From e3954bead8d7e37978cac4ae5a5ec7836d3dcd1c Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Fri, 12 Aug 2011 02:47:04 -0700 Subject: Fix log uid for logrotate-3.8 compat (bug 378451) If PORT_LOGDIR is writable by the portage group but its uid is not portage_uid, then set the uid to portage_uid if we have privileges to do so, and also copy the uid to the logfile. This fixes logrotate chown failures during the compression phase, when it attempts to copy the uid from the logfile to a temp file. With the "su portage portage" directive and logrotate-3.8.0, logrotate's chown call during the compression phase will only succeed if the log file's uid is portage_uid. --- pym/portage/elog/mod_save.py | 25 +++++++++++++++++++++++-- pym/portage/elog/mod_save_summary.py | 18 ++++++++++++++++-- 2 files changed, 39 insertions(+), 4 deletions(-) (limited to 'pym/portage/elog') diff --git a/pym/portage/elog/mod_save.py b/pym/portage/elog/mod_save.py index 9350a6e58..091bbf86d 100644 --- a/pym/portage/elog/mod_save.py +++ b/pym/portage/elog/mod_save.py @@ -4,13 +4,14 @@ import io import time +import portage from portage import os from portage import _encodings from portage import _unicode_decode from portage import _unicode_encode from portage.data import portage_gid, portage_uid from portage.package.ebuild.prepare_build_dirs import _ensure_log_subdirs -from portage.util import ensure_dirs, normalize_path +from portage.util import apply_permissions, ensure_dirs, normalize_path def process(mysettings, key, logentries, fulltext): @@ -25,7 +26,10 @@ def process(mysettings, key, logentries, fulltext): # were previously set by the administrator. # NOTE: These permissions should be compatible with our # default logrotate config as discussed in bug 374287. - ensure_dirs(logdir, uid=portage_uid, gid=portage_gid, mode=0o2770) + uid = -1 + if portage.data.secpass >= 2: + uid = portage_uid + ensure_dirs(logdir, uid=uid, gid=portage_gid, mode=0o2770) cat = mysettings['CATEGORY'] pf = mysettings['PF'] @@ -48,4 +52,21 @@ def process(mysettings, key, logentries, fulltext): elogfile.write(_unicode_decode(fulltext)) elogfile.close() + # Copy group permission bits from parent directory. + elogdir_st = os.stat(log_subdir) + elogdir_gid = elogdir_st.st_gid + elogdir_grp_mode = 0o060 & elogdir_st.st_mode + + # Copy the uid from the parent directory if we have privileges + # to do so, for compatibility with our default logrotate + # config (see bug 378451). With the "su portage portage" + # directive and logrotate-3.8.0, logrotate's chown call during + # the compression phase will only succeed if the log file's uid + # is portage_uid. + logfile_uid = -1 + if portage.data.secpass >= 2: + logfile_uid = elogdir_st.st_uid + apply_permissions(elogfilename, uid=logfile_uid, gid=elogdir_gid, + mode=elogdir_grp_mode, mask=0) + return elogfilename diff --git a/pym/portage/elog/mod_save_summary.py b/pym/portage/elog/mod_save_summary.py index 4adc6f34c..ab71724db 100644 --- a/pym/portage/elog/mod_save_summary.py +++ b/pym/portage/elog/mod_save_summary.py @@ -4,6 +4,7 @@ import io import time +import portage from portage import os from portage import _encodings from portage import _unicode_decode @@ -25,7 +26,10 @@ def process(mysettings, key, logentries, fulltext): # were previously set by the administrator. # NOTE: These permissions should be compatible with our # default logrotate config as discussed in bug 374287. - ensure_dirs(logdir, uid=portage_uid, gid=portage_gid, mode=0o2770) + logdir_uid = -1 + if portage.data.secpass >= 2: + logdir_uid = portage_uid + ensure_dirs(logdir, uid=logdir_uid, gid=portage_gid, mode=0o2770) elogdir = os.path.join(logdir, "elog") _ensure_log_subdirs(logdir, elogdir) @@ -40,7 +44,17 @@ def process(mysettings, key, logentries, fulltext): elogdir_st = os.stat(elogdir) elogdir_gid = elogdir_st.st_gid elogdir_grp_mode = 0o060 & elogdir_st.st_mode - apply_permissions(elogfilename, gid=elogdir_gid, + + # Copy the uid from the parent directory if we have privileges + # to do so, for compatibility with our default logrotate + # config (see bug 378451). With the "su portage portage" + # directive and logrotate-3.8.0, logrotate's chown call during + # the compression phase will only succeed if the log file's uid + # is portage_uid. + logfile_uid = -1 + if portage.data.secpass >= 2: + logfile_uid = elogdir_st.st_uid + apply_permissions(elogfilename, uid=logfile_uid, gid=elogdir_gid, mode=elogdir_grp_mode, mask=0) time_str = time.strftime("%Y-%m-%d %H:%M:%S %Z", -- cgit v1.2.3-1-g7c22