On 06/12/12 19:56, Gao,Yan wrote:
Hi Angus, Thanks a lot for introducing this! I also added the following patch, modified "examples/ipcserver.c", and it works for both QB_IPC_SHM and QB_IPC_SOCKET mode in the example.
I encountered weird behaviors for pacemaker cib though. Chmod works fine, but the group of file has never been changed. The only difference I can think of is that cib's uid "hacluster" comes from setuid() by root. But it still doesn't make sense to me that it's not allowed to change the group of a file to "hacluster"'s main group...
So it is, "hacluster" got from setuid() by root cannot change the group of a file to "hacluster"'s main group -- "haclient", unless we also setgid to "haclient" before setuid to "hacluster", otherwise "root" must belong to "haclient" group. Another way is to change the file mode to 0666, and determine permissions in connection_accept().
Andrew, opinions?
Angus, the change works fine. Please push it. Thanks again!
Regards, Gao,Yan
diff --git a/lib/ipc_us.c b/lib/ipc_us.c index 2808708..8f11e46 100644 --- a/lib/ipc_us.c +++ b/lib/ipc_us.c @@ -949,12 +952,19 @@ qb_ipcs_us_connect(struct qb_ipcs_service *s, } (void)strlcpy(r->request, path, PATH_MAX); (void)strlcpy(c->request.u.us.shared_file_name, r->request, NAME_MAX);
- res = chown(r->request, c->euid, c->egid);
- res = chown(r->request, c->auth.uid, c->auth.gid); if (res != 0) { /* ignore res, this is just for the compiler warnings. */ res = 0; }
- res = chmod(r->request, c->auth.mode);
- if (res != 0) {
/* ignore res, this is just for the compiler warnings.
*/
res = 0;
- }
- shm_ptr = mmap(0, SHM_CONTROL_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd_hdr, 0);
Regards, Gao,Yan