diff options
| author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-07T15·18+0000 |
|---|---|---|
| committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-07T15·18+0000 |
| commit | a0a43c32062f756b32feca7d04e89fb5d01767db (patch) | |
| tree | e1236e717e1e59b06ae8248fbfac7a8f702a94a3 | |
| parent | 6a07ff1ec068c6255d45644eb182dea5c0027286 (diff) | |
* When not running as root, call the setuid helper to change the
ownership of the build result after the build.
| -rw-r--r-- | src/libstore/build.cc | 8 | ||||
| -rw-r--r-- | src/libstore/local-store.cc | 12 |
2 files changed, 13 insertions, 7 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2b6e1be14550..c4ff62891404 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder() safe. Also note that setuid() when run as root sets the real, effective and saved UIDs. */ if (buildUser.enabled()) { - printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID()); + printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser()); if (amPrivileged()) { @@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure() throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); #endif + if (buildUser.enabled() && !amPrivileged()) + /* Call the setuid helper to change ownership from the + build user to our uid. If we *are* root, then + canonicalisePathMetaData() will take care of this. */ + getOwnership(path); + /* Get rid of all weird permissions. */ canonicalisePathMetaData(path); diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index c1fcb035bc82..143f093e5bac 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path) if (!S_ISLNK(st.st_mode)) { + if (st.st_uid != geteuid()) { + if (chown(path.c_str(), geteuid(), -1) == -1) + throw SysError(format("changing owner of `%1%' to %2%") + % path % geteuid()); + } + /* Mask out all type related bits. */ mode_t mode = st.st_mode & ~S_IFMT; @@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path) throw SysError(format("changing mode of `%1%' to %2$o") % path % mode); } - if (st.st_uid != geteuid() || st.st_gid != getegid()) { - if (chown(path.c_str(), geteuid(), getegid()) == -1) - throw SysError(format("changing owner/group of `%1%' to %2%/%3%") - % path % geteuid() % getegid()); - } - if (st.st_mtime != 0) { struct utimbuf utimbuf; utimbuf.actime = st.st_atime; |