From: Dmitry Borodaenko Date: Tue, 5 Jul 2011 13:23:06 +0000 (+0300) Subject: Configurable file permissions in rlm_linelog X-Git-Tag: release_2_1_12~66^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F12%2Fhead;p=thirdparty%2Ffreeradius-server.git Configurable file permissions in rlm_linelog --- diff --git a/raddb/modules/linelog b/raddb/modules/linelog index 30a0d34c59..2be4d81c11 100644 --- a/raddb/modules/linelog +++ b/raddb/modules/linelog @@ -17,6 +17,14 @@ linelog { # go to syslog. filename = ${logdir}/linelog + # + # The Unix-style permissions on the log file. + # + # Depending on format string, the log file may contain secret or + # private information about users. Keep the file permissions as + # restrictive as possible. + permissions = 0600 + # # The default format string. format = "This is a log message for %{User-Name}" diff --git a/src/modules/rlm_linelog/rlm_linelog.c b/src/modules/rlm_linelog/rlm_linelog.c index bfdb516ccb..edb0065023 100644 --- a/src/modules/rlm_linelog/rlm_linelog.c +++ b/src/modules/rlm_linelog/rlm_linelog.c @@ -45,6 +45,7 @@ RCSID("$Id$") typedef struct rlm_linelog_t { CONF_SECTION *cs; char *filename; + int permissions; char *line; char *reference; } rlm_linelog_t; @@ -61,6 +62,8 @@ typedef struct rlm_linelog_t { static const CONF_PARSER module_config[] = { { "filename", PW_TYPE_STRING_PTR, offsetof(rlm_linelog_t,filename), NULL, NULL}, + { "permissions", PW_TYPE_INTEGER, + offsetof(rlm_linelog_t,permissions), NULL, "0600"}, { "format", PW_TYPE_STRING_PTR, offsetof(rlm_linelog_t,line), NULL, NULL}, { "reference", PW_TYPE_STRING_PTR, @@ -240,7 +243,7 @@ static int do_linelog(void *instance, REQUEST *request) radius_xlat(buffer, sizeof(buffer), inst->filename, request, NULL); - fd = open(buffer, O_WRONLY | O_APPEND | O_CREAT, 0600); + fd = open(buffer, O_WRONLY | O_APPEND | O_CREAT, inst->permissions); if (fd == -1) { radlog(L_ERR, "rlm_linelog: Failed to open %s: %s", buffer, strerror(errno));