From: Alan T. DeKok Date: Fri, 14 Aug 2015 08:58:16 +0000 (+0200) Subject: Always create run_dir and logdir if needed X-Git-Tag: release_3_0_10~243 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cf5ba30095497eb1acbabd1c5e2a3f0bd347a9a;p=thirdparty%2Ffreeradius-server.git Always create run_dir and logdir if needed --- diff --git a/src/include/radiusd.h b/src/include/radiusd.h index 8f71005fe7f..1123b777a23 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -165,6 +165,9 @@ typedef struct main_config { bool allow_core_dumps; //!< Whether the server is allowed to drop a core when //!< receiving a fatal signal. + bool write_pid; //!< write the PID file + + #ifdef ENABLE_OPENSSL_VERSION_CHECK char const *allow_vulnerable_openssl; //!< The CVE number of the last security issue acknowledged. #endif diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c index a082d6c0c0e..2af8889723c 100644 --- a/src/main/mainconfig.c +++ b/src/main/mainconfig.c @@ -584,16 +584,15 @@ static int switch_users(CONF_SECTION *cs) #endif /* - * If we did change from root to a normal user, do some - * more work. + * The directories for PID files and logs must exist. We + * need to create them if we're told to write files to + * those directories. * - * Try to create the various output directories. Because - * this creation is new in 3.0.9, it's a soft fail. + * Because this creation is new in 3.0.9, it's a soft + * fail. * - * And once we're done with all of the above work, - * permanently change the UID. */ - if (do_suid) { + if (main_config.write_pid) { char *my_dir; my_dir = talloc_strdup(NULL, run_dir); @@ -602,16 +601,24 @@ static int switch_users(CONF_SECTION *cs) my_dir, strerror(errno)); } talloc_free(my_dir); + } - if (default_log.dst == L_DST_FILES) { - my_dir = talloc_strdup(NULL, radlog_dir); - if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { - DEBUG("Failed to create logdir %s: %s", - my_dir, strerror(errno)); - } - talloc_free(my_dir); + if (default_log.dst == L_DST_FILES) { + char *my_dir; + + my_dir = talloc_strdup(NULL, radlog_dir); + if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { + DEBUG("Failed to create logdir %s: %s", + my_dir, strerror(errno)); } + talloc_free(my_dir); + } + /* + * Once we're done with all of the privileged work, + * permanently change the UID. + */ + if (do_suid) { rad_suid_set_down_uid(server_uid); rad_suid_down(); } diff --git a/src/main/radiusd.c b/src/main/radiusd.c index d65f1601e03..fa0fcfa843f 100644 --- a/src/main/radiusd.c +++ b/src/main/radiusd.c @@ -91,7 +91,6 @@ int main(int argc, char *argv[]) int status; int argval; bool spawn_flag = true; - bool write_pid = false; bool display_version = false; int flag = 0; int from_child[2] = {-1, -1}; @@ -222,7 +221,7 @@ int main(int argc, char *argv[]) case 'P': /* Force the PID to be written, even in -f mode */ - write_pid = true; + main_config.write_pid = true; break; case 's': /* Single process mode */ @@ -331,6 +330,11 @@ int main(int argc, char *argv[]) tls_global_init(); #endif + /* + * Write the PID always if we're running as a daemon. + */ + if (main_config.daemonize) main_config.write_pid = true; + /* * Read the configuration files, BEFORE doing anything else. */ @@ -523,15 +527,10 @@ int main(int argc, char *argv[]) radius_stats_init(0); #endif - /* - * Write the PID always if we're running as a daemon. - */ - if (main_config.daemonize) write_pid = true; - /* * Write the PID after we've forked, so that we write the correct one. */ - if (write_pid) { + if (main_config.write_pid) { FILE *fp; fp = fopen(main_config.pid_file, "w");