From 3de44dd188690763cfa8f08cf36c64ade0174501 Mon Sep 17 00:00:00 2001 From: Andy Zhou Date: Fri, 9 Oct 2015 19:07:40 -0700 Subject: [PATCH] vlog: change log file owner when switching user vlog log file can be created when parsing --log-file option, before switching user, in case the --user option is also specified. While this does not directly cause errors for the running daemons, it can leave the log files on the disk as created under the "root" user. This patch fix the log file ownership to the user specified with --user. Signed-off-by: Andy Zhou Acked-by: Ansis Atteka --- include/openvswitch/vlog.h | 1 + lib/daemon-unix.c | 6 +++++- lib/vlog.c | 23 ++++++++++++++++++++++- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/include/openvswitch/vlog.h b/include/openvswitch/vlog.h index f6bb3abdd..bc16590f8 100644 --- a/include/openvswitch/vlog.h +++ b/include/openvswitch/vlog.h @@ -143,6 +143,7 @@ void vlog_set_verbosity(const char *arg); void vlog_set_pattern(enum vlog_destination, const char *pattern); int vlog_set_log_file(const char *file_name); int vlog_reopen_log_file(void); +void vlog_change_owner(uid_t, gid_t); /* Configure method how vlog should send messages to syslog server. */ void vlog_set_syslog_method(const char *method); diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index 012574555..e69517ab4 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -739,7 +739,7 @@ daemon_switch_group(gid_t real, gid_t effective, { if ((setresgid(real, effective, saved) == -1) || !gid_verify(real, effective, saved)) { - VLOG_FATAL("%s: fail to switch group to gid as %d, aborting", + VLOG_FATAL("%s: failed to switch group to gid as %d, aborting", pidfile, gid); } } @@ -847,6 +847,10 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED) static void daemon_become_new_user__(bool access_datapath) { + /* If vlog file has been created, change its owner to the non-root user + * as specifed by the --user option. */ + vlog_change_owner(uid, gid); + if (LINUX) { if (LIBCAPNG) { daemon_become_new_user_linux(access_datapath); diff --git a/lib/vlog.c b/lib/vlog.c index da31e6f0f..841c7a46f 100644 --- a/lib/vlog.c +++ b/lib/vlog.c @@ -105,7 +105,7 @@ DEFINE_STATIC_PER_THREAD_DATA(unsigned int, msg_num, 0); * All of the following is protected by 'log_file_mutex', which nests inside * pattern_rwlock. */ static struct ovs_mutex log_file_mutex = OVS_MUTEX_INITIALIZER; -static char *log_file_name OVS_GUARDED_BY(log_file_mutex); +static char *log_file_name = NULL OVS_GUARDED_BY(log_file_mutex); static int log_fd OVS_GUARDED_BY(log_file_mutex) = -1; static struct async_append *log_writer OVS_GUARDED_BY(log_file_mutex); static bool log_async OVS_GUARDED_BY(log_file_mutex); @@ -430,6 +430,27 @@ vlog_reopen_log_file(void) } } +/* In case a log file exists, change its owner to new 'user' and 'group'. + * + * This is useful for handling cases where the --log-file option is + * specified ahead of the --user option. */ +void +vlog_change_owner(uid_t user, gid_t group) +{ + if (!log_file_name) { + return; + } + + ovs_mutex_lock(&log_file_mutex); + int error = chown(log_file_name, user, group); + ovs_mutex_unlock(&log_file_mutex); + + if (error) { + VLOG_FATAL("Failed to change %s ownership: %s.", + log_file_name, ovs_strerror(errno)); + } +} + /* Set debugging levels. Returns null if successful, otherwise an error * message that the caller must free(). */ char * -- 2.20.1