From a0a43c32062f756b32feca7d04e89fb5d01767db Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 7 Dec 2006 15:18:14 +0000 Subject: [PATCH] * When not running as root, call the setuid helper to change the ownership of the build result after the build. --- src/libstore/build.cc | 8 +++++++- src/libstore/local-store.cc | 12 ++++++------ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 2b6e1be14..c4ff62891 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder() safe. Also note that setuid() when run as root sets the real, effective and saved UIDs. */ if (buildUser.enabled()) { - printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID()); + printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser()); if (amPrivileged()) { @@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure() throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); #endif + if (buildUser.enabled() && !amPrivileged()) + /* Call the setuid helper to change ownership from the + build user to our uid. If we *are* root, then + canonicalisePathMetaData() will take care of this. */ + getOwnership(path); + /* Get rid of all weird permissions. */ canonicalisePathMetaData(path); diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index c1fcb035b..143f093e5 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path) if (!S_ISLNK(st.st_mode)) { + if (st.st_uid != geteuid()) { + if (chown(path.c_str(), geteuid(), -1) == -1) + throw SysError(format("changing owner of `%1%' to %2%") + % path % geteuid()); + } + /* Mask out all type related bits. */ mode_t mode = st.st_mode & ~S_IFMT; @@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path) throw SysError(format("changing mode of `%1%' to %2$o") % path % mode); } - if (st.st_uid != geteuid() || st.st_gid != getegid()) { - if (chown(path.c_str(), geteuid(), getegid()) == -1) - throw SysError(format("changing owner/group of `%1%' to %2%/%3%") - % path % geteuid() % getegid()); - } - if (st.st_mtime != 0) { struct utimbuf utimbuf; utimbuf.actime = st.st_atime;