[collectd] [PATCH] email plugin: Change owner and mode of the UNIX socket if possible.

Sebastian Harl sh<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>tokkee.org
Thu Nov 30 12:02:10 CET 2006 

Set the owner and mode to COLLECTD_GRP_NAME (defaulting to "collectd") and 0770
respectively. A couple of different daemons running as different users might
want to connect to it.

Signed-off-by: Sebastian Harl <sh<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>tokkee.org>
---
 configure.in   |    1 +
 src/collectd.h |    4 ++++
 src/email.c    |   27 +++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/configure.in b/configure.in
index eecefae..b610230 100644
--- a/configure.in
+++ b/configure.in
@@ -277,6 +277,7 @@ #	include <sys/socket.h>
 #endif
 ])
 AC_CHECK_HEADERS(sys/un.h)
+AC_CHECK_HEADERS(grp.h)
 
 # For debugging interface (variable number of arguments)
 AC_CHECK_HEADERS(stdarg.h)
diff --git a/src/collectd.h b/src/collectd.h
index 4d75db4..d8f74f9 100644
--- a/src/collectd.h
+++ b/src/collectd.h
@@ -200,6 +200,10 @@ #define MODE_CLIENT 0x02
 #define MODE_LOCAL  0x04
 #define MODE_LOG    0x08
 
+#ifndef COLLECTD_GRP_NAME
+#	define COLLECTD_GRP_NAME "collectd"
+#endif
+
 #ifndef COLLECTD_STEP
 #  define COLLECTD_STEP "10"
 #endif
diff --git a/src/email.c b/src/email.c
index 5f612cd..27370ae 100644
--- a/src/email.c
+++ b/src/email.c
@@ -55,6 +55,10 @@ #elif HAVE_SYS_UN_H
 #	include <sys/un.h>
 #endif /* HAVE_LINUX_UN_H | HAVE_SYS_UN_H */
 
+#if HAVE_GRP_H
+#	include <grp.h>
+#endif /* HAVE_GRP_H */
+
 #define MODULE_NAME "email"
 
 /* 256 bytes ought to be enough for anybody ;-) */
@@ -484,6 +488,29 @@ static void *open_connection (void *arg)
 		pthread_exit ((void *)1);
 	}
 
+	if ((uid_t)0 == geteuid ()) {
+		struct group *grp;
+
+		errno = 0;
+		if (NULL != (grp = getgrnam (COLLECTD_GRP_NAME))) {
+			errno = 0;
+			if (0 != chown (SOCK_PATH, (uid_t)-1, grp->gr_gid)) {
+				syslog (LOG_WARNING, "chown() failed: %s", strerror (errno));
+			}
+		}
+		else {
+			syslog (LOG_WARNING, "getgrnam() failed: %s", strerror (errno));
+		}
+	}
+	else {
+		syslog (LOG_WARNING, "not running as root");
+	}
+
+	errno = 0;
+	if (0 != chmod (SOCK_PATH, S_IRWXU | S_IRWXG)) {
+		syslog (LOG_WARNING, "chmod() failed: %s", strerror (errno));
+	}
+
 	{ /* initialize queue of available threads */
 		int i = 0;
 
-- 
1.4.3.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20061130/e01410ed/attachment.pgp

More information about the collectd mailing list