From ff73bc778e5eeb9ae4133d9bb14993b3ed49667d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Sat, 19 Oct 2019 21:12:10 +0300 Subject: [PATCH] MXS-2728: Give maxscale ownership of the .secrets file Since most of the time users run MaxScale as the maxscale user, we can change the ownership of the file when it is being created. This prevents the need to manually set the permissions after the file is created. If the user creating the file is root, the ownership change will work but on the other hand if the user simply has write permission into MaxScale's files, the ownership change will likely cause an error. This will still be an improvement as the user will know the file ownership needs to be changed. --- server/core/maxkeys.cc | 49 +++++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 13 deletions(-) diff --git a/server/core/maxkeys.cc b/server/core/maxkeys.cc index 939fedd08..2820c1262 100644 --- a/server/core/maxkeys.cc +++ b/server/core/maxkeys.cc @@ -16,7 +16,10 @@ */ #include #include +#include +#include #include +#include #include #include #include "internal/secrets.hh" @@ -24,13 +27,9 @@ #ifdef HAVE_GLIBC struct option options[] = { - { - "help", - no_argument, - NULL, - 'h' - }, - {NULL, 0, NULL, 0} + {"help", no_argument, NULL, 'h'}, + {"user", required_argument, NULL, 'u'}, + {NULL, 0, NULL, 0 } }; #endif @@ -45,7 +44,8 @@ void print_usage(const char* executable, const char* directory) "Note that re-creating the .secrets file will invalidate all existing\n" "passwords used in the configuration file.\n" "\n" - " -h, --help: Display this help.\n" + " -h, --help Display this help\n" + " -u, --user Sets the owner of the .secrets file (default: maxscale)\n" "\n" "directory : The directory where the .secrets file should be created.\n" "\n" @@ -57,7 +57,8 @@ void print_usage(const char* executable, const char* directory) int main(int argc, char** argv) { - const char* directory = get_datadir(); + std::string directory = get_datadir(); + std::string username = "maxscale"; int c; #ifdef HAVE_GLIBC @@ -69,12 +70,16 @@ int main(int argc, char** argv) switch (c) { case 'h': - print_usage(argv[0], directory); + print_usage(argv[0], directory.c_str()); exit(EXIT_SUCCESS); break; + case 'u': + username = optarg; + break; + default: - print_usage(argv[0], directory); + print_usage(argv[0], directory.c_str()); exit(EXIT_FAILURE); break; } @@ -84,7 +89,7 @@ int main(int argc, char** argv) if (optind == argc) { - fprintf(stderr, "Generating .secrets file in %s.\n", directory); + fprintf(stderr, "Generating .secrets file in %s.\n", directory.c_str()); } else { @@ -93,7 +98,25 @@ int main(int argc, char** argv) mxs_log_init(NULL, NULL, MXS_LOG_TARGET_DEFAULT); - if (secrets_write_keys(directory) != 0) + if (secrets_write_keys(directory.c_str()) == 0) + { + std::string filename = directory + "/.secrets"; + + if (auto user = getpwnam(username.c_str())) + { + if (chown(filename.c_str(), user->pw_uid, user->pw_gid) == -1) + { + fprintf(stderr, "Failed to give '%s' ownership of '%s': %d, %s", + username.c_str(), filename.c_str(), errno, strerror(errno)); + } + } + else + { + fprintf(stderr, "Could not find user '%s' when attempting to change ownership of '%s': %d, %s", + username.c_str(), filename.c_str(), errno, strerror(errno)); + } + } + else { fprintf(stderr, "Failed to create the .secrets file.\n"); rval = EXIT_FAILURE;