* When not running as root, call the setuid helper to change the

ownership of the build result after the build.
author: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-07T15·18+0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-07T15·18+0000
commit: a0a43c32062f756b32feca7d04e89fb5d01767db (patch)
tree: e1236e717e1e59b06ae8248fbfac7a8f702a94a3 /src/libstore/build.cc
parent: 6a07ff1ec068c6255d45644eb182dea5c0027286 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 2b6e1be14550..c4ff62891404 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder()
                safe.  Also note that setuid() when run as root sets
                the real, effective and saved UIDs. */
             if (buildUser.enabled()) {
-                printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID());
+                printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser());
 
                 if (amPrivileged()) {
                     
@@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure()
             throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
 #endif
 
+        if (buildUser.enabled() && !amPrivileged())
+            /* Call the setuid helper to change ownership from the
+               build user to our uid.  If we *are* root, then
+               canonicalisePathMetaData() will take care of this. */
+            getOwnership(path);
+            
         /* Get rid of all weird permissions. */
 	canonicalisePathMetaData(path);
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-07T15·18+0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-07T15·18+0000
commit	a0a43c32062f756b32feca7d04e89fb5d01767db (patch)
tree	e1236e717e1e59b06ae8248fbfac7a8f702a94a3 /src/libstore/build.cc
parent	6a07ff1ec068c6255d45644eb182dea5c0027286 (diff)