If root has a restrictive umask, e.g. 0077 when starting the session
daemon, users in kernel tracing group cannot access the global run
directory.
This patch drops unnecessary group mode bits and always sets the global
run dir permission regardless of umask.
Signed-off-by: Juha Niskanen <juniskane@gmail.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
* Set the tracing group gid onto the client socket.
*
* Race window between mkdir and chown is OK because we are going from more
* Set the tracing group gid onto the client socket.
*
* Race window between mkdir and chown is OK because we are going from more
- * permissive (root.root) to les permissive (root.tracing).
+ * permissive (root.root) to less permissive (root.tracing).
*/
static int set_permissions(char *rundir)
{
*/
static int set_permissions(char *rundir)
{
+ /* Ensure tracing group can search the run dir */
+ ret = chmod(rundir, S_IRWXU | S_IXGRP);
+ if (ret < 0) {
+ ERR("Unable to set permissions on %s", rundir);
+ perror("chmod");
+ }
+
/* lttng client socket path */
ret = chown(client_unix_sock_path, 0, gid);
if (ret < 0) {
/* lttng client socket path */
ret = chown(client_unix_sock_path, 0, gid);
if (ret < 0) {
DBG3("Creating LTTng run directory: %s", rundir);
DBG3("Creating LTTng run directory: %s", rundir);
- ret = mkdir(rundir, S_IRWXU | S_IRWXG );
+ ret = mkdir(rundir, S_IRWXU);
if (ret < 0) {
if (errno != EEXIST) {
ERR("Unable to create %s", rundir);
if (ret < 0) {
if (errno != EEXIST) {
ERR("Unable to create %s", rundir);
DBG2("Creating consumer directory: %s", path);
DBG2("Creating consumer directory: %s", path);
- ret = mkdir(path, S_IRWXU | S_IRWXG);
+ ret = mkdir(path, S_IRWXU);
if (ret < 0) {
if (errno != EEXIST) {
ERR("Failed to create %s", path);
if (ret < 0) {
if (errno != EEXIST) {
ERR("Failed to create %s", path);