[chrony-dev] Wrong owner/group of /var/run/chrony

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-dev] Wrong owner/group of /var/run/chrony
From: Bryan Christianson <bryan@xxxxxxxxxxxxx>
Date: Thu, 13 Aug 2015 07:55:24 +1200
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smtpcorp.com; s=a0-2; h=Feedback-ID:X-Smtpcorp-Track:To:Message-Id:Date: From:Subject; bh=nci4nOVD18hGCcCbMoPt0mHMJMLO+zwE0x5t5NJjtZA=; b=tEbIJO8Ie4qW oqRaRQeEf8RUHOT2qnMMk47lJYY0m1cVRtQn0qcoUQvDPUPN62eeS6Ys8oJrvjH1TBruMm+5QMSf3 MFMSuZVuXlLd2GFSf0F2Bjw+7SBYaMrVzbxdj1B3rUpfJ2KnzPScUovK7sgQhph6tGe0IINGUCvxK CH7HaPsYARZkQ3U2g+7/MrHwqKjMRnNtRPWRBwrRIwJkj5fq1xFkpfCyf308YgD17aGEuhEZKQ2VS WSjYx5nS0TV5TF6Ob13LyAeX9f0mEnxK9MHhDEl1kL8pchxAiB4+0qkLdGI7QKt2YMqKYze2ai37z oBUjU8D/8t5LILvU4oXEsA==;
Feedback-id: 149811m:149811acx33YQ:149811sEvxrR4bxS:SMTPCORP

> On 13/08/2015, at 2:14 am, git@xxxxxxxxxxxxx wrote:
> 
> 
> 
> commit f1ed08abf020cec229af6d60104d37d5ee288ef6
> Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
> Date:   Tue Aug 11 17:41:02 2015 +0200
> 
>    conf: create directory for Unix domain command socket
> 
>    Try to create the directory where will be the Unix domain command socket
>    bound to allow starting with empty /var/run. Check the permissions and
>    owner/group in case the directory already existed. It MUST NOT be
>    accessible by others as permissions on Unix domain sockets are ignored
>    on some systems (e.g. Solaris).
> 
> 

I'm getting the following at chronyd startup

2015-08-12T19:48:04Z Wrong owner/group of /var/run/chrony
2015-08-12T19:48:04Z Disabled command socket /var/run/chrony/chronyd.sock

/var/run/chrony does not exist and is being created by chronyd

On MacOS, /var/run (existing system directory) has permissions:
sh-3.2# ls -ld /var/run
drwxrwxr-x  34 root  daemon  1156 13 Aug 07:34 /var/run

and from the mkdir (2) man page
DESCRIPTION
     The directory's owner ID is set to the process's effective user ID.  The
     directory's group ID is set to that of the parent directory in which it
     is created.


Then in util.c create_dir() we have

  /* Change its ownership if requested */
  if ((uid || gid) && chown(p, uid, gid) < 0) {
    LOG(LOGS_ERR, LOGF_Util, "Could not change ownership of %s : %s", p, strerror(errno));
    /* Don't leave it there with incorrect ownership */
    rmdir(p);
    return 0;
  }

i.e. The directory was just created by mkdir with uid 0, gid 1 (gid 1 is daemon) but because we are requesting gid and uid to be 0, the chown() is not made.

This is followed by failure in UTI_CheckDirPermissions() because the newly created directory permissions do not match uid 0, gid 0

Maybe the call to chown() should just be unconditional

-- 
Bryan Christianson

 
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-dev] Wrong owner/group of /var/run/chrony
  - From: Miroslav Lichvar

References:
- [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-31-gb6a27df
  - From: git

Messages sorted by: [ date | thread ]
Prev by Date: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-31-gb6a27df
Next by Date: Re: [chrony-dev] [PATCH] MacOS X - Dynamic drift removal interval
Previous by thread: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-31-gb6a27df
Next by thread: Re: [chrony-dev] Wrong owner/group of /var/run/chrony

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/