@@ -262,10 +262,18 @@ main(int argc, char *argv[])
syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
exit(1);
}
- if (setgid(p->pw_gid) == -1) {
- syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
- exit(1);
- }
+ if (chown(RPCBINDDLOCK, p->pw_uid, p->pw_gid) < 0){
+ syslog(LOG_WARNING, "chown of '%s' to %d/%d failed: %m",
+ RPCBINDDLOCK, p->pw_uid, p->pw_gid);
+ }
+ if (chown(_PATH_RPCBINDSOCK, p->pw_uid, p->pw_gid) < 0){
+ syslog(LOG_WARNING, "chown of '%s' to %d/%d failed: %m",
+ _PATH_RPCBINDSOCK, p->pw_uid, p->pw_gid);
+ }
+ if (setgid(p->pw_gid) == -1) {
+ syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
+ exit(1);
+ }
if (setgroups(0, NULL) == -1) {
syslog(LOG_ERR, "dropping supplemental groups failed: %m");
exit(1);
rpcbind.sock and rpcbind.lock are created as root when rpcbind starts. Some distro allow rpcbind to run as root, others do not. For distro that change the uid/gid of the running rpcbind, the uid/gid of those files most also be changed so they can be removed at termination Signed-off-by: Steve Dickson <steved@redhat.com> --- src/rpcbind.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)