From d1613cf5d1c9c55cc395a92fbe92147c99d496a9 Mon Sep 17 00:00:00 2001
From: Juha Niskanen <juniskane@gmail.com>
Date: Thu, 16 Feb 2012 22:32:12 +0200
Subject: [PATCH] lttng-sessiond: Set group permissions explicitly

If root has a restrictive umask, e.g. 0077 when starting the session
daemon, users in kernel tracing group cannot access the global run
directory.

This patch drops unnecessary group mode bits and always sets the global
run dir permission regardless of umask.

Signed-off-by: Juha Niskanen <juniskane@gmail.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
---
 src/bin/lttng-sessiond/main.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
index 6ae374483..283868970 100644
--- a/src/bin/lttng-sessiond/main.c
+++ b/src/bin/lttng-sessiond/main.c
@@ -3913,7 +3913,7 @@ static int check_existing_daemon(void)
  * Set the tracing group gid onto the client socket.
  *
  * Race window between mkdir and chown is OK because we are going from more
- * permissive (root.root) to les permissive (root.tracing).
+ * permissive (root.root) to less permissive (root.tracing).
  */
 static int set_permissions(char *rundir)
 {
@@ -3934,6 +3934,13 @@ static int set_permissions(char *rundir)
 		perror("chown");
 	}
 
+	/* Ensure tracing group can search the run dir */
+	ret = chmod(rundir, S_IRWXU | S_IXGRP);
+	if (ret < 0) {
+		ERR("Unable to set permissions on %s", rundir);
+		perror("chmod");
+	}
+
 	/* lttng client socket path */
 	ret = chown(client_unix_sock_path, 0, gid);
 	if (ret < 0) {
@@ -3993,7 +4000,7 @@ static int create_lttng_rundir(const char *rundir)
 
 	DBG3("Creating LTTng run directory: %s", rundir);
 
-	ret = mkdir(rundir, S_IRWXU | S_IRWXG );
+	ret = mkdir(rundir, S_IRWXU);
 	if (ret < 0) {
 		if (errno != EEXIST) {
 			ERR("Unable to create %s", rundir);
@@ -4035,7 +4042,7 @@ static int set_consumer_sockets(struct consumer_data *consumer_data,
 
 	DBG2("Creating consumer directory: %s", path);
 
-	ret = mkdir(path, S_IRWXU | S_IRWXG);
+	ret = mkdir(path, S_IRWXU);
 	if (ret < 0) {
 		if (errno != EEXIST) {
 			ERR("Failed to create %s", path);
-- 
2.34.1