[lttng-dev] [PATCH] lttng-sessiond: Set group permissions explicitly.

Juha Niskanen juniskane at gmail.com
Fri Feb 17 12:08:23 EST 2012 

If root has a restrictive umask, e.g. 0077 when starting the session
daemon, users in kernel tracing group cannot access the global run
directory.

This patch drops unnecessary group mode bits and always sets the global
run dir permission regardless of umask.

Signed-off-by: Juha Niskanen <juniskane at gmail.com>
---
 src/bin/lttng-sessiond/main.c |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
index 6ae3744..2838689 100644
--- a/src/bin/lttng-sessiond/main.c
+++ b/src/bin/lttng-sessiond/main.c
@@ -3913,7 +3913,7 @@ static int check_existing_daemon(void)
 * Set the tracing group gid onto the client socket.
 *
 * Race window between mkdir and chown is OK because we are going from more
- * permissive (root.root) to les permissive (root.tracing).
+ * permissive (root.root) to less permissive (root.tracing).
 */
 static int set_permissions(char *rundir)
 {
@@ -3934,6 +3934,13 @@ static int set_permissions(char *rundir)
               perror("chown");
       }

+       /* Ensure tracing group can search the run dir */
+       ret = chmod(rundir, S_IRWXU | S_IXGRP);
+       if (ret < 0) {
+               ERR("Unable to set permissions on %s", rundir);
+               perror("chmod");
+       }
+
       /* lttng client socket path */
       ret = chown(client_unix_sock_path, 0, gid);
       if (ret < 0) {
@@ -3993,7 +4000,7 @@ static int create_lttng_rundir(const char *rundir)

       DBG3("Creating LTTng run directory: %s", rundir);

-       ret = mkdir(rundir, S_IRWXU | S_IRWXG );
+       ret = mkdir(rundir, S_IRWXU);
       if (ret < 0) {
               if (errno != EEXIST) {
                       ERR("Unable to create %s", rundir);
@@ -4035,7 +4042,7 @@ static int set_consumer_sockets(struct
consumer_data *consumer_data,

       DBG2("Creating consumer directory: %s", path);

-       ret = mkdir(path, S_IRWXU | S_IRWXG);
+       ret = mkdir(path, S_IRWXU);
       if (ret < 0) {
               if (errno != EEXIST) {
                       ERR("Failed to create %s", path);
--
1.7.4.1

More information about the lttng-dev mailing list