Setting a new effective gid requires privileges. We must set the gid
while we potentially still have superuser privileges. Otherwise
setgid(2) fails because we've already changed to an unprivileged uid.
Here is a test case:
[global]
rw=read
directory=tmp
size=512m
buffered=0
[file1]
uid=1000
gid=1000
Without this patch fio will fail when invoked by root.
Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxxxxxxxxxx>
---
fio.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/fio.c b/fio.c
index 8dff813..8cc8fcf 100644
--- a/fio.c
+++ b/fio.c
@@ -1068,14 +1068,18 @@ static void *thread_main(void *data)
*/
fio_mutex_remove(td->mutex);
- if (td->o.uid != -1U && setuid(td->o.uid)) {
- td_verror(td, errno, "setuid");
- goto err;
- }
+ /*
+ * A new gid requires privilege, so we need to do this before setting
+ * the uid.
+ */
if (td->o.gid != -1U && setgid(td->o.gid)) {
td_verror(td, errno, "setgid");
goto err;
}
+ if (td->o.uid != -1U && setuid(td->o.uid)) {
+ td_verror(td, errno, "setuid");
+ goto err;
+ }
/*
* May alter parameters that init_io_u() will use, so we need to
--
1.7.2.3
--
To unsubscribe from this list: send the line "unsubscribe fio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
