Set gid to 0 when creating I/O log directories.

--HG--
branch : 1.7

diff --git a/iolog.c b/iolog.c
index f5845721a90ef5bcd49d4741f12ad005a84ab06d..1329c151cec74107bf3207cbebc8e0269dbc0386 100644 (file)
--- a/iolog.c
+++ b/iolog.c
@@ -102,6 +102,7 @@ io_nextid()
     if (stat(def_iolog_dir, &sb) != 0) {
        if (mkdir(def_iolog_dir, S_IRWXU) != 0)
            log_fatal(USE_ERRNO, "Can't mkdir %s", def_iolog_dir);
+       (void) chown(def_iolog_dir, (uid_t)-1, ROOT_GID);
     } else if (!S_ISDIR(sb.st_mode)) {
        log_fatal(0, "%s exists but is not a directory (0%o)",
            def_iolog_dir, (unsigned int) sb.st_mode);
@@ -181,6 +182,7 @@ build_idpath(pathbuf, pathsize)
        if (stat(pathbuf, &sb) != 0) {
            if (mkdir(pathbuf, S_IRWXU) != 0)
                log_fatal(USE_ERRNO, "Can't mkdir %s", pathbuf);
+           (void) chown(pathbuf, (uid_t)-1, ROOT_GID);
        } else if (!S_ISDIR(sb.st_mode)) {
            log_fatal(0, "%s: %s", pathbuf, strerror(ENOTDIR));
        }
@@ -235,6 +237,7 @@ io_log_open()
 
     if (mkdir(pathbuf, S_IRUSR|S_IWUSR|S_IXUSR) != 0)
        log_fatal(USE_ERRNO, "Can't mkdir %s", pathbuf);
+    (void) chown(pathbuf, (uid_t)-1, ROOT_GID);
 
     /*
      * We create 7 files: a log file, a timing file and 5 for input/output.

diff --git a/set_perms.c b/set_perms.c
index 2564189481a9f2c0be4d0c79c592d73b4d6b4403..30af9c08e07c682fdb259304e173ddbad81769f5 100644 (file)
--- a/set_perms.c
+++ b/set_perms.c
@@ -54,12 +54,6 @@
 
 #include "sudo.h"
 
-#ifdef __TANDEM
-# define ROOT_UID      65535
-#else
-# define ROOT_UID      0
-#endif
-
 /*
  * Prototypes
  */

diff --git a/sudo.c b/sudo.c
index 867c3331e3dac05c1271218f844f69a69e1df8cd..1382ca812bd047b1aac608595a8545bf1d9c21e5 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -119,12 +119,6 @@
 # define CMND_WAIT     FALSE
 #endif
 
-#ifdef __TANDEM
-# define ROOT_UID      65535
-#else
-# define ROOT_UID      0
-#endif
-
 /*
  * Prototypes
  */

diff --git a/sudo.h b/sudo.h
index 0504982991707d7198d86e87e153d994442a5ca8..2fe3c1d79f8bfddf9ab7fd27193a9395f59f2201 100644 (file)
--- a/sudo.h
+++ b/sudo.h
@@ -187,6 +187,13 @@ struct command_status {
 #define user_role              (sudo_user.role)
 #define user_type              (sudo_user.type)
 
+#ifdef __TANDEM
+# define ROOT_UID      65535
+#else
+# define ROOT_UID      0
+#endif
+#define ROOT_GID       0
+
 /*
  * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
  * but that caused problems with various alternate authentication