Restore file ownership when editing with root privilege
When a privileged :write is used with -method replace, it silently resets the ownership of files to root:root. Restore the original owner and group in the same way we restore the original permissions. Ownership needs to be restored before permissions to avoid setuid and setgid bits being set while the file is still owned by root, and to avoid them being subsequently lost again on chmod(2).
This commit is contained in:
parent
05bbdb27c9
commit
d3af9b57d4
|
@ -376,6 +376,8 @@ void write_buffer_to_file(Buffer& buffer, StringView filename,
|
||||||
throw runtime_error("replacing file failed");
|
throw runtime_error("replacing file failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (replace and geteuid() == 0 and ::chown(zfilename, st.st_uid, st.st_gid) < 0)
|
||||||
|
throw runtime_error(format("unable to restore file ownership: {}", strerror(errno)));
|
||||||
if ((force or replace) and ::chmod(zfilename, st.st_mode) < 0)
|
if ((force or replace) and ::chmod(zfilename, st.st_mode) < 0)
|
||||||
throw runtime_error(format("unable to restore file permissions: {}", strerror(errno)));
|
throw runtime_error(format("unable to restore file permissions: {}", strerror(errno)));
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user