On Tue, Sep 18, 2007 at 04:17:32AM -0400, Daniel Veillard wrote:
On Tue, Sep 18, 2007 at 05:38:09AM +0100, Daniel P. Berrange wrote:
NB, the virConf apis don't seem to recognise Octal numbers when parsing the config file, so I've used strings for the permissions. Not a big deal really unless someone desperately wants to fix the config file parser... [...] +static gid_t unix_sock_gid = 0; /* Only root by default */ +static int unix_sock_rw_perms = 0700; /* Allow user only */ +static int unix_sock_ro_perms = 0777; /* Allow world */ [...] - if (readonly) - oldmask = umask(~(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)); - else - oldmask = umask(~(S_IRUSR | S_IWUSR)); + oldgrp = getgid(); + oldmask = umask(readonly ? ~unix_sock_ro_perms : ~unix_sock_rw_perms); + if (getuid() == 0) + setgid(unix_sock_gid); +
Looks fine but we went from the full macros definition to the pre digested octal value. But I'm not old enough to really care :-)
The umask was wanting a mask, while the configuration file (for end-user sanity) wants a mode instead. So I figured it was best to simply stick with mode throughout the code, and simply invert it when passing into umask at time of use. I added this to CVS & along with the updated docs on the 3 new configuration parameters for the daemon. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|