From 2cdbaf75ea610741270f944d3bd234f9f9c02aea Mon Sep 17 00:00:00 2001 From: Dmitry Borodaenko Date: Tue, 5 Jul 2011 16:23:06 +0300 Subject: [PATCH] Configurable file permissions in rlm_linelog --- raddb/modules/linelog | 8 ++++++++ src/modules/rlm_linelog/rlm_linelog.c | 5 ++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/raddb/modules/linelog b/raddb/modules/linelog index 30a0d34c59..2be4d81c11 100644 --- a/raddb/modules/linelog +++ b/raddb/modules/linelog @@ -17,6 +17,14 @@ linelog { # go to syslog. filename = ${logdir}/linelog + # + # The Unix-style permissions on the log file. + # + # Depending on format string, the log file may contain secret or + # private information about users. Keep the file permissions as + # restrictive as possible. + permissions = 0600 + # # The default format string. format = "This is a log message for %{User-Name}" diff --git a/src/modules/rlm_linelog/rlm_linelog.c b/src/modules/rlm_linelog/rlm_linelog.c index bfdb516ccb..edb0065023 100644 --- a/src/modules/rlm_linelog/rlm_linelog.c +++ b/src/modules/rlm_linelog/rlm_linelog.c @@ -45,6 +45,7 @@ RCSID("$Id$") typedef struct rlm_linelog_t { CONF_SECTION *cs; char *filename; + int permissions; char *line; char *reference; } rlm_linelog_t; @@ -61,6 +62,8 @@ typedef struct rlm_linelog_t { static const CONF_PARSER module_config[] = { { "filename", PW_TYPE_STRING_PTR, offsetof(rlm_linelog_t,filename), NULL, NULL}, + { "permissions", PW_TYPE_INTEGER, + offsetof(rlm_linelog_t,permissions), NULL, "0600"}, { "format", PW_TYPE_STRING_PTR, offsetof(rlm_linelog_t,line), NULL, NULL}, { "reference", PW_TYPE_STRING_PTR, @@ -240,7 +243,7 @@ static int do_linelog(void *instance, REQUEST *request) radius_xlat(buffer, sizeof(buffer), inst->filename, request, NULL); - fd = open(buffer, O_WRONLY | O_APPEND | O_CREAT, 0600); + fd = open(buffer, O_WRONLY | O_APPEND | O_CREAT, inst->permissions); if (fd == -1) { radlog(L_ERR, "rlm_linelog: Failed to open %s: %s", buffer, strerror(errno)); -- 2.47.2