From 3ec10888c6f1794c6168e622c5790ced64bc1056 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Mon, 1 Jun 2015 11:36:41 -0400 Subject: [PATCH] create radlog_dir along with run_dir. And create the output log file AFTER changing SUID --- src/main/mainconfig.c | 59 +++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c index 117f1fb770b1..49a75fa001ca 100644 --- a/src/main/mainconfig.c +++ b/src/main/mainconfig.c @@ -582,7 +582,40 @@ static int switch_users(CONF_SECTION *cs) } } #endif - + + /* + * If we did change from root to a normal user, do some + * more work. + * + * Try to create the various output directories. Because + * this creation is new in 3.0.9, it's a soft fail. + * + * And once we're done with all of the above work, + * permanently change the UID. + */ + if (do_suid) { + char *my_dir; + + my_dir = talloc_strdup(NULL, run_dir); + if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { + DEBUG("Failed to create run_dir %s: %s", + my_dir, strerror(errno)); + } + talloc_free(my_dir); + + if (default_log.dst == L_DST_FILES) { + my_dir = talloc_strdup(NULL, radlog_dir); + if (rad_mkdir(my_dir, 0750, server_uid, server_gid) < 0) { + DEBUG("Failed to create logdir %s: %s", + my_dir, strerror(errno)); + } + talloc_free(my_dir); + } + + rad_suid_set_down_uid(server_uid); + rad_suid_down(); + } + /* * If we don't already have a log file open, open one * now. We may not have been logging anything yet. The @@ -615,30 +648,6 @@ static int switch_users(CONF_SECTION *cs) } } - /* - * If we did change from root to a normal user, do some - * more work. - * - * Try to create the "run_dir", where the PID file is - * located. Because this attempt is new in 3.0.9, it's a - * soft fail. - * - * And once we're done with all of the aboe work, - * permanently change the UID. - */ - if (do_suid) { - char *my_run_dir = talloc_strdup(NULL, run_dir); - - if (rad_mkdir(my_run_dir, 0600, server_uid, server_gid) < 0) { - radlog(L_WARN, "Failed to create run_dir %s: %s", - run_dir, strerror(errno)); - } - talloc_free(my_run_dir); - - rad_suid_set_down_uid(server_uid); - rad_suid_down(); - } - /* * This also clears the dumpable flag if core dumps * aren't allowed.