* When not running as root, call the setuid helper to change the

ownership of the build result after the build.
2006-12-07 15:18:14 +00:00 · 2006-12-07 15:18:14 +00:00 · a0a43c3206
commit a0a43c3206
parent 6a07ff1ec0
2 changed files with 13 additions and 7 deletions
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder()
               safe.  Also note that setuid() when run as root sets
               the real, effective and saved UIDs. */
            if (buildUser.enabled()) {
-                printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID());
+                printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser());

                if (amPrivileged()) {
                    
@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure()
            throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
 #endif

+        if (buildUser.enabled() && !amPrivileged())
+            /* Call the setuid helper to change ownership from the
+               build user to our uid.  If we *are* root, then
+               canonicalisePathMetaData() will take care of this. */
+            getOwnership(path);
+            
        /* Get rid of all weird permissions. */
 	canonicalisePathMetaData(path);

--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path)

    if (!S_ISLNK(st.st_mode)) {

+        if (st.st_uid != geteuid()) {
+            if (chown(path.c_str(), geteuid(), -1) == -1)
+                throw SysError(format("changing owner of `%1%' to %2%")
+                    % path % geteuid());
+        }
+
        /* Mask out all type related bits. */
        mode_t mode = st.st_mode & ~S_IFMT;
        
@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path)
                throw SysError(format("changing mode of `%1%' to %2$o") % path % mode);
        }

-        if (st.st_uid != geteuid() || st.st_gid != getegid()) {
-            if (chown(path.c_str(), geteuid(), getegid()) == -1)
-                throw SysError(format("changing owner/group of `%1%' to %2%/%3%")
-                    % path % geteuid() % getegid());
-        }
-
        if (st.st_mtime != 0) {
            struct utimbuf utimbuf;
            utimbuf.actime = st.st_atime;