[rrd-developers] [PATCH] rrdcached: Added -m command line option.
Sebastian Harl
sh at tokkee.org
Mon Mar 22 14:50:19 CET 2010
This option may be used to specify the file permissions of a UNIX socket. The
option affects the following sockets only, i.e., it's possible to specify
different modes for different sockets.
---
program/doc/rrdcached.pod | 20 +++++++++++++++++++-
program/src/rrd_daemon.c | 36 ++++++++++++++++++++++++++++++++----
2 files changed, 51 insertions(+), 5 deletions(-)
diff --git a/program/doc/rrdcached.pod b/program/doc/rrdcached.pod
index e2f7ed8..d6bfec3 100644
--- a/program/doc/rrdcached.pod
+++ b/program/doc/rrdcached.pod
@@ -68,7 +68,7 @@ C<unix:/tmp/rrdcached.sock>, will be used.
=item B<-s> I<group_name>|I<gid>
-Set the group permissions of the UNIX domain socket. The option accepts either
+Set the group permissions of a UNIX domain socket. The option accepts either
a numeric group id or group name. That group will then have both read and write
permissions (the socket will have file permissions 0750) for the socket and,
therefore, is able to send commands to the daemon. This
@@ -83,6 +83,24 @@ sockets.
The default is not to change ownership or permissions of the socket and, thus,
use the system default.
+=item B<-m> I<mode>
+
+Set the file permissions of a UNIX domain socket. The option accepts an octal
+number representing the bit pattern for the mode (see L<chmod(1)> for
+details).
+
+Please note that not all systems honor this setting. On Linux, read/write
+permissions are required to connect to a UNIX socket. However, many
+BSD-derived systems ignore permissions for UNIX sockets. See L<unix(7)> for
+details.
+
+This option affects the I<following> UNIX socket addresses (the following
+B<-l> options), i.e., you may specify different settings for different
+sockets.
+
+The default is not to change ownership or permissions of the socket and, thus,
+use the system default.
+
=item B<-P> I<command>[,I<command>[,...]]
Specifies the commands accepted via a network socket. This allows
diff --git a/program/src/rrd_daemon.c b/program/src/rrd_daemon.c
index aa1d35b..2b26513 100644
--- a/program/src/rrd_daemon.c
+++ b/program/src/rrd_daemon.c
@@ -147,7 +147,8 @@ struct listen_socket_s
uint32_t permissions;
- gid_t socket_group;
+ gid_t socket_group;
+ mode_t socket_permissions;
};
typedef struct listen_socket_s listen_socket_t;
@@ -375,7 +376,7 @@ static int open_pidfile(char *action, int oflag) /* {{{ */
}
dir = dirname(file_copy);
- if (rrd_mkdir_p(dir, 0777) != 0)
+ if (rrd_mkdir_p(dir, 0777) != 0)
{
fprintf(stderr, "Failed to create pidfile directory '%s': %s\n",
dir, rrd_strerror(errno));
@@ -2345,6 +2346,13 @@ static int open_listen_socket_unix (const listen_socket_t *sock) /* {{{ */
}
}
+ if (sock->socket_permissions != (mode_t)-1)
+ {
+ if (chmod(path, sock->socket_permissions) != 0)
+ fprintf(stderr, "rrdcached: failed to set socket file permissions (%o): %s\n",
+ (unsigned int)sock->socket_permissions, strerror(errno));
+ }
+
status = listen (fd, /* backlog = */ 10);
if (status != 0)
{
@@ -2765,9 +2773,10 @@ static int read_options (int argc, char **argv) /* {{{ */
char **permissions = NULL;
size_t permissions_len = 0;
- gid_t socket_group = (gid_t)-1;
+ gid_t socket_group = (gid_t)-1;
+ mode_t socket_permissions = (mode_t)-1;
- while ((option = getopt(argc, argv, "gl:s:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
+ while ((option = getopt(argc, argv, "gl:s:m:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
{
switch (option)
{
@@ -2824,6 +2833,7 @@ static int read_options (int argc, char **argv) /* {{{ */
/* }}} Done adding permissions. */
new->socket_group = socket_group;
+ new->socket_permissions = socket_permissions;
if (!rrd_add_ptr((void ***)&config_listen_address_list,
&config_listen_address_list_len, new))
@@ -2864,6 +2874,24 @@ static int read_options (int argc, char **argv) /* {{{ */
}
break;
+ /* set socket file permissions */
+ case 'm':
+ {
+ long tmp;
+ char *endptr = NULL;
+
+ tmp = strtol (optarg, &endptr, 8);
+ if ((endptr == optarg) || (! endptr) || (*endptr != '\0')
+ || (tmp > 07777) || (tmp < 0)) {
+ fprintf (stderr, "read_options: Invalid file mode \"%s\".\n",
+ optarg);
+ return (5);
+ }
+
+ socket_permissions = (mode_t)tmp;
+ }
+ break;
+
case 'P':
{
char *optcopy;
--
1.6.5.rc2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.oetiker.ch/pipermail/rrd-developers/attachments/20100322/6bd3223d/attachment.pgp
More information about the rrd-developers
mailing list