(RADIATOR) Switch to non root id and logfile ownership

Christian Kratzer ck-lists at cksoft.de
Fri Feb 22 04:14:38 CST 2008 

Hi,

On Thu, 21 Feb 2008, Markus Moeller wrote:

> I think I mentioned before that I get access problems when starting as root and switch the user id. If I user variables in the logfile name it is very difficult to make sure at each restart that the files is first created with the right ownership.  I patched Util.pm to check the file ownership and change it when required before attempting to write to it.

this generally happens when you start radiator as root in a trace level
higher than 3 in which case raditor will log things before reaching the
point where it switches the uid/gid.

So this would normally not happen in a production environment where you
run radiator in trace level 3 or lower.

> Do you see a problem with it ?

it should work in all trace levels. Have you checked that ?

Greetings
Christian

> Markus
>
> --- Radiator-4.0/Radius/Util.pm Wed Feb 20 05:57:11 2008
> +++ Util.pm     Thu Feb 21 15:21:36 2008
> @@ -599,6 +599,26 @@
>        # mkpath can die
>        eval {mkpath(dirname($filename), 0, 0755)}
>            unless -d dirname($filename);
> +        # Make sure the log file ownership is in line with uid and gid
> +        if ( defined $main::config->{Group} || defined $main::config->{User} ) {
> +            my $tf = ">>$filename";
> +            if ( ! -e $filename ) {
> +                open(FILE, $tf) || return;
> +                close(FILE) || return;
> +            }
> +            my $fuid = (stat($filename))[4];
> +            my $fgid = (stat($filename))[5];
> +            my $gid = (getgrnam($main::config->{Group}))[2]
> +                if ($main::config->{Group} !~ /^\d+$/);
> +            my $uid = (getpwnam($main::config->{User}))[2]
> +                if ($main::config->{User} !~ /^\d+$/);
> +            if ( defined $gid && $gid != $fgid ) {
> +                chown(-1,$gid,$filename);
> +            }
> +            if ( defined $uid && $uid != $fuid ) {
> +                chown($uid,-1,$filename);
> +            }
> +        }
>        $filename = ">>$filename";
>     }
>

-- 
Christian Kratzer                      CK Software GmbH
Email:   ck at cksoft.de                  Schwarzwaldstr. 31
Phone:   +49 7452 889 135              D-71131 Jettingen
Fax:     +49 7452 889 136              HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list