summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-10-18 03:34:43 +0200
committerLennart Poettering <lennart@poettering.net>2012-10-18 03:35:58 +0200
commit15804cebfdf7bef91db1374967ee813cd4a93588 (patch)
tree8c007c5c5c88bb23c85a8ccfb6e6b4e5c3ed49bf
parentea117d4fde8b8d0b52f9d32ebd4bc09a5bd2ca8b (diff)
journalctl: move access check before the first access to the journal files
-rw-r--r--src/journal/journalctl.c42
1 files changed, 24 insertions, 18 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 7d954e8367..5980eb0b48 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -814,6 +814,26 @@ static int verify(sd_journal *j) {
return r;
}
+static int access_check(void) {
+
+#ifdef HAVE_ACL
+ if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) {
+ log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages.");
+ return -EACCES;
+ }
+
+ if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
+ log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off.");
+#else
+ if (geteuid() != 0 && in_group("adm") <= 0) {
+ log_error("No access to messages. Only users in the group 'adm' can see messages.");
+ return -EACCES;
+ }
+#endif
+
+ return 0;
+}
+
int main(int argc, char *argv[]) {
int r;
sd_journal *j = NULL;
@@ -840,11 +860,14 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ r = access_check();
+ if (r < 0)
+ goto finish;
+
if (arg_directory)
r = sd_journal_open_directory(&j, arg_directory, 0);
else
r = sd_journal_open(&j, arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY);
-
if (r < 0) {
log_error("Failed to open journal: %s", strerror(-r));
goto finish;
@@ -874,23 +897,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
-#ifdef HAVE_ACL
- if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) {
- log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages.");
- r = -EACCES;
- goto finish;
- }
-
- if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
- log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off.");
-#else
- if (geteuid() != 0 && in_group("adm") <= 0) {
- log_error("No access to messages. Only users in the group 'adm' can see messages.");
- r = -EACCES;
- goto finish;
- }
-#endif
-
r = add_this_boot(j);
if (r < 0)
goto finish;