From: Alan T. DeKok Date: Mon, 1 Jun 2015 15:36:41 +0000 (-0400) Subject: create radlog_dir along with run_dir. X-Git-Tag: release_3_0_9~297 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3fcabebe4b15a3d2bdc01a450e7e4d892ec46d8e;p=thirdparty%2Ffreeradius-server.git create radlog_dir along with run_dir. And create the output log file AFTER changing SUID --- diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c index 307cd883137..9888eb8efec 100644 --- a/src/main/mainconfig.c +++ b/src/main/mainconfig.c @@ -582,7 +582,40 @@ static int switch_users(CONF_SECTION *cs) } } #endif - + + /* + * If we did change from root to a normal user, do some + * more work. + * + * Try to create the various output directories. Because + * this creation is new in 3.0.9, it's a soft fail. + * + * And once we're done with all of the above work, + * permanently change the UID. + */ + if (do_suid) { + char *my_dir; + + my_dir = talloc_strdup(NULL, run_dir); + if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { + DEBUG("Failed to create run_dir %s: %s", + my_dir, strerror(errno)); + } + talloc_free(my_dir); + + if (default_log.dst == L_DST_FILES) { + my_dir = talloc_strdup(NULL, radlog_dir); + if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { + DEBUG("Failed to create logdir %s: %s", + my_dir, strerror(errno)); + } + talloc_free(my_dir); + } + + rad_suid_set_down_uid(server_uid); + rad_suid_down(); + } + /* * If we don't already have a log file open, open one * now. We may not have been logging anything yet. The @@ -615,30 +648,6 @@ static int switch_users(CONF_SECTION *cs) } } - /* - * If we did change from root to a normal user, do some - * more work. - * - * Try to create the "run_dir", where the PID file is - * located. Because this attempt is new in 3.0.9, it's a - * soft fail. - * - * And once we're done with all of the aboe work, - * permanently change the UID. - */ - if (do_suid) { - char *my_run_dir = talloc_strdup(NULL, run_dir); - - if (rad_mkdir(my_run_dir, 0600, server_uid, server_gid) < 0) { - radlog(L_WARN, "Failed to create run_dir %s: %s", - run_dir, strerror(errno)); - } - talloc_free(my_run_dir); - - rad_suid_set_down_uid(server_uid); - rad_suid_down(); - } - /* * This also clears the dumpable flag if core dumps * aren't allowed.