diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-10-18 03:34:43 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-10-18 03:35:58 +0200 |
commit | 15804cebfdf7bef91db1374967ee813cd4a93588 (patch) | |
tree | 8c007c5c5c88bb23c85a8ccfb6e6b4e5c3ed49bf | |
parent | ea117d4fde8b8d0b52f9d32ebd4bc09a5bd2ca8b (diff) |
journalctl: move access check before the first access to the journal files
-rw-r--r-- | src/journal/journalctl.c | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 7d954e8367..5980eb0b48 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -814,6 +814,26 @@ static int verify(sd_journal *j) { return r; } +static int access_check(void) { + +#ifdef HAVE_ACL + if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { + log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); + return -EACCES; + } + + if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) + log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); +#else + if (geteuid() != 0 && in_group("adm") <= 0) { + log_error("No access to messages. Only users in the group 'adm' can see messages."); + return -EACCES; + } +#endif + + return 0; +} + int main(int argc, char *argv[]) { int r; sd_journal *j = NULL; @@ -840,11 +860,14 @@ int main(int argc, char *argv[]) { goto finish; } + r = access_check(); + if (r < 0) + goto finish; + if (arg_directory) r = sd_journal_open_directory(&j, arg_directory, 0); else r = sd_journal_open(&j, arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY); - if (r < 0) { log_error("Failed to open journal: %s", strerror(-r)); goto finish; @@ -874,23 +897,6 @@ int main(int argc, char *argv[]) { goto finish; } -#ifdef HAVE_ACL - if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { - log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); - r = -EACCES; - goto finish; - } - - if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) - log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); -#else - if (geteuid() != 0 && in_group("adm") <= 0) { - log_error("No access to messages. Only users in the group 'adm' can see messages."); - r = -EACCES; - goto finish; - } -#endif - r = add_this_boot(j); if (r < 0) goto finish; |