From: drh <drh@noemail.net>
Date: Sat, 11 Feb 2012 19:23:48 +0000 (+0000)
Subject: When creating journal files (including -wal and -shm files) try to set the
X-Git-Tag: version-3.7.11~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac7c3ac150b00d2d4450894b873e0615601cb728;p=thirdparty%2Fsqlite.git

When creating journal files (including -wal and -shm files) try to set the
ownership to be the same as the original database.  This will prevent root
from locking out the original owner of the file.

FossilOrigin-Name: 1254dffe4071656a783cd000b1dd40c975ac18cb
---

diff --git a/manifest b/manifest
index 4c3f43e124..bf76b978d3 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\sa\sredundant\stest\sfrom\sthe\sshared-memory\slogic\sin\sos_unix.c.
-D 2012-02-11T18:51:34.899
+C When\screating\sjournal\sfiles\s(including\s-wal\sand\s-shm\sfiles)\stry\sto\sset\sthe\nownership\sto\sbe\sthe\ssame\sas\sthe\soriginal\sdatabase.\s\sThis\swill\sprevent\sroot\nfrom\slocking\sout\sthe\soriginal\sowner\sof\sthe\sfile.
+D 2012-02-11T19:23:48.068
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 3f79a373e57c3b92dabf76f40b065e719d31ac34
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -166,7 +166,7 @@ F src/os.c e1acdc09ff3ac2412945cca9766e2dcf4675f31c
 F src/os.h 59beba555b65a450bd1d804220532971d4299f60
 F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
-F src/os_unix.c 35fb4bc9bc1acf2fb67d4c3b78d1ab471e22a0fd
+F src/os_unix.c f7e7b3e4f6922e3b07250a22c81da766ac2cc8fa
 F src/os_win.c 5ac061ae1326a71500cee578ed0fd9113b4f6a37
 F src/pager.c 2d892f7b901a8867a33bc21742086165a3a99af8
 F src/pager.h a435da8421dc7844b7f9c7f37b636c160c50208a
@@ -989,7 +989,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P 33294bbd1724665832464b33f865a29dc82b90f6
-R 00b08584e9c041156461ca40087c2e4e
+P 31142ca795005bf664f34000591e6572c72652f2
+R bf3c1343906df15f83435e1a674bd11e
 U drh
-Z c9bd46f5e0e3af1639554e403a310b26
+Z 10acee19c2f6805ba89a4f170956f4c5
diff --git a/manifest.uuid b/manifest.uuid
index b10ed1b83c..be561debed 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-31142ca795005bf664f34000591e6572c72652f2
\ No newline at end of file
+1254dffe4071656a783cd000b1dd40c975ac18cb
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index b717a08d72..5e4ab8d248 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -3904,6 +3904,13 @@ static int unixOpenSharedMemory(unixFile *pDbFd){
         rc = unixLogError(SQLITE_CANTOPEN_BKPT, "open", zShmFilename);
         goto shm_open_err;
       }
+
+      /* If this process is running as root, make sure that the SHM file
+      ** is owned by the same user that owns the original database.  Otherwise,
+      ** the original owner will not be able to connect. If this process is
+      ** not root, the following fchown() will fail, but we don't care.
+      */
+      fchown(pShmNode->h, sStat.st_uid, sStat.st_gid);
   
       /* Check to see if another process is holding the dead-man switch.
       ** If not, truncate the file to zero length. 
@@ -4896,10 +4903,14 @@ static UnixUnusedFd *findReusableFd(const char *zPath, int flags){
 static int findCreateFileMode(
   const char *zPath,              /* Path of file (possibly) being created */
   int flags,                      /* Flags passed as 4th argument to xOpen() */
-  mode_t *pMode                   /* OUT: Permissions to open file with */
+  mode_t *pMode,                  /* OUT: Permissions to open file with */
+  uid_t *pUid,                    /* OUT: uid to set on the file */
+  gid_t *pGid                     /* OUT: gid to set on the file */
 ){
   int rc = SQLITE_OK;             /* Return Code */
   *pMode = SQLITE_DEFAULT_FILE_PERMISSIONS;
+  *pUid = 0;
+  *pGid = 0;
   if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
     char zDb[MAX_PATHNAME+1];     /* Database file path */
     int nDb;                      /* Number of valid bytes in zDb */
@@ -4933,6 +4944,8 @@ static int findCreateFileMode(
 
     if( 0==osStat(zDb, &sStat) ){
       *pMode = sStat.st_mode & 0777;
+      *pUid = sStat.st_uid;
+      *pGid = sStat.st_gid;
     }else{
       rc = SQLITE_IOERR_FSTAT;
     }
@@ -5079,7 +5092,9 @@ static int unixOpen(
 
   if( fd<0 ){
     mode_t openMode;              /* Permissions to create file with */
-    rc = findCreateFileMode(zName, flags, &openMode);
+    uid_t uid;                    /* Userid for the file */
+    gid_t gid;                    /* Groupid for the file */
+    rc = findCreateFileMode(zName, flags, &openMode, &uid, &gid);
     if( rc!=SQLITE_OK ){
       assert( !p->pUnused );
       assert( eType==SQLITE_OPEN_WAL || eType==SQLITE_OPEN_MAIN_JOURNAL );
@@ -5100,6 +5115,16 @@ static int unixOpen(
       rc = unixLogError(SQLITE_CANTOPEN_BKPT, "open", zName);
       goto open_finished;
     }
+
+    /* If this process is running as root and if creating a new rollback
+    ** journal or WAL file, set the ownership of the journal or WAL to be
+    ** the same as the original database.  If we are not running as root,
+    ** then the fchown() call will fail, but that's ok - there is nothing
+    ** we can do about it so just ignore the error.
+    */
+    if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
+      fchown(fd, uid, gid);
+    }
   }
   assert( fd>=0 );
   if( pOutFlags ){