On Feb 5, 2006, at 8:43 AM, Huang Zhen wrote:
It looks that the code deems the HA_CCMUID as group id and HA_APIGID as user id.
is there a question in there somewhere?
[email protected] wrote:linux-ha CVS committal Author : andrew Host : Project : linux-ha Module : crm Dir : linux-ha/crm/cib Modified Files: io.c Log Message: Check for correct permissions on the CIB at startup Have CTS apply the correct permissions to the CIB it installs =================================================================== RCS file: /home/cvs/linux-ha/linux-ha/crm/cib/io.c,v retrieving revision 1.41 retrieving revision 1.42 diff -u -3 -r1.41 -r1.42 --- io.c 20 Jan 2006 09:30:37 -0000 1.41 +++ io.c 2 Feb 2006 13:40:28 -0000 1.42 @@ -1,4 +1,4 @@ -/* $Id: io.c,v 1.41 2006/01/20 09:30:37 andrew Exp $ */ +/* $Id: io.c,v 1.42 2006/02/02 13:40:28 andrew Exp $ */ /* * Copyright (C) 2004 Andrew Beekhof <[EMAIL PROTECTED]> * @@ -124,7 +124,26 @@ } if (s_res == 0) { - FILE *cib_file = fopen(filename, "r"); + FILE *cib_file = NULL;+ gboolean user_readwritable = (buf.st_gid == atoi(HA_CCMUID)) && (buf.st_mode & (S_IRGRP|S_IWGRP));+ + if( S_ISREG(buf.st_mode) == FALSE ) { + crm_err("%s must be a regular file", filename); + exit(100); + + } else if( user_readwritable == FALSE ) {+ gboolean group_readwritable = (buf.st_uid == atoi(HA_APIGID)) && (buf.st_mode & (S_IRUSR|S_IWUSR));+ if( group_readwritable == FALSE ) { + crm_err("%s must be owned and read/writeable by user %s," + " or owned and read/writable by group %s", + filename, HA_CCMUID, HA_APIGID); + exit(100); + } + crm_warn("%s should be owned and read/writeable by user %s", + filename, HA_CCMUID); + } + + cib_file = fopen(filename, "r"); crm_info("Reading cluster configuration from: %s", filename); root = file2xml(cib_file); crm_xml_add(root, "generated", XML_BOOLEAN_FALSE); _______________________________________________ Linux-ha-cvs mailing list [email protected] http://lists.community.tummy.com/mailman/listinfo/linux-ha-cvs-- Best Regards, Huang Zhen Linux Technology Center IBM China Development Lab, Beijing Telno: (8610)82782244-2845 _______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
-- Andrew Beekhof "I'd find myself if I knew where myself left me" - MGF _______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
