From: Hartmut Goebel <h.goebel@crazy-compilers.com>
To: guix-devel@gnu.org
Subject: [Patch v2] daemon: Set ownership of kept build directories to the calling user.
Date: Thu, 17 Nov 2016 12:30:25 +0100 [thread overview]
Message-ID: <1479382225-25227-1-git-send-email-h.goebel@crazy-compilers.com> (raw)
Fixes <http://bugs.gnu.org/15890>.
* nix/libstore/globals.hh (Settings) Add clientUid and clientGid.
* nix/nix-daemon/nix-daemon.cc (pdaemonLoop] Store UID and GID of the
caller in settings.
* nix/libstore/build.cc (_chown): New function.
(DerivationGoal::deleteTmpDir): Use it, change ownership of build
directory if it is kept.
---
nix/libstore/build.cc | 24 ++++++++++++++++++++++++
nix/libstore/globals.hh | 6 ++++++
nix/nix-daemon/nix-daemon.cc | 13 +++++++++++++
3 files changed, 43 insertions(+)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index ae78e65..b49fb95 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -2609,6 +2609,23 @@ void DerivationGoal::closeLogFile()
}
+static void _chown(const Path & path, uid_t uid, gid_t gid)
+{
+ checkInterrupt();
+
+ printMsg(lvlVomit, format("%1%") % path);
+
+ if (chown(path.c_str(), uid, gid) == -1) {
+ throw SysError(format("change owner and group of `%1%'") % path);
+ }
+ struct stat st = lstat(path);
+ if (S_ISDIR(st.st_mode)) {
+ for (auto & i : readDirectory(path))
+ _chown(path + "/" + i.name, uid, gid);
+ }
+}
+
+
void DerivationGoal::deleteTmpDir(bool force)
{
if (tmpDir != "") {
@@ -2617,6 +2634,13 @@ void DerivationGoal::deleteTmpDir(bool force)
format("note: keeping build directory `%2%'")
% drvPath % tmpDir);
chmod(tmpDir.c_str(), 0755);
+ // Change the ownership if clientUid is set. Never change the
+ // ownership to "root" for security reasons. So zero is used as
+ // marker for unset.
+ if (settings.clientUid != 0) {
+ _chown(tmpDir, settings.clientUid,
+ settings.clientGid != 0 ? settings.clientGid : -1);
+ }
}
else
deletePath(tmpDir);
diff --git a/nix/libstore/globals.hh b/nix/libstore/globals.hh
index 8c07e36..dc6a004 100644
--- a/nix/libstore/globals.hh
+++ b/nix/libstore/globals.hh
@@ -70,6 +70,12 @@ struct Settings {
subgoal of the same goal) fails. */
bool keepGoing;
+ /* User and groud id of the client issuing the buld request. Used to set
+ the owner and group of the keept temporary directories of failed
+ builds. */
+ uid_t clientUid;
+ gid_t clientGid;
+
/* Whether, if we cannot realise the known closure corresponding
to a derivation, we should try to normalise the derivation
instead. */
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 35c284f..e900a7d 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -950,6 +950,19 @@ static void daemonLoop()
strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1]));
}
+#if defined(SO_PEERCRED)
+ /* Store the client's user and group for this connection. This
+ has to be done in the forked process since it is per
+ connection. */
+ settings.clientUid = cred.uid;
+ settings.clientGid = cred.gid;
+#else
+ /* Setting these to zero means: do not change, esp. do not
+ change to "root". */
+ settings.clientUid = 0;
+ settings.clientGid = 0;
+#endif
+
/* Handle the connection. */
from.fd = remote;
to.fd = remote;
--
2.7.4
next reply other threads:[~2016-11-17 11:30 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-17 11:30 Hartmut Goebel [this message]
2016-11-21 14:13 ` [Patch v2] daemon: Set ownership of kept build directories to the calling user Ludovic Courtès
2016-11-21 14:18 ` Hartmut Goebel
2016-11-27 21:04 ` Ludovic Courtès
2016-11-28 21:31 ` Hartmut Goebel
2016-12-01 0:01 ` Danny Milosavljevic
2016-12-05 20:46 ` [PATCH v3] " Hartmut Goebel
2016-12-06 15:08 ` Ludovic Courtès
2016-12-08 12:12 ` Hartmut Goebel
2016-12-08 12:14 ` [PATCH v4] " Hartmut Goebel
2016-12-09 14:23 ` Ludovic Courtès
2016-12-09 14:47 ` Hartmut Goebel
2016-12-09 14:22 ` [PATCH v3] " Ludovic Courtès
2016-12-09 15:50 ` Guile-SSH found at configure-time but not at run-time Hartmut Goebel
2016-12-09 20:35 ` Ludovic Courtès
2019-07-11 20:26 ` [bug#36605] [PATCH v4] daemon: Set ownership of kept build directories to the calling user Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH] gc: Add option --keep-going Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH] gnu: Add anonip Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH] gnu: Add dtrx Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH] gnu: Add php-hello-world Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH] gnu: Add python-gunicorn and python2-gunicorn Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 0/2] Updated patches for gunicorn Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 1/2] gnu: Add gunicorn and gunicorn-python2 Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 2/2] gnu: Build documentation for " Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 0/3] Emhancements to the ant-build-system Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 1/3] guix: ant-build-system: put dummy project-name into default build.xml Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 2/3] guix: ant-build-system: add empty `tests` target to " Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 3/3] gnu: Remove now useless #:tests? #f from java-packages Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 00/12] Java build-system and some packages Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 01/12] guix: ant-bulild-sytem: allow specifying the source directory Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 02/12] guix: ant-build-system: use abs path as basedir Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 03/12] guix: Add java-utils Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 04/12] gnu: Add java-plexus-utils Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 05/12] gnu: Add java-plexus-interpolation Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 06/12] gnu: Add java-commons-cli Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 07/12] gnu: Add java-commons-codec Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 08/12] gnu: Add java-commons-daemon Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 09/12] gnu: Add java-commons-io Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 10/12] gnu: Add java-commons-lang Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 11/12] gnu: Add java-commons-lang3 Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 12/12] gnu: Add java-commons-bcel Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 1/6] gnu: kcoreaddons: Enable test-suite Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 2/6] gnu: kirigami: " Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 3/6] gnu: kpackage: " Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 4/6] gnu: kemoticons: " Hartmut Goebel
2019-07-11 20:26 ` [bug#36605] [PATCH 5/6] gnu: knewstuff: " Hartmut Goebel
2016-12-06 20:41 ` [PATCH v3] daemon: Set ownership of kept build directories to the calling user Danny Milosavljevic
2016-12-08 12:16 ` Hartmut Goebel
2016-12-05 20:51 ` [Patch v2] " Hartmut Goebel
2016-11-21 17:36 ` Hartmut Goebel
2016-11-21 18:29 ` Hartmut Goebel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479382225-25227-1-git-send-email-h.goebel@crazy-compilers.com \
--to=h.goebel@crazy-compilers.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.