ExternalCommandListener: Reset umask to preserve group write permissions.

refs #4444

diff --git a/components/compat/externalcommandlistener.cpp b/components/compat/externalcommandlistener.cpp
index 1eb04e81e52d4d4fe4d94347c7ea60c1feceb48f..35bd95ccf6d9b2768ed79801ab83286cf92e428e 100644 (file)
--- a/components/compat/externalcommandlistener.cpp
+++ b/components/compat/externalcommandlistener.cpp
@@ -50,7 +50,7 @@ void ExternalCommandListener::Start(void)
 String ExternalCommandListener::GetCommandPath(void) const
 {
        if (m_CommandPath.IsEmpty())
-               return Application::GetLocalStateDir() + "/run/icinga2/icinga2.cmd";
+               return Application::GetLocalStateDir() + "/run/icinga2/rw/icinga2.cmd";
        else
                return m_CommandPath;
 }
@@ -77,6 +77,12 @@ void ExternalCommandListener::CommandPipeThread(const String& commandPath)
                }
        }
 
+       /*
+        * process would override group write permissions
+        * so reset them. man 3 mkfifo: (mode & ~umask)
+        */
+       mode_t oldMask = umask(S_IWOTH);
+
        if (!fifo_ok && mkfifo(commandPath.CStr(), S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) < 0) {
                BOOST_THROW_EXCEPTION(posix_error()
                    << boost::errinfo_api_function("mkfifo")
@@ -84,6 +90,9 @@ void ExternalCommandListener::CommandPipeThread(const String& commandPath)
                    << boost::errinfo_file_name(commandPath));
        }
 
+       /* restore old umask */
+       umask(oldMask);
+
        for (;;) {
                int fd;