MXS-2728: Give maxscale ownership of the .secrets file

Since most of the time users run MaxScale as the maxscale user, we can
change the ownership of the file when it is being created. This prevents
the need to manually set the permissions after the file is created.

If the user creating the file is root, the ownership change will work but
on the other hand if the user simply has write permission into MaxScale's
files, the ownership change will likely cause an error. This will still be
an improvement as the user will know the file ownership needs to be
changed.

server/core/maxkeys.cc

@@ -16,7 +16,10 @@
  */
 #include <maxscale/ccdefs.hh>
 #include <getopt.h>
+#include <sys/types.h>
+#include <pwd.h>
 #include <stdio.h>
+#include <unistd.h>
 #include <maxscale/paths.h>
 #include <maxscale/random.h>
 #include "internal/secrets.hh"
@@ -24,13 +27,9 @@
 #ifdef HAVE_GLIBC
 struct option options[] =
 {
-    {
+    {"help", no_argument,       NULL, 'h'},
-        "help",
+    {"user", required_argument, NULL, 'u'},
-        no_argument,
+    {NULL,   0,                 NULL, 0  }
-        NULL,
-        'h'
-    },
-    {NULL, 0, NULL, 0}
 };
 #endif
 
@@ -45,7 +44,8 @@ void print_usage(const char* executable, const char* directory)
            "Note that re-creating the .secrets file will invalidate all existing\n"
            "passwords used in the configuration file.\n"
            "\n"
-           " -h, --help: Display this help.\n"
+           " -h, --help    Display this help\n"
+           " -u, --user    Sets the owner of the .secrets file (default: maxscale)\n"
            "\n"
            "directory  : The directory where the .secrets file should be created.\n"
            "\n"
@@ -57,7 +57,8 @@ void print_usage(const char* executable, const char* directory)
 
 int main(int argc, char** argv)
 {
-    const char* directory = get_datadir();
+    std::string directory = get_datadir();
+    std::string username = "maxscale";
 
     int c;
 #ifdef HAVE_GLIBC
@@ -69,12 +70,16 @@ int main(int argc, char** argv)
         switch (c)
         {
         case 'h':
-            print_usage(argv[0], directory);
+            print_usage(argv[0], directory.c_str());
             exit(EXIT_SUCCESS);
             break;
 
+        case 'u':
+            username = optarg;
+            break;
+
         default:
-            print_usage(argv[0], directory);
+            print_usage(argv[0], directory.c_str());
             exit(EXIT_FAILURE);
             break;
         }
@@ -84,7 +89,7 @@ int main(int argc, char** argv)
 
     if (optind == argc)
     {
-        fprintf(stderr, "Generating .secrets file in %s.\n", directory);
+        fprintf(stderr, "Generating .secrets file in %s.\n", directory.c_str());
     }
     else
     {
@@ -93,7 +98,25 @@ int main(int argc, char** argv)
 
     mxs_log_init(NULL, NULL, MXS_LOG_TARGET_DEFAULT);
 
-    if (secrets_write_keys(directory) != 0)
+    if (secrets_write_keys(directory.c_str()) == 0)
+    {
+        std::string filename = directory + "/.secrets";
+
+        if (auto user = getpwnam(username.c_str()))
+        {
+            if (chown(filename.c_str(), user->pw_uid, user->pw_gid) == -1)
+            {
+                fprintf(stderr, "Failed to give '%s' ownership of '%s': %d, %s",
+                        username.c_str(), filename.c_str(), errno, strerror(errno));
+            }
+        }
+        else
+        {
+            fprintf(stderr, "Could not find user '%s' when attempting to change ownership of '%s': %d, %s",
+                    username.c_str(), filename.c_str(), errno, strerror(errno));
+        }
+    }
+    else
     {
         fprintf(stderr, "Failed to create the .secrets file.\n");
         rval = EXIT_FAILURE;