diff options
| author | Samuel Cabrero <scabrero@suse.de> | 2022-08-31 11:26:57 +0200 |
|---|---|---|
| committer | Samuel Cabrero <scabrero@suse.de> | 2022-08-31 13:07:45 +0200 |
| commit | 601bb55ff453022dad5c548e9dfb0f11691ee05a (patch) | |
| tree | 1ef0be1ba1979a7bab5ff2ad24f07e0d1cbd14c1 | |
| parent | 3d77c47356ef152fcd9345053c6001c861bc5426 (diff) | |
tools: Set umask before calling mkdtemp()
When adcli is called from sssd it inherits the sssd's umask (0177) and as
the default sssd.service file drops CAP_DAC_OVERRIDE, the result is that
the directory is created with mode 0600 and the krb5.conf snippet can't be
created even running as root.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
| -rw-r--r-- | tools/tools.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/tools/tools.c b/tools/tools.c index e11c336..c78548b 100644 --- a/tools/tools.c +++ b/tools/tools.c @@ -343,7 +343,14 @@ setup_krb5_conf_directory (adcli_conn *conn) } if (!failed) { - if (mkdtemp (directory) == NULL) { + mode_t old_umask; + char *dtemp = NULL; + + old_umask = umask (0077); + dtemp = mkdtemp (directory); + umask (old_umask); + + if (dtemp == NULL) { errn = errno; failed = 1; warnx ("couldn't create temporary directory in: %s: %s", |