From: Tobias Brunner Date: Tue, 14 Apr 2020 08:31:49 +0000 (+0200) Subject: file-logger: Set owner/group of log file X-Git-Tag: 5.9.0dr1~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b06374f6a518584fc40f58e42dae14ee93f645f2;p=thirdparty%2Fstrongswan.git file-logger: Set owner/group of log file The file is usually opened/created by root, however, if user/group IDs are configured and the configuration is reloaded, the file will be reopened as configured user. Like with UNIX sockets we only attempt to change the user if we have CAP_CHOWN allowing a start as regular user. We don't have chown() on Windows, so check for it. --- diff --git a/configure.ac b/configure.ac index 7788121e15..867b2040dd 100644 --- a/configure.ac +++ b/configure.ac @@ -661,7 +661,7 @@ AC_CHECK_FUNC( ] ) -AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) +AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown) AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero) AC_CHECK_FUNC([syslog], [ diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index d1f1802274..704c4a510e 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -243,6 +243,25 @@ METHOD(file_logger_t, open_, void, this->filename, strerror(errno)); return; } +#ifdef HAVE_CHOWN + if (lib->caps->check(lib->caps, CAP_CHOWN)) + { + if (chown(this->filename, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing owner/group for '%s' failed: %s", + this->filename, strerror(errno)); + } + } + else + { + if (chown(this->filename, -1, lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing group for '%s' failed: %s", + this->filename, strerror(errno)); + } + } +#endif /* HAVE_CHOWN */ #ifdef HAVE_SETLINEBUF if (flush_line) {