summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-03-14 19:54:22 +0100
committerLennart Poettering <lennart@poettering.net>2012-03-14 19:54:22 +0100
commit4367379907f40cbe7df6a64e51c36f34dd854197 (patch)
treeefe65c0b74d10f0b98a6c1638890c35a78023c07
parent18da49531e4c6b31bd2439b4d738dc1bb9660af1 (diff)
journalctl: warn if the user is not in the adm group
-rw-r--r--src/journal/journalctl.c11
-rw-r--r--src/util.c30
-rw-r--r--src/util.h2
3 files changed, 42 insertions, 1 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 8db3fc9201..5f8b240b00 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -45,6 +45,7 @@ static bool arg_no_pager = false;
static int arg_lines = -1;
static bool arg_no_tail = false;
static bool arg_new_id128 = false;
+static bool arg_quiet = false;
static int help(void) {
@@ -59,6 +60,7 @@ static int help(void) {
" --no-tail Show all lines, even in follow mode\n"
" -o --output=STRING Change journal output mode (short, short-monotonic,\n"
" verbose, export, json, cat)\n"
+ " -q --quiet Don't show privilege warning\n"
" --new-id128 Generate a new 128 Bit id\n",
program_invocation_short_name);
@@ -84,6 +86,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "lines", required_argument, NULL, 'n' },
{ "no-tail", no_argument, NULL, ARG_NO_TAIL },
{ "new-id128", no_argument, NULL, ARG_NEW_ID128 },
+ { "quiet", no_argument, NULL, 'q' },
{ NULL, 0, NULL, 0 }
};
@@ -92,7 +95,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "hfo:an:", options, NULL)) >= 0) {
+ while ((c = getopt_long(argc, argv, "hfo:an:q", options, NULL)) >= 0) {
switch (c) {
@@ -143,6 +146,9 @@ static int parse_argv(int argc, char *argv[]) {
arg_new_id128 = true;
break;
+ case 'q':
+ arg_quiet = true;
+
case '?':
return -EINVAL;
@@ -204,6 +210,9 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
+ log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off.");
+
r = sd_journal_open(&j, 0);
if (r < 0) {
log_error("Failed to open journal: %s", strerror(-r));
diff --git a/src/util.c b/src/util.c
index 73481abee6..20cbc2b0db 100644
--- a/src/util.c
+++ b/src/util.c
@@ -5608,6 +5608,36 @@ int get_group_creds(const char **groupname, gid_t *gid) {
return 0;
}
+int in_group(const char *name) {
+ gid_t gid, *gids;
+ int ngroups_max, r, i;
+
+ r = get_group_creds(&name, &gid);
+ if (r < 0)
+ return r;
+
+ if (getgid() == gid)
+ return 1;
+
+ if (getegid() == gid)
+ return 1;
+
+ ngroups_max = sysconf(_SC_NGROUPS_MAX);
+ assert(ngroups_max > 0);
+
+ gids = alloca(sizeof(gid_t) * ngroups_max);
+
+ r = getgroups(ngroups_max, gids);
+ if (r < 0)
+ return -errno;
+
+ for (i = 0; i < r; i++)
+ if (gids[i] == gid)
+ return 1;
+
+ return 0;
+}
+
int glob_exists(const char *path) {
glob_t g;
int r, k;
diff --git a/src/util.h b/src/util.h
index 890a3b5d46..b1af6dbe7c 100644
--- a/src/util.h
+++ b/src/util.h
@@ -466,6 +466,8 @@ int socket_from_display(const char *display, char **path);
int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home);
int get_group_creds(const char **groupname, gid_t *gid);
+int in_group(const char *name);
+
int glob_exists(const char *path);
int dirent_ensure_type(DIR *d, struct dirent *de);