tree-wide: port various places over to use chmod_and_chown()
Doing this properly is hard, hence let's unify the code.
This commit is contained in:
parent
f8a8579e84
commit
4b3b5bc71b
|
@ -359,13 +359,7 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi
|
|||
* something fchown(), fchmod(), futimensat() don't allow. */
|
||||
xsprintf(fdpath, "/proc/self/fd/%i", fd);
|
||||
|
||||
if (mode != MODE_INVALID)
|
||||
if (chmod(fdpath, mode) < 0)
|
||||
ret = -errno;
|
||||
|
||||
if (uid_is_valid(uid) || gid_is_valid(gid))
|
||||
if (chown(fdpath, uid, gid) < 0 && ret >= 0)
|
||||
ret = -errno;
|
||||
ret = fchmod_and_chown(fd, mode, uid, gid);
|
||||
|
||||
if (stamp != USEC_INFINITY) {
|
||||
struct timespec ts[2];
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
#include "chown-recursive.h"
|
||||
#include "dirent-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "macro.h"
|
||||
#include "stdio-util.h"
|
||||
#include "strv.h"
|
||||
|
@ -22,16 +23,13 @@ static int chown_one(
|
|||
|
||||
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
|
||||
const char *n;
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(st);
|
||||
|
||||
if ((!uid_is_valid(uid) || st->st_uid == uid) &&
|
||||
(!gid_is_valid(gid) || st->st_gid == gid))
|
||||
return 0;
|
||||
|
||||
/* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with
|
||||
* O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */
|
||||
/* We change ACLs through the /proc/self/fd/%i path, so that we have a stable reference that works
|
||||
* with O_PATH. */
|
||||
xsprintf(procfs_path, "/proc/self/fd/%i", fd);
|
||||
|
||||
/* Drop any ACL if there is one */
|
||||
|
@ -40,16 +38,9 @@ static int chown_one(
|
|||
if (!IN_SET(errno, ENODATA, EOPNOTSUPP, ENOSYS, ENOTTY))
|
||||
return -errno;
|
||||
|
||||
if (chown(procfs_path, uid, gid) < 0)
|
||||
return -errno;
|
||||
|
||||
/* The linux kernel alters the mode in some cases of chown(), as well when we change ACLs. Let's undo this. We
|
||||
* do this only for non-symlinks however. That's because for symlinks the access mode is ignored anyway and
|
||||
* because on some kernels/file systems trying to change the access mode will succeed but has no effect while
|
||||
* on others it actively fails. */
|
||||
if (!S_ISLNK(st->st_mode))
|
||||
if (chmod(procfs_path, st->st_mode & 07777 & mask) < 0)
|
||||
return -errno;
|
||||
r = fchmod_and_chown(fd, st->st_mode & mask, uid, gid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -728,25 +728,24 @@ static int setup_output(
|
|||
}
|
||||
|
||||
static int chown_terminal(int fd, uid_t uid) {
|
||||
struct stat st;
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
/* Before we chown/chmod the TTY, let's ensure this is actually a tty */
|
||||
if (isatty(fd) < 1)
|
||||
return 0;
|
||||
if (isatty(fd) < 1) {
|
||||
if (IN_SET(errno, EINVAL, ENOTTY))
|
||||
return 0; /* not a tty */
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
/* This might fail. What matters are the results. */
|
||||
(void) fchown(fd, uid, -1);
|
||||
(void) fchmod(fd, TTY_MODE);
|
||||
r = fchmod_and_chown(fd, TTY_MODE, uid, -1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
return -errno;
|
||||
|
||||
if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
|
||||
return -EPERM;
|
||||
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int setup_confirm_stdio(const char *vc, int *_saved_stdin, int *_saved_stdout) {
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
|
||||
#include "alloc-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "io-util.h"
|
||||
#include "log.h"
|
||||
#include "main-func.h"
|
||||
|
@ -156,8 +157,7 @@ static int run(int argc, char *argv[]) {
|
|||
/* This is just a safety measure. Given that we are root and
|
||||
* most likely created the file ourselves the mode and owner
|
||||
* should be correct anyway. */
|
||||
(void) fchmod(seed_fd, 0600);
|
||||
(void) fchown(seed_fd, 0, 0);
|
||||
(void) fchmod_and_chown(seed_fd, 0600, 0, 0);
|
||||
|
||||
k = loop_read(random_fd, buf, buf_size, false);
|
||||
if (k < 0)
|
||||
|
|
|
@ -310,10 +310,10 @@ static int node_permissions_apply(sd_device *dev, bool apply,
|
|||
|
||||
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
|
||||
log_device_debug(dev, "Setting permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
|
||||
if (chmod(devnode, mode) < 0)
|
||||
r = log_device_warning_errno(dev, errno, "Failed to set mode of %s to %#o: %m", devnode, mode);
|
||||
if (chown(devnode, uid, gid) < 0)
|
||||
r = log_device_warning_errno(dev, errno, "Failed to set owner of %s to uid=%u, gid=%u: %m", devnode, uid, gid);
|
||||
|
||||
r = chmod_and_chown(devnode, mode, uid, gid);
|
||||
if (r < 0)
|
||||
log_device_warning_errno(dev, r, "Failed to set owner/mode of %s to uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m", devnode, uid, gid, mode);
|
||||
} else
|
||||
log_device_debug(dev, "Preserve permissions of %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
#include "format-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "glob-util.h"
|
||||
#include "libudev-util.h"
|
||||
|
@ -2591,25 +2592,14 @@ int udev_rules_apply_static_dev_perms(UdevRules *rules) {
|
|||
else
|
||||
mode = 0600;
|
||||
}
|
||||
if (mode != (stats.st_mode & 01777)) {
|
||||
r = chmod(device_node, mode);
|
||||
if (r < 0)
|
||||
return log_error_errno(errno, "Failed to chmod '%s' %#o: %m",
|
||||
device_node, mode);
|
||||
else
|
||||
log_debug("chmod '%s' %#o", device_node, mode);
|
||||
}
|
||||
|
||||
if ((uid != 0 && uid != stats.st_uid) || (gid != 0 && gid != stats.st_gid)) {
|
||||
r = chown(device_node, uid, gid);
|
||||
if (r < 0)
|
||||
return log_error_errno(errno, "Failed to chown '%s' %u %u: %m",
|
||||
device_node, uid, gid);
|
||||
else
|
||||
log_debug("chown '%s' %u %u", device_node, uid, gid);
|
||||
}
|
||||
r = chmod_and_chown(device_node, mode, uid, gid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to chown/chmod '%s' uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m", device_node, uid, gid, mode);
|
||||
if (r > 0)
|
||||
log_debug("chown/chmod '%s' uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o", device_node, uid, gid, mode);
|
||||
|
||||
utimensat(AT_FDCWD, device_node, NULL, 0);
|
||||
(void) utimensat(AT_FDCWD, device_node, NULL, 0);
|
||||
break;
|
||||
}
|
||||
case TK_END:
|
||||
|
|
Loading…
Reference in New Issue