![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecb5747)
raw | patch | inline | side by side (parent: ecb5747)
| author | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
| Mon, 3 Sep 2007 13:59:08 +0000 (15:59 +0200) | ||
| committer | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
| Mon, 3 Sep 2007 13:59:08 +0000 (15:59 +0200) |
In that order. The manpage and the config template have been updated.
| src/collectd-exec.pod | patch | blob | history | |
| src/collectd.conf.in | patch | blob | history | |
| src/collectd.conf.pod | patch | blob | history | |
| src/exec.c | patch | blob | history |
diff --git a/src/collectd-exec.pod b/src/collectd-exec.pod
index eaa4f8b43dec48ee8a3d2d3d9ce29f2270590d1d..27d0eedca01956d44787ef9b7c08a0a8caca9237 100644 (file)
--- a/src/collectd-exec.pod
+++ b/src/collectd-exec.pod
LoadPlugin exec
# ...
<Plugin exec>
- Exec myuser myprog
- Exec otheruser /path/to/another/binary
+ Exec "myuser:mygroup" "myprog"
+ Exec "otheruser" "/path/to/another/binary"
</Plugin>
=head1 DESCRIPTION
diff --git a/src/collectd.conf.in b/src/collectd.conf.in
index 313fd914d69de13d7a3ecdb59152651ad8b3422a..af2db91abf69971990876f92422de8fb80d3fe0b 100644 (file)
--- a/src/collectd.conf.in
+++ b/src/collectd.conf.in
#</Plugin>
#<Plugin exec>
-# Exec user "/path/to/exec"
+# Exec "user:group" "/path/to/exec"
#</Plugin>
#<Plugin hddtemp>
diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod
index 3de2f243d60289c1bbbb1e8b48d0dcda2c22e4bd..29e26af4dddc34a57e46a617193ebfe099d80270 100644 (file)
--- a/src/collectd.conf.pod
+++ b/src/collectd.conf.pod
=item B<Exec> I<User>[:[I<Group>]] I<Executable>
Execute the executable I<Executable> as user I<User>. If the user name is
-followed by a colon and a group name, the program is executed as the specified
-group. If only the colon follows the user name the group defaults to the
-user's login group.
+followed by a colon and a group name, the effective group is set to that group.
+The real group and saved-set group will be set to the default group of that
+user. If no group is given the effective group ID will be the same as the real
+group ID.
+
+Please note that in order to change the user and/or group the daemon needs
+superuser privileges. If the daemon is run as an unprivileged user you must
+specify the same user/group here. If the daemon is run with superuser
+privileges, you must supply a non-root user here.
=back
diff --git a/src/exec.c b/src/exec.c
index e899a1c32057a2d7408d01bee3c59e64bfb85f1f..d9f2d8ce26c60bfc9de60b45fe47a46dd65ac560 100644 (file)
--- a/src/exec.c
+++ b/src/exec.c
int status;
int uid;
int gid;
+ int egid;
char *arg0;
struct passwd *sp_ptr;
}
uid = sp.pw_uid;
+ gid = sp.pw_gid;
if (uid == 0)
{
ERROR ("exec plugin: Cowardly refusing to exec program as root.");
exit (-1);
}
+ /* The group configured in the configfile is set as effective group, because
+ * this way the forked process can (re-)gain the user's primary group. */
+ egid = -1;
if (NULL != pl->group)
{
if ('\0' != *pl->group) {
exit (-1);
}
- gid = gr.gr_gid;
+ egid = gr.gr_gid;
}
else
{
- gid = sp.pw_gid;
+ egid = gid;
}
+ } /* if (pl->group == NULL) */
+
+ status = setgid (gid);
+ if (status != 0)
+ {
+ ERROR ("exec plugin: setgid (%i) failed: %s",
+ gid, sstrerror (errno, errbuf, sizeof (errbuf)));
+ exit (-1);
+ }
- status = setgid (gid);
- if (0 != status)
+ if (egid != -1)
+ {
+ status = setegid (egid);
+ if (status != 0)
{
- ERROR ("exec plugin: setgid failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
+ ERROR ("exec plugin: setegid (%i) failed: %s",
+ egid, sstrerror (errno, errbuf, sizeof (errbuf)));
exit (-1);
}
- } /* if (pl->group == NULL) */
+ }
status = setuid (uid);
if (status != 0)
{
- ERROR ("exec plugin: setuid failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
+ ERROR ("exec plugin: setuid (%i) failed: %s",
+ uid, sstrerror (errno, errbuf, sizeof (errbuf)));
exit (-1);
}