1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From: Michael Tokarev <mjt@tls.msk.ru>
Subject: do not chown control socket
Date: Thu, 28 Apr 2022 12:26:18 +0300
There's no need to chown the control socket to the unbound user,
only group ownership is actually useful.
diff --git a/daemon/remote.c b/daemon/remote.c
index 675ef439..76eb6118 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -294,7 +294,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
/* This looks like a local socket */
fd = create_local_accept_sock(ip, &noproto, cfg->use_systemd);
/*
- * Change socket ownership and permissions so users other
+ * Change socket group ownership and permissions so users other
* than root can access it provided they are in the same
* group as the user we run as.
*/
@@ -302,11 +302,10 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
#ifdef HAVE_CHOWN
chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
if (cfg->username && cfg->username[0] &&
- cfg_uid != (uid_t)-1) {
- if(chown(ip, cfg_uid, cfg_gid) == -1)
- verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
- (unsigned)cfg_uid, (unsigned)cfg_gid,
- ip, strerror(errno));
+ cfg_gid != (gid_t)-1) {
+ if(chown(ip, -1, cfg_gid) == -1)
+ verbose(VERB_QUERY, "cannot chgrp %u %s: %s",
+ (unsigned)cfg_gid, ip, strerror(errno));
}
#else
(void)cfg;
|
