diff options
| author | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2016-11-21 19:49:12 +0100 |
|---|---|---|
| committer | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2016-12-09 15:46:09 +0100 |
| commit | 2608e40988ba8cf51723fe0d21bdedf6b3997c9c (patch) | |
| tree | a50081f9bc00670849296fd8f799b9a5c13ba4c9 /nix/nix-daemon | |
| parent | 43e8824d3cd3ff53671167ab9b41f0094458a4d6 (diff) | |
| download | guix-2608e40988ba8cf51723fe0d21bdedf6b3997c9c.tar.gz | |
daemon: Set ownership of kept build directories to the calling user.
Fixes <http://bugs.gnu.org/15890>. * nix/libstore/globals.hh (Settings) Add clientUid and clientGid. * nix/nix-daemon/nix-daemon.cc (daemonLoop] Store UID and GID of the caller in settings. * nix/libstore/build.cc (_chown): New function. (DerivationGoal::deleteTmpDir): Use it, change ownership of build directory if it is kept and the new owner is not root.
Diffstat (limited to 'nix/nix-daemon')
| -rw-r--r-- | nix/nix-daemon/nix-daemon.cc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 682f9a2b5b..47b67d5863 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -960,6 +960,18 @@ static void daemonLoop() strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1])); } +#if defined(SO_PEERCRED) + /* Store the client's user and group for this connection. This + has to be done in the forked process since it is per + connection. */ + settings.clientUid = cred.uid; + settings.clientGid = cred.gid; +#else + /* Setting these to -1 means: do not change */ + settings.clientUid = (uid_t) -1; + settings.clientGid = (gid_t) -1; +#endif + /* Handle the connection. */ from.fd = remote; to.fd = remote; |