diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2000-11-01 21:14:03 +0000 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2000-11-01 21:14:03 +0000 |
| commit | d1bfa6c72e8087de21a2a2fd0c9c0b7da9e8fc20 (patch) | |
| tree | a1d8760d07d7d24051e8836871bb4c6c78b5cad1 /src | |
| parent | 855ffa0be0955399d40e3adb19eb0f7bc30d6cc4 (diff) | |
| download | postgresql-d1bfa6c72e8087de21a2a2fd0c9c0b7da9e8fc20.tar.gz postgresql-d1bfa6c72e8087de21a2a2fd0c9c0b7da9e8fc20.zip | |
Add runtime configuration options to control permission bits and group
owner of unix socket.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/pqcomm.c | 64 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 6 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 11 | ||||
| -rw-r--r-- | src/include/libpq/pqcomm.h | 10 |
4 files changed, 83 insertions, 8 deletions
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c index 0916d16c964..355144937a5 100644 --- a/src/backend/libpq/pqcomm.c +++ b/src/backend/libpq/pqcomm.c @@ -29,7 +29,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: pqcomm.c,v 1.108 2000/10/23 14:48:50 momjian Exp $ + * $Id: pqcomm.c,v 1.109 2000/11/01 21:14:01 petere Exp $ * *------------------------------------------------------------------------- */ @@ -63,6 +63,7 @@ #include <signal.h> #include <errno.h> #include <fcntl.h> +#include <grp.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> @@ -85,6 +86,13 @@ /* + * Configuration options + */ +int Unix_socket_permissions; +char * Unix_socket_group; + + +/* * Buffers for low-level I/O */ @@ -295,8 +303,60 @@ StreamServerPort(int family, unsigned short portName, int *fdP) */ *fdP = fd; + if (family == AF_UNIX) - chmod(sock_path, 0777); + { + Assert(Unix_socket_group); + if (Unix_socket_group[0] != '\0') + { + char *endptr; + unsigned long int val; + gid_t gid; + + val = strtoul(Unix_socket_group, &endptr, 10); + if (*endptr == '\0') + { + /* numeric group id */ + gid = val; + } + else + { + /* convert group name to id */ + struct group *gr; + + gr = getgrnam(Unix_socket_group); + if (!gr) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "FATAL: no such group '%s'\n", + Unix_socket_group); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + return STATUS_ERROR; + } + gid = gr->gr_gid; + } + if (chown(sock_path, -1, gid) == -1) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "FATAL: could not set group of %s: %s\n", + sock_path, strerror(errno)); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + return STATUS_ERROR; + } + } + + if (chmod(sock_path, Unix_socket_permissions) == -1) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "FATAL: could not set permissions on %s: %s\n", + sock_path, strerror(errno)); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + return STATUS_ERROR; + } + } return STATUS_OK; } diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index d74cbf9e84a..eb7daeb7dbe 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.176 2000/10/28 18:27:55 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.177 2000/11/01 21:14:02 petere Exp $ * * NOTES * @@ -588,7 +588,7 @@ PostmasterMain(int argc, char *argv[]) { fprintf(stderr, "%s: cannot create INET stream port\n", progname); - exit(1); + ExitPostmaster(1); } } @@ -598,7 +598,7 @@ PostmasterMain(int argc, char *argv[]) { fprintf(stderr, "%s: cannot create UNIX stream port\n", progname); - exit(1); + ExitPostmaster(1); } #endif /* set up shared memory and semaphores */ diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 9ed8f9c16d3..54d858c0ce3 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -4,7 +4,7 @@ * Support for grand unified configuration scheme, including SET * command, configuration file, and command line options. * - * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.14 2000/10/11 17:58:01 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.15 2000/11/01 21:14:03 petere Exp $ * * Copyright 2000 by PostgreSQL Global Development Group * Written by Peter Eisentraut <peter_e@gmx.net>. @@ -22,6 +22,7 @@ #include "commands/async.h" #include "libpq/auth.h" +#include "libpq/pqcomm.h" #include "miscadmin.h" #include "optimizer/cost.h" #include "optimizer/geqo.h" @@ -253,6 +254,9 @@ ConfigureNamesInt[] = {"max_expr_depth", PGC_USERSET, &max_expr_depth, DEFAULT_MAX_EXPR_DEPTH, 10, INT_MAX}, + {"unix_socket_permissions", PGC_POSTMASTER, &Unix_socket_permissions, + 0777, 0000, 0777}, + {NULL, 0, NULL, 0, 0, 0} }; @@ -281,9 +285,12 @@ ConfigureNamesReal[] = static struct config_string ConfigureNamesString[] = { - {"krb_server_keyfile", PGC_USERSET, &pg_krb_server_keyfile, + {"krb_server_keyfile", PGC_POSTMASTER, &pg_krb_server_keyfile, PG_KRB_SRVTAB, NULL}, + {"unix_socket_group", PGC_POSTMASTER, &Unix_socket_group, + "", NULL}, + {NULL, 0, NULL, NULL, NULL} }; diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h index dbe6761576e..bb64862922b 100644 --- a/src/include/libpq/pqcomm.h +++ b/src/include/libpq/pqcomm.h @@ -9,7 +9,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: pqcomm.h,v 1.42 2000/09/27 15:17:56 petere Exp $ + * $Id: pqcomm.h,v 1.43 2000/11/01 21:14:03 petere Exp $ * *------------------------------------------------------------------------- */ @@ -169,4 +169,12 @@ typedef struct CancelRequestPacket */ #define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679) + +/* + * Configuration options + */ +extern int Unix_socket_permissions; + +extern char * Unix_socket_group; + #endif /* PQCOMM_H */ |