From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 4 Jul 2011 16:09:00 +0000 (+0200)
Subject: Set ownership of domain socket when starting
X-Git-Tag: release_3_0_0_beta0~726
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb60137a55d63fc4ee1be367e6fef4a228ae65a3;p=thirdparty%2Ffreeradius-server.git

Set ownership of domain socket when starting
---

diff --git a/src/main/command.c b/src/main/command.c
index 2e2ca346010..8eba59a9c97 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -2061,6 +2061,23 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
 		return -1;
 	}
 
+#if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
+	/*
+	 *	Don't chown it from (possibly) non-root to root.
+	 *	Do chown it from (possibly) root to non-root.
+	 */
+	if ((sock->uid != 0) && (sock->gid != 0)) {
+		fr_suid_up();
+		if (fchown(this->fd, sock->uid, sock->gid) < 0) {
+			radlog(L_ERR, "Failed setting ownership of %s: %s",
+			       sock->path, strerror(errno));
+			fr_suid_down();
+			return -1;
+		}
+		fr_suid_down();
+	}
+#endif
+
 	return 0;
 }