Patch sent upstream (to Stephan Kulow) on 2009-04-06. -- Michal commit e5dcc8beda99ffb4cb19b8eef024dbc22b010d54 Author: Michal Schmidt Date: Sun Apr 5 23:32:32 2009 +0200 fix permissions in the cache dir The way icecream changes permissions of /var/cache/icecream is buggy. When the daemon initializes, it creates the directory owned by root:root and readable for everyone. As soon as it installs a foreign environment, it changes the owner to root:icecream and removes access for everyone else. This causes trouble for locally run icecc which wants read access to /var/cache/icecream/native. As a result, local compile jobs can no longer determine the native environment and fail to get distributed to other nodes. This patch assigns the owners and permissions like this: 0755 root:root /var/cache/icecream/ 0775 root:icecream /var/cache/icecream/native/ 0770 root:icecream /var/cache/icecream/target=/ 0770 root:icecream /var/cache/icecream/target=// It also sets the umask in the initialization of the daemon so that we can depend on it being sane and we no longer need some of the chmods. The access() check in start_install_environment() can be dropped, because if we don't have access, we'll soon find out anyway. diff --git a/daemon/environment.cpp b/daemon/environment.cpp index 9dc2831..979da91 100644 --- a/daemon/environment.cpp +++ b/daemon/environment.cpp @@ -180,8 +180,6 @@ bool cleanup_cache( const string &basedir ) log_perror( "mkdir in cleanup_cache() failed" ); return false; } - chown( basedir.c_str(), 0, 0 ); - chmod( basedir.c_str(), 0755 ); return ret; } @@ -219,14 +217,14 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t if ( ::access( "/usr/bin/gcc", X_OK ) || ::access( "/usr/bin/g++", X_OK ) ) return 0; - if ( mkdir( nativedir.c_str(), 0755 ) ) + if ( mkdir( nativedir.c_str(), 0775 ) ) return 0; - if ( chown( nativedir.c_str(), nobody_uid, nobody_gid) ) { + if ( chown( nativedir.c_str(), 0, nobody_gid ) || + chmod( nativedir.c_str(), 0775 ) ) { rmdir( nativedir.c_str() ); return 0; } - chmod( nativedir.c_str(), 0755 ); flush_debug(); pid_t pid = fork(); @@ -251,7 +249,6 @@ size_t setup_env_cache(const string &basedir, string &native_environment, uid_t } } // else - umask(022); if ( setgid( nobody_gid ) < 0) { log_perror("setgid failed"); @@ -313,30 +310,28 @@ pid_t start_install_environment( const std::string &basename, const std::string compression = BZip2; } - if( ::access( basename.c_str(), W_OK ) ) { - log_error() << "access for basename " << basename.c_str() << " gives " << strerror(errno) << endl; - return 0; - } - - chown( basename.c_str(), 0, nobody_gid ); - chmod( basename.c_str(), 0770 ); - - if ( mkdir( dirname.c_str(), 0755 ) && errno != EEXIST ) { + if ( mkdir( dirname.c_str(), 0770 ) && errno != EEXIST ) { log_perror( "mkdir target" ); return 0; } - chown( dirname.c_str(), 0, nobody_gid ); - chmod( dirname.c_str(), 0770 ); + if ( chown( dirname.c_str(), 0, nobody_gid ) || + chmod( dirname.c_str(), 0770 ) ) { + log_perror( "chown,chmod target" ); + return 0; + } dirname = dirname + "/" + name; - if ( mkdir( dirname.c_str(), 0700 ) ) { + if ( mkdir( dirname.c_str(), 0770 ) ) { log_perror( "mkdir name" ); return 0; } - chown( dirname.c_str(), 0, nobody_gid ); - chmod( dirname.c_str(), 0770 ); + if ( chown( dirname.c_str(), 0, nobody_gid ) || + chmod( dirname.c_str(), 0770 ) ) { + log_perror( "chown,chmod name" ); + return 0; + } int fds[2]; if ( pipe( fds ) ) diff --git a/daemon/main.cpp b/daemon/main.cpp index 17fc761..7a6498f 100644 --- a/daemon/main.cpp +++ b/daemon/main.cpp @@ -1598,6 +1598,8 @@ int main( int argc, char ** argv ) } } + umask(022); + if ( !logfile.length() && detach) logfile = "/var/log/iceccd";