From patchwork Wed Nov 11 22:13:47 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Zhou X-Patchwork-Id: 543109 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (li376-54.members.linode.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id E7523140281 for ; Thu, 12 Nov 2015 09:13:58 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=q9Sv3DjL; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 3B20322C3AD; Wed, 11 Nov 2015 14:13:58 -0800 (PST) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e3.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id A5C4422C39D for ; Wed, 11 Nov 2015 14:13:57 -0800 (PST) Received: from bar5.cudamail.com (localhost [127.0.0.1]) by mx1e3.cudamail.com (Postfix) with ESMTPS id 1BF3B420090 for ; Wed, 11 Nov 2015 15:13:57 -0700 (MST) X-ASG-Debug-ID: 1447280036-09eadd03652d5910001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar5.cudamail.com with ESMTP id CNWDdnyshynBrEyF (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 11 Nov 2015 15:13:56 -0700 (MST) X-Barracuda-Envelope-From: azhou@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail-pa0-f47.google.com) (209.85.220.47) by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 11 Nov 2015 22:13:56 -0000 Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.47 Received: by pabfh17 with SMTP id fh17so42858474pab.0 for ; Wed, 11 Nov 2015 14:13:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=oAEOwHNs5S7PwlvRbfku8oBPNODwvt3pqPpWEIhe9lQ=; b=q9Sv3DjLKlDFbKAoocAnuW8k73AzvFbUuajWzkK+7hiXmhk3JCbqamoIXTk4WLTLNS m/ylsBAukPe72H9AqeJC8Sf04sh0GXTPLNo5u32Bq85/8aA+KZmwvy3zWyPbFrEVNh7n IH6aRSbP/SjQW04RN0PQ8lWD3KM88jbKPkVDSg1giXgTVd+ZfsbIp7ttHmLEz9VnsC6e gOMSgIHhzvwxwsCIpb4ag5kDtL2rOtOoDGLnVL8khjEQt94AC+66zTSt/0fxk6dmkXRB PwxOdxAQ2CBfnavVRzj2SIRi07aRlh3pO+EbirAhdWhgvrmlo5jnpquDr/BwVR30gSaw ORmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=oAEOwHNs5S7PwlvRbfku8oBPNODwvt3pqPpWEIhe9lQ=; b=Jxs1QMOA+YRzyDcyo6wYyosKLJ+0I1ohK9Lc0jwUfbH8wiXkClm1WAUYIA20+Hb9D/ 70IpDkA2YO/kArWkXazx13DiN5IPO9eHi+2zoNk2K+wxg9vrydmCLGGVlOwDiUWOKK9F kU9/0Agikxmok/nlJ3vIvFYcyN9B4Q1wDYgG30Z7rt22f+FyYshIhYqc7UcKkE9iIMod +IkYROBOWvoz4LoPGXm1HBYtCcbLSJgrMg4ZMs0u2cDF9G4VxIkw9wlpCzyXG+qDW97y WsUJHnkjJsHiwvzY7FpsWmq7KWT5ncg3Bx1ZJnoK3O2BYQsEwSNRT6P/0+if5fexen1K 99sA== X-Gm-Message-State: ALoCoQlpm3daJzIa0aofpjbVM5WSdk1lQsfXpcZD8PsB9eehWMQbbF+5FuKvLMn3OhpN6kfv2KRa X-Received: by 10.66.62.202 with SMTP id a10mr17666949pas.131.1447280035402; Wed, 11 Nov 2015 14:13:55 -0800 (PST) Received: from ubuntu.localdomain ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id ea1sm11101672pbb.76.2015.11.11.14.13.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 11 Nov 2015 14:13:54 -0800 (PST) X-CudaMail-Envelope-Sender: azhou@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.1.34 From: Andy Zhou To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-1110084816 X-CudaMail-DTE: 111115 X-CudaMail-Originating-IP: 209.85.220.47 Date: Wed, 11 Nov 2015 14:13:47 -0800 X-ASG-Orig-Subj: [##CM-E2-1110084816##][additional --user changes v4 1/3] lib: simplify daemon_become_new_user__() Message-Id: <1447280029-2598-1-git-send-email-azhou@nicira.com> X-Mailer: git-send-email 1.9.1 X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1447280036 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [additional --user changes v4 1/3] lib: simplify daemon_become_new_user__() X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" A global variable 'switch_user' was used to make sure we switch process's current user only once. This logic is now simplified by testing for uid directly; if switch process has taken place, the current uid will be not be zero. Signed-off-by: Andy Zhou --- v1->v2: add a log in case --user is specified but not switched. v2->v3: remove the log and assert. allow "root" in --user option. update man page. --- lib/daemon-unix.c | 14 +++----------- lib/daemon.man | 7 ++++--- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index 868e2c9..0125745 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -84,7 +84,6 @@ static bool monitor; /* --user: Only root can use this option. Switch to new uid:gid after * initially running as root. */ static bool switch_user = false; -static bool non_root_user = false; static uid_t uid; static gid_t gid; static char *user = NULL; @@ -445,11 +444,6 @@ daemonize_start(bool access_datapath) switch_user = false; } - /* If --user is specified, make sure user switch has completed by now. */ - if (non_root_user) { - ovs_assert(geteuid() && getuid()); - } - if (detach) { pid_t pid; @@ -875,9 +869,7 @@ daemon_become_new_user(bool access_datapath) assert_single_threaded(); if (switch_user) { daemon_become_new_user__(access_datapath); - - /* Make sure daemonize_start() will not switch - * user again. */ + /* daemonize_start() should not switch user again. */ switch_user = false; } } @@ -1041,5 +1033,5 @@ daemon_set_new_user(const char *user_spec) } } - switch_user = non_root_user = true; + switch_user = true; } diff --git a/lib/daemon.man b/lib/daemon.man index 039a0c4..ff0b157 100644 --- a/lib/daemon.man +++ b/lib/daemon.man @@ -53,15 +53,16 @@ This option has no effect when \fB\-\-detach\fR is not specified. . .TP \fB\-\-user\fR -Causes \fB\*(PN\fR to run as a non root user specified in "user:group", thus -dropping all root privileges. Short forms "user" and ":group" are also +Causes \fB\*(PN\fR to run as a different user specified in "user:group", thus +dropping most of the root privileges. Short forms "user" and ":group" are also allowed, with current user or group are assumed respectively. Only daemons started by the root user accepts this argument. .IP On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES before dropping root privileges. Daemons interact with datapath, such as ovs-vswitchd, will be granted two additional capabilities, namely -CAP_NET_ADMIN and CAP_NET_RAW. +CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if +new user is "root". .IP On Windows, this option is not currently supported. For security reasons, specifying this option will cause the daemon process not to start.