Add runtime configuration options to control permission bits and group

owner of unix socket.
2000-11-01 21:14:03 +00:00 · 2000-11-01 21:14:03 +00:00 · d1bfa6c72e
parent 855ffa0be0
commit d1bfa6c72e
5 changed files with 135 additions and 9 deletions
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.30 2000/10/20 14:00:49 thomas Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.31 2000/11/01 21:14:00 petere Exp $
 -->

 <Chapter Id="runtime">
@ -1031,6 +1031,57 @@ env PGOPTIONS='--geqo=off' psql
       </para>
      </listitem>
     </varlistentry>
+
+     <varlistentry>
+      <term>UNIX_SOCKET_GROUP (<type>string</type>)</term>
+      <listitem>
+       <para>
+        Sets the group owner of the Unix domain socket.  (The owning
+        user of the socket is always the user that starts the
+        postmaster.)  In combination with the option
+        <option>UNIX_SOCKET_PERMISSIONS</option> this can be used as
+        an additional access control mechanism for this socket type.
+        By default this is the empty string, which uses the default
+        group for the current user.  This option can only be set at
+        server start.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
+      <term>UNIX_SOCKET_PERMISSIONS (<type>integer</type>)</term>
+      <listitem>
+       <para>
+        Sets the access permissions of the Unix domain socket.  Unix
+        domain sockets use the usual Unix file system permission set.
+        The option value is expected to be an numeric mode
+        specification in the form accepted by the
+        <function>chmod</function> and <function>umask</function>
+        system calls.  (To use the customary octal format the number
+        must start with a <literal>0</literal> (zero).)
+       </para>
+
+       <para>
+        The default permissions are <literal>0777</literal>, meaning
+        anyone can connect.  Reasonable alternatives would be
+        <literal>0770</literal> (only user and group, see also under
+        <option>UNIX_SOCKET_GROUP</option>) and
+        <literal>0700</literal> (only user).  (Note that actually for
+        a Unix socket, only write permission matters and there is no
+        point in setting or revoking read or execute permissions.)
+       </para>
+
+       <para>
+        This access control mechanism is independent from the one
+        described in <xref linkend="client-authentication">.
+       </para>
+
+       <para>
+        This option can only be set at server start.
+       </para>
+      </listitem>
+     </varlistentry>
+
    </variablelist>
   </para>
   </sect2>
--- a/src/backend/libpq/pqcomm.c
+++ b/src/backend/libpq/pqcomm.c
@ -29,7 +29,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- *	$Id: pqcomm.c,v 1.108 2000/10/23 14:48:50 momjian Exp $
+ *	$Id: pqcomm.c,v 1.109 2000/11/01 21:14:01 petere Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -63,6 +63,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@ -84,6 +85,13 @@
 #endif


+/*
+ * Configuration options
+ */
+int Unix_socket_permissions;
+char * Unix_socket_group;
+
+
 /*
 * Buffers for low-level I/O
 */
@ -295,8 +303,60 @@ StreamServerPort(int family, unsigned short portName, int *fdP)
 	 */

 	*fdP = fd;
+
 	if (family == AF_UNIX)
-		chmod(sock_path, 0777);
+	{
+		Assert(Unix_socket_group);
+		if (Unix_socket_group[0] != '\0')
+		{
+			char *endptr;
+			unsigned long int val;
+			gid_t gid;
+
+			val = strtoul(Unix_socket_group, &endptr, 10);
+			if (*endptr == '\0')
+			{
+				/* numeric group id */
+				gid = val;
+			}
+			else
+			{
+				/* convert group name to id */
+				struct group *gr;
+
+				gr = getgrnam(Unix_socket_group);
+				if (!gr)
+				{
+					snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+							 "FATAL:  no such group '%s'\n",
+							 Unix_socket_group);
+					fputs(PQerrormsg, stderr);
+					pqdebug("%s", PQerrormsg);
+					return STATUS_ERROR;
+				}
+				gid = gr->gr_gid;
+			}
+			if (chown(sock_path, -1, gid) == -1)
+			{
+				snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+						 "FATAL:  could not set group of %s: %s\n",
+						 sock_path, strerror(errno));
+				fputs(PQerrormsg, stderr);
+				pqdebug("%s", PQerrormsg);
+				return STATUS_ERROR;
+			}
+		}
+
+		if (chmod(sock_path, Unix_socket_permissions) == -1)
+		{
+			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+					 "FATAL:  could not set permissions on %s: %s\n",
+					 sock_path, strerror(errno));
+			fputs(PQerrormsg, stderr);
+			pqdebug("%s", PQerrormsg);
+			return STATUS_ERROR;
+		}
+	}
 	return STATUS_OK;
 }

--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.176 2000/10/28 18:27:55 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.177 2000/11/01 21:14:02 petere Exp $
 *
 * NOTES
 *
@ -588,7 +588,7 @@ PostmasterMain(int argc, char *argv[])
 		{
 			fprintf(stderr, "%s: cannot create INET stream port\n",
 					progname);
-			exit(1);
+			ExitPostmaster(1);
 		}
 	}

@ -598,7 +598,7 @@ PostmasterMain(int argc, char *argv[])
 	{
 		fprintf(stderr, "%s: cannot create UNIX stream port\n",
 				progname);
-		exit(1);
+		ExitPostmaster(1);
 	}
 #endif
 	/* set up shared memory and semaphores */
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@ -4,7 +4,7 @@
 * Support for grand unified configuration scheme, including SET
 * command, configuration file, and command line options.
 *
- * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.14 2000/10/11 17:58:01 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.15 2000/11/01 21:14:03 petere Exp $
 *
 * Copyright 2000 by PostgreSQL Global Development Group
 * Written by Peter Eisentraut <peter_e@gmx.net>.
@ -22,6 +22,7 @@

 #include "commands/async.h"
 #include "libpq/auth.h"
+#include "libpq/pqcomm.h"
 #include "miscadmin.h"
 #include "optimizer/cost.h"
 #include "optimizer/geqo.h"
@ -253,6 +254,9 @@ ConfigureNamesInt[] =
 	{"max_expr_depth",          PGC_USERSET,            &max_expr_depth,
 	 DEFAULT_MAX_EXPR_DEPTH, 10, INT_MAX},

+	{"unix_socket_permissions", PGC_POSTMASTER,         &Unix_socket_permissions,
+	 0777, 0000, 0777},
+
    {NULL, 0, NULL, 0, 0, 0}
 };

@ -281,9 +285,12 @@ ConfigureNamesReal[] =
 static struct config_string
 ConfigureNamesString[] =
 {
-	{"krb_server_keyfile",        PGC_USERSET,       &pg_krb_server_keyfile,
+	{"krb_server_keyfile",        PGC_POSTMASTER,       &pg_krb_server_keyfile,
 	 PG_KRB_SRVTAB, NULL},

+	{"unix_socket_group",         PGC_POSTMASTER,       &Unix_socket_group,
+	 "", NULL},
+
 	{NULL, 0, NULL, NULL, NULL}
 };

--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@ -9,7 +9,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: pqcomm.h,v 1.42 2000/09/27 15:17:56 petere Exp $
+ * $Id: pqcomm.h,v 1.43 2000/11/01 21:14:03 petere Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -169,4 +169,12 @@ typedef struct CancelRequestPacket
 */
 #define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679)

+
+/*
+ * Configuration options
+ */
+extern int Unix_socket_permissions;
+
+extern char * Unix_socket_group;
+
 #endif	 /* PQCOMM_H */