Patch to set group ownership of linelog file

Matthew Newton mcn4 at leicester.ac.uk
Tue Jan 10 19:26:56 CET 2012


Hi,

I couldn't find a way to set the group of the log file written by
linelog, so I wrote code to do it. It adds a 'group' option to the
linelog config.

Obviously it can only change the file group if the user running
freeradius is already in the new group. To use you'd probably also
want to set the 'permissions' option to '0640' to allow the new
group to read the logs.

Patch below is for 2.1.12, and applies cleanly to v2.1.x and
master HEAD.

I'm working on the same for rlm_detail.

Cheers,

Matthew



commit 3457c424255b0996bfd1549d1a76c6ecf6f240e5
Author: Matthew Newton <mcn4 at leicester.ac.uk>
Date:   Tue Jan 10 12:45:42 2012 +0000

    Add new 'group' option to rlm_linelog
    
    rlm_linelog saves its log files as the user/group of the running
    freeradius daemon. This update allows the group to be set on new
    log files (to a group that the daemon's user is a member of).

diff --git a/raddb/modules/linelog b/raddb/modules/linelog
index 2be4d81..d4e862e 100644
--- a/raddb/modules/linelog
+++ b/raddb/modules/linelog
@@ -26,6 +26,17 @@ linelog {
 	permissions = 0600
 
 	#
+	# The Unix group of the log file.
+	#
+	# Use this to set the the system group of the log file after
+	# it is created.
+	#
+	# Note: the user that freeradius runs as must be in the specified
+	# group, otherwise it will not be possible to set the group.
+	#
+	# group = freerad
+
+	#
 	#  The default format string.
 	format = "This is a log message for %{User-Name}"
 
diff --git a/src/modules/rlm_linelog/rlm_linelog.c b/src/modules/rlm_linelog/rlm_linelog.c
index 24c809f..fa30e4b 100644
--- a/src/modules/rlm_linelog/rlm_linelog.c
+++ b/src/modules/rlm_linelog/rlm_linelog.c
@@ -31,6 +31,14 @@ RCSID("$Id$")
 #include <fcntl.h>
 #endif
 
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
 #ifdef HAVE_SYSLOG_H
 #include <syslog.h>
 
@@ -46,6 +54,7 @@ typedef struct rlm_linelog_t {
 	CONF_SECTION	*cs;
 	char		*filename;
 	int		permissions;
+	char		*group;
 	char		*line;
 	char		*reference;
 } rlm_linelog_t;
@@ -64,6 +73,8 @@ static const CONF_PARSER module_config[] = {
 	  offsetof(rlm_linelog_t,filename), NULL,  NULL},
 	{ "permissions",  PW_TYPE_INTEGER,
 	  offsetof(rlm_linelog_t,permissions), NULL,  "0600"},
+	{ "group",  PW_TYPE_STRING_PTR,
+	  offsetof(rlm_linelog_t,group), NULL,  NULL},
 	{ "format",  PW_TYPE_STRING_PTR,
 	  offsetof(rlm_linelog_t,line), NULL,  NULL},
 	{ "reference",  PW_TYPE_STRING_PTR,
@@ -198,6 +209,9 @@ static int do_linelog(void *instance, REQUEST *request)
 	char line[1024];
 	rlm_linelog_t *inst = (rlm_linelog_t*) instance;
 	const char *value = inst->line;
+	gid_t gid;
+	struct group *grp;
+	char *endptr;
 
 	if (inst->reference) {
 		CONF_ITEM *ci;
@@ -261,8 +275,25 @@ static int do_linelog(void *instance, REQUEST *request)
 			       buffer, strerror(errno));
 			return RLM_MODULE_FAIL;
 		}
+
+		if (inst->group != NULL) {
+			gid = strtol(inst->group, &endptr, 10);
+			if (*endptr != '\0') {
+				grp = getgrnam(inst->group);
+				if (grp == NULL) {
+					RDEBUG2("Unable to find system group \"%s\"", inst->group);
+					goto skip_group;
+				}
+				gid = grp->gr_gid;
+			}
+
+			if (chown(buffer, -1, gid) == -1) {
+				RDEBUG2("Unable to change system group of \"%s\"", buffer);
+			}
+		}
 	}
 
+ skip_group:
 	/*
 	 *	FIXME: Check length.
 	 */



-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>



More information about the Freeradius-Devel mailing list