void vlog_set_pattern(enum vlog_destination, const char *pattern);
int vlog_set_log_file(const char *file_name);
int vlog_reopen_log_file(void);
+void vlog_change_owner(uid_t, gid_t);
/* Configure method how vlog should send messages to syslog server. */
void vlog_set_syslog_method(const char *method);
{
if ((setresgid(real, effective, saved) == -1) ||
!gid_verify(real, effective, saved)) {
- VLOG_FATAL("%s: fail to switch group to gid as %d, aborting",
+ VLOG_FATAL("%s: failed to switch group to gid as %d, aborting",
pidfile, gid);
}
}
static void
daemon_become_new_user__(bool access_datapath)
{
+ /* If vlog file has been created, change its owner to the non-root user
+ * as specifed by the --user option. */
+ vlog_change_owner(uid, gid);
+
if (LINUX) {
if (LIBCAPNG) {
daemon_become_new_user_linux(access_datapath);
* All of the following is protected by 'log_file_mutex', which nests inside
* pattern_rwlock. */
static struct ovs_mutex log_file_mutex = OVS_MUTEX_INITIALIZER;
-static char *log_file_name OVS_GUARDED_BY(log_file_mutex);
+static char *log_file_name = NULL OVS_GUARDED_BY(log_file_mutex);
static int log_fd OVS_GUARDED_BY(log_file_mutex) = -1;
static struct async_append *log_writer OVS_GUARDED_BY(log_file_mutex);
static bool log_async OVS_GUARDED_BY(log_file_mutex);
}
}
+/* In case a log file exists, change its owner to new 'user' and 'group'.
+ *
+ * This is useful for handling cases where the --log-file option is
+ * specified ahead of the --user option. */
+void
+vlog_change_owner(uid_t user, gid_t group)
+{
+ if (!log_file_name) {
+ return;
+ }
+
+ ovs_mutex_lock(&log_file_mutex);
+ int error = chown(log_file_name, user, group);
+ ovs_mutex_unlock(&log_file_mutex);
+
+ if (error) {
+ VLOG_FATAL("Failed to change %s ownership: %s.",
+ log_file_name, ovs_strerror(errno));
+ }
+}
+
/* Set debugging levels. Returns null if successful, otherwise an error
* message that the caller must free(). */
char *