaded();
if (switch_user) {
daemon_become_new_user__(access_datapath);
-
- /* Make sure daemonize_start() will not switch
- * user again. */
+ /* daemonize_start() should not switch user again. */
switch_user = false;
}
}
}
}
- switch_user = non_root_user = true;
+ switch_user = true;
}