diff options
| author | Mike Pechkin <mpech@cvs.openbsd.org> | 2002-05-16 08:47:51 +0000 |
|---|---|---|
| committer | Mike Pechkin <mpech@cvs.openbsd.org> | 2002-05-16 08:47:51 +0000 |
| commit | 5be46c1e368859a1e72951dadd37e455a7e03854 (patch) | |
| tree | 784f3b338e63b2dc140867f6baf6d5eb5384b710 | |
| parent | 31169b289fcf5a9025012d404a34e2c063b20433 (diff) | |
Since now /var/run/apmdev socket will be root:operator.
Idea from form@.
millert@ ok
| -rw-r--r-- | usr.sbin/apmd/apmd.8 | 4 | ||||
| -rw-r--r-- | usr.sbin/apmd/apmd.c | 13 |
2 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/apmd/apmd.8 b/usr.sbin/apmd/apmd.8 index 122201024be..5318c4ef59f 100644 --- a/usr.sbin/apmd/apmd.8 +++ b/usr.sbin/apmd/apmd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: apmd.8,v 1.21 2001/07/18 16:03:06 mickey Exp $ +.\" $OpenBSD: apmd.8,v 1.22 2002/05/16 08:47:50 mpech Exp $ .\" .\" Copyright (c) 1995 John T. Kohl .\" All rights reserved. @@ -199,7 +199,7 @@ is the default UNIX-domain socket used for communication with The .Fl S flag may be used to specify an alternate socket name. -The socket is protected to mode 0660, UID 0, GID 0; this protects access +The socket is protected to mode 0660, UID 0, GID 5; this protects access to suspend requests to authorized users only. .Pp .Pa /dev/apmctl diff --git a/usr.sbin/apmd/apmd.c b/usr.sbin/apmd/apmd.c index ffe6518e6b4..739c287cc82 100644 --- a/usr.sbin/apmd/apmd.c +++ b/usr.sbin/apmd/apmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apmd.c,v 1.23 2002/02/22 00:32:16 mickey Exp $ */ +/* $OpenBSD: apmd.c,v 1.24 2002/05/16 08:47:50 mpech Exp $ */ /* * Copyright (c) 1995, 1996 John T. Kohl @@ -46,6 +46,7 @@ #include <signal.h> #include <errno.h> #include <err.h> +#include <grp.h> #include <machine/apmvar.h> #include "pathnames.h" #include "apm-proto.h" @@ -179,8 +180,13 @@ int bind_socket(const char *sockname) { struct sockaddr_un s_un; + struct group *gr; int sock; + gr = getgrnam("operator"); + if (!gr) + syslog(LOG_ERR, "no operator"); + sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock == -1) error("cannot create local socket", NULL); @@ -195,8 +201,9 @@ bind_socket(const char *sockname) if (bind(sock, (struct sockaddr *)&s_un, s_un.sun_len) == -1) error("cannot connect to APM socket", NULL); - if (chmod(sockname, 0660) == -1 || chown(sockname, 0, 0) == -1) - error("cannot set socket mode/owner/group to 660/0/0", NULL); + if (chmod(sockname, 0660) == -1 || chown(sockname, 0, + gr ? gr->gr_gid : 0) == -1) + error("cannot set socket chmod/chown", NULL); listen(sock, 1); socketname = strdup(sockname); |