}
}
+void create_needed_dir(const char *dir, uid_t uid, gid_t gid)
+{
+ // attempt to create the directory
+ if(mkdir(dir, 0755) == 0) {
+ // we created it
+
+ // chown it to match the required user
+ if(chown(dir, uid, gid) == -1)
+ error("Cannot chown directory '%s' to %u:%u", dir, (unsigned int)uid, (unsigned int)gid);
+ }
+ else if(errno != EEXIST)
+ // log an error only if the directory does not exist
+ error("Cannot create directory '%s'", dir);
+}
+
int become_user(const char *username, int pid_fd)
{
struct passwd *pw = getpwnam(username);
uid_t uid = pw->pw_uid;
gid_t gid = pw->pw_gid;
+ create_needed_dir(CACHE_DIR, uid, gid);
+ create_needed_dir(VARLIB_DIR, uid, gid);
+
+ if(pidfile[0]) {
+ if(chown(pidfile, uid, gid) == -1)
+ error("Cannot chown '%s' to %u:%u", pidfile, (unsigned int)uid, (unsigned int)gid);
+ }
+
int ngroups = (int)sysconf(_SC_NGROUPS_MAX);
gid_t *supplementary_groups = NULL;
if(ngroups) {
error("Cannot set supplementary groups for user '%s'", username);
freez(supplementary_groups);
- supplementary_groups = NULL;
ngroups = 0;
}
+#ifdef __APPLE__
+ if(setregid(gid, gid) != 0) {
+#else
if(setresgid(gid, gid, gid) != 0) {
+#endif /* __APPLE__ */
error("Cannot switch to user's %s group (gid: %u).", username, gid);
return -1;
}
+#ifdef __APPLE__
+ if(setreuid(uid, uid) != 0) {
+#else
if(setresuid(uid, uid, uid) != 0) {
+#endif /* __APPLE__ */
error("Cannot switch to user %s (uid: %u).", username, uid);
return -1;
}
}
// Set new file permissions
- umask(0002);
+ umask(0007);
// adjust my Out-Of-Memory score
oom_score_adj(1000);
}
else debug(D_SYSTEM, "Successfully became user '%s'.", user);
}
+ else {
+ create_needed_dir(CACHE_DIR, getuid(), getgid());
+ create_needed_dir(VARLIB_DIR, getuid(), getgid());
+ }
- if(pidfd != -1) {
+ if(pidfd != -1)
close(pidfd);
- pidfd = -1;
- }
return(0);
}
projects / netdata.git / blobdiff