diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-10-18 03:34:43 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-10-18 03:35:58 +0200 | 
| commit | 15804cebfdf7bef91db1374967ee813cd4a93588 (patch) | |
| tree | 8c007c5c5c88bb23c85a8ccfb6e6b4e5c3ed49bf /src | |
| parent | ea117d4fde8b8d0b52f9d32ebd4bc09a5bd2ca8b (diff) | |
journalctl: move access check before the first access to the journal files
Diffstat (limited to 'src')
| -rw-r--r-- | src/journal/journalctl.c | 42 | 
1 files changed, 24 insertions, 18 deletions
| diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 7d954e8367..5980eb0b48 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -814,6 +814,26 @@ static int verify(sd_journal *j) {          return r;  } +static int access_check(void) { + +#ifdef HAVE_ACL +        if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { +                log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); +                return -EACCES; +        } + +        if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) +                log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); +#else +        if (geteuid() != 0 && in_group("adm") <= 0) { +                log_error("No access to messages. Only users in the group 'adm' can see messages."); +                return -EACCES; +        } +#endif + +        return 0; +} +  int main(int argc, char *argv[]) {          int r;          sd_journal *j = NULL; @@ -840,11 +860,14 @@ int main(int argc, char *argv[]) {                  goto finish;          } +        r = access_check(); +        if (r < 0) +                goto finish; +          if (arg_directory)                  r = sd_journal_open_directory(&j, arg_directory, 0);          else                  r = sd_journal_open(&j, arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY); -          if (r < 0) {                  log_error("Failed to open journal: %s", strerror(-r));                  goto finish; @@ -874,23 +897,6 @@ int main(int argc, char *argv[]) {                  goto finish;          } -#ifdef HAVE_ACL -        if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { -                log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); -                r = -EACCES; -                goto finish; -        } - -        if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) -                log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); -#else -        if (geteuid() != 0 && in_group("adm") <= 0) { -                log_error("No access to messages. Only users in the group 'adm' can see messages."); -                r = -EACCES; -                goto finish; -        } -#endif -          r = add_this_boot(j);          if (r < 0)                  goto finish; | 
