+/* SPDX-License-Identifier: LGPL-2.1+ */
/***
This file is part of systemd.
Copyright 2014 Kay Sievers, Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "sd-daemon.h"
if (r < 0)
return log_error_errno(errno, "Failed to change file access mode: %m");
r = fchown(fd, uid, gid);
+ if (r < 0)
return log_error_errno(errno, "Failed to change file owner: %m");
}
} else {
- r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid);
+ r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid,
+ MKDIR_FOLLOW_SYMLINK | MKDIR_WARN_MODE);
if (r < 0)
return log_error_errno(r, "Failed to create state directory: %m");
int main(int argc, char *argv[]) {
_cleanup_(manager_freep) Manager *m = NULL;
const char *user = "systemd-timesync";
- uid_t uid;
+ uid_t uid, uid_current;
gid_t gid;
int r;
goto finish;
}
- r = get_user_creds(&user, &uid, &gid, NULL, NULL);
- if (r < 0) {
- log_error_errno(r, "Cannot resolve user name %s: %m", user);
- goto finish;
+ uid = uid_current = geteuid();
+ gid = getegid();
+
+ if (uid_current == 0) {
+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+ if (r < 0) {
+ log_error_errno(r, "Cannot resolve user name %s: %m", user);
+ goto finish;
+ }
}
r = load_clock_timestamp(uid, gid);
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
* privileges are already dropped. */
- if (geteuid() == 0) {
+ if (uid_current == 0) {
r = drop_privileges(uid, gid, (1ULL << CAP_SYS_TIME));
if (r < 0)
goto finish;
if (clock_is_localtime(NULL) > 0) {
log_info("The system is configured to read the RTC time in the local time zone. "
- "This mode can not be fully supported. All system time to RTC updates are disabled.");
+ "This mode cannot be fully supported. All system time to RTC updates are disabled.");
m->rtc_local_time = true;
}