Having /var/lib/nfs writeable by statd is not ideal
as there are files in there that statd doesn't need
to access.
After dropping privs, statd and sm-notify only need to
access files in the directories sm and sm.bak.
So take the uid for these deamons from 'sm'.
Signed-off-by: NeilBrown <neilb@xxxxxxx>
---
support/nsm/file.c | 16 +++++-----------
utils/statd/sm-notify.man | 10 +++++++++-
utils/statd/statd.man | 10 +++++++++-
3 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/support/nsm/file.c b/support/nsm/file.c
index 0b66f123165e..f5b448015751 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -388,23 +388,17 @@ nsm_drop_privileges(const int pidfd)
(void)umask(S_IRWXO);
- /*
- * XXX: If we can't stat dirname, or if dirname is owned by
- * root, we should use "statduser" instead, which is set up
- * by configure.ac. Nothing in nfs-utils seems to use
- * "statduser," though.
- */
- if (lstat(nsm_base_dirname, &st) == -1) {
- xlog(L_ERROR, "Failed to stat %s: %m", nsm_base_dirname);
- return false;
- }
-
if (chdir(nsm_base_dirname) == -1) {
xlog(L_ERROR, "Failed to change working directory to %s: %m",
nsm_base_dirname);
return false;
}
+ if (lstat(NSM_MONITOR_DIR, &st) == -1) {
+ xlog(L_ERROR, "Failed to stat %s/%s: %m", nsm_base_dirname, NSM_MONITOR_DIR);
+ return false;
+ }
+
if (!prune_bounding_set())
return false;
diff --git a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man
index cfe1e4b1dac8..addf5d3c028e 100644
--- a/utils/statd/sm-notify.man
+++ b/utils/statd/sm-notify.man
@@ -190,7 +190,15 @@ by default.
After starting,
.B sm-notify
attempts to set its effective UID and GID to the owner
-and group of this directory.
+and group of the subdirectory
+.B sm
+of this directory. After changing the effective ids,
+.B sm-notify
+only needs to access files in
+.B sm
+and
+.B sm.bak
+within the state-directory-path.
.TP
.BI -v " ipaddr " | " hostname
Specifies the network address from which to send reboot notifications,
diff --git a/utils/statd/statd.man b/utils/statd/statd.man
index 71d58461b5ea..6222701e38a8 100644
--- a/utils/statd/statd.man
+++ b/utils/statd/statd.man
@@ -259,7 +259,15 @@ by default.
After starting,
.B rpc.statd
attempts to set its effective UID and GID to the owner
-and group of this directory.
+and group of the subdirectory
+.B sm
+of this directory. After changing the effective ids,
+.B rpc.statd
+only needs to access files in
+.B sm
+and
+.B sm.bak
+within the state-directory-path.
.TP
.BR -v ", " -V ", " --version
Causes
