[ovs-dev] [additional --user changes v2 1/3] lib: simplify daemon_become_new_user__()

Andy Zhou azhou at nicira.com
Mon Nov 9 20:43:11 UTC 2015


A global variable 'switch_user' was used to make sure
we switch process's current user only once. This logic is now
simplified by testing for uid directly; if switch process has
taken place, the current uid will be not be zero.

Signed-off-by: Andy Zhou <azhou at nicira.com>

---
v1->v2:  add a log in case --user is specified but not switched.
---
 lib/daemon-unix.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index 868e2c9..645a3ac 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -83,7 +83,6 @@ static bool monitor;
 
 /* --user: Only root can use this option. Switch to new uid:gid after
  * initially running as root.  */
-static bool switch_user = false;
 static bool non_root_user = false;
 static uid_t uid;
 static gid_t gid;
@@ -440,14 +439,14 @@ daemonize_start(bool access_datapath)
     assert_single_threaded();
     daemonize_fd = -1;
 
-    if (switch_user) {
+    if (non_root_user) {
         daemon_become_new_user__(access_datapath);
-        switch_user = false;
-    }
 
-    /* If --user is specified, make sure user switch has completed by now.  */
-    if (non_root_user) {
-        ovs_assert(geteuid() && getuid());
+        /* If --user is specified, make sure user switch has completed
+         * by now.  */
+        if (geteuid() && getuid()) {
+            ovs_fatal(0, "--user is specifed, but not switched \n");
+        }
     }
 
     if (detach) {
@@ -853,6 +852,12 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED)
 static void
 daemon_become_new_user__(bool access_datapath)
 {
+    /* Make sure we exectue this function at most once as a root
+     * process. */
+    if (getuid() || geteuid()) {
+        return;
+    }
+
     if (LINUX) {
         if (LIBCAPNG) {
             daemon_become_new_user_linux(access_datapath);
@@ -873,12 +878,8 @@ void
 daemon_become_new_user(bool access_datapath)
 {
     assert_single_threaded();
-    if (switch_user) {
+    if (non_root_user) {
         daemon_become_new_user__(access_datapath);
-
-        /* Make sure daemonize_start() will not switch
-         * user again. */
-        switch_user = false;
     }
 }
 
@@ -1041,5 +1042,5 @@ daemon_set_new_user(const char *user_spec)
         }
     }
 
-    switch_user = non_root_user = true;
+    non_root_user = true;
 }
-- 
1.9.1




More information about the dev mailing list