From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 4 Jul 2011 16:09:00 +0000 (+0200)
Subject: Set ownership of domain socket when starting
X-Git-Tag: release_2_1_12~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e43829a776933eb8703db447d6c5cb3160ec504;p=thirdparty%2Ffreeradius-server.git

Set ownership of domain socket when starting
---

diff --git a/src/main/command.c b/src/main/command.c
index 85f76c72b30..f2406a56d34 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -1928,6 +1928,23 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
 		return -1;
 	}
 
+#if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
+	/*
+	 *	Don't chown it from (possibly) non-root to root.
+	 *	Do chown it from (possibly) root to non-root.
+	 */
+	if ((sock->uid != 0) && (sock->gid != 0)) {
+		fr_suid_up();
+		if (fchown(this->fd, sock->uid, sock->gid) < 0) {
+			radlog(L_ERR, "Failed setting ownership of %s: %s",
+			       sock->path, strerror(errno));
+			fr_suid_down();
+			return -1;
+		}
+		fr_suid_down();
+	}
+#endif
+
 	return 0;
 }