Re: [chrony-dev] create_dir in util.c - permissions

[Bryan Christianson <bryan@xxxxxxxxxxxxx>]

> On 23/11/2015, at 8:29 PM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
> 
> On Sat, Nov 21, 2015 at 01:37:37PM +1300, Bryan Christianson wrote:
>> Something I noticed when enabling a non-privileged user after having previously been running chronyd as root.
>> 
>> If a directory already exists, create_dir just returns
>> 
>>    if (S_ISDIR(buf.st_mode))
>>      return 1;
>>    LOG(LOGS_ERR, LOGF_Util, "%s is not directory", p);
>>    return 0;
>> 
>> 
>> I think there should be a call to chown(p, uid, gid) before the return. 
> 
> I'm not sure. I think that could be a dangerous operation. What if
> someone misunderstood the requirements and set the socket path to
> /var/run for instance?
> 
>> Not sure what to do with any existing directory contents. Maybe they should also be chown() 'd.
> 
> Probably better to not assume anything about the content.
> 
>> Or maybe the system administrator should be doing all this manually. :)
> 
> Yes, I'd rather leave that up to the admin or a package postinstall
> script to allow an upgrade to a configuration dropping root
> privileges.
> 
> Isn't /var/run typically localted on a ramdisk or at least cleaned on
> boot? In the worst case reboot should be able to fix it.
> 

/var/run isn't really the problem because reboot does clean all that up. Its logdir, dumpdir and drigtfile that have problems and the non-privileged daemon is unable to update them. And the error is easily missed because its not a show stopper, just a warning message in the syslog. (I wondered why my graphs stopped updating after switching to non-privileged mode)

Anyway, its not a big problem and can be easily worked around by scripts or manual intervention.

B




--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.