Allow overriding of perms check on real control path

diff --git a/backends/innduct.c b/backends/innduct.c
index 853a25c37b628f850f076d2e179af8f856b8b039..d29e48f85be113464c1b6b28372cb9b32a8a9ac3 100644 (file)
--- a/backends/innduct.c
+++ b/backends/innduct.c
@@ -23,16 +23,6 @@
  *  with GPLv3.  If not then please let me know.  -Ian Jackson.)
  */
 
-/*
- * todo
- *  specify perms of /tmp/innduct.control
- */
-
-/*
- * debugging rune:
- *  build-lfs/backends/innduct --connection-timeout=30 --no-daemon -C ../inn.conf -f `pwd`/fee sit localhost
- */
-
 /*
  * Newsfeeds file entries should look like this:
  *     host.name.of.site[/exclude,exclude,...]\
@@ -360,6 +350,7 @@ static void connfail(Conn *conn, const char *fmt, ...)         PRINTF(2,3);
 static const oop_rd_style peer_rd_style;
 static oop_rd_call peer_rd_err, peer_rd_ok;
 
+
 /*----- configuration options -----*/
 /* when changing defaults, remember to update the manpage */
 
@@ -377,6 +368,7 @@ static int target_max_feedfile_size=100000;
 static int period_seconds=60;
 static int filepoll_seconds=5;
 static int max_queue_per_ipf=-1;
+static int realsockdir_any_perms=0;
 
 static int connection_setup_timeout=200;
 static int inndcomm_flush_timeout=100;
@@ -1039,7 +1031,7 @@ static void control_init(void) {
       r= mkdir(realsockdir, 0700);
       if (r) NOCONTROL("mkdir real socket dir %s", realsockdir);
 
-    } else {
+    } else if (!realsockdir_any_perms) {
       uid_t self= geteuid();
       if (!S_ISDIR(stab.st_mode) ||
          stab.st_uid != self ||
@@ -3607,6 +3599,7 @@ static const Option innduct_options[]= {
 {'C',"inndconf",         "F",     &inndconffile,             op_string      },
 {'P',"port",             "PORT",  &port,                     op_integer     },
 {0,"ctrl-sock-dir",      0,       &realsockdir,              op_string      },
+{0,"no-ctrl-sock-dir-perms-check",0,&realsockdir_any_perms,  op_setint, 0   },
 {0,"help",               0,       0,                         help           },
 
 {0,"max-connections",    "N",     &max_connections,          op_integer     },
@@ -3765,7 +3758,7 @@ int main(int argc, char **argv) {
 
   int val= 1;
   r= SMsetup(SM_PREOPEN, &val); if (!r) warn("SMsetup SM_PREOPEN failed");
-  r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed");
+//  r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed");
 
   if (!become_daemon)
     control_stdio();

diff --git a/doc/man/innduct.8 b/doc/man/innduct.8
index 580f317ed853af04e96c463253e3b87fb1c4913a..fa6cede7b7f6d76b1203b24d3b223c42ea2ff1a7 100644 (file)
--- a/doc/man/innduct.8
+++ b/doc/man/innduct.8
@@ -106,13 +106,13 @@ Read
 instead of the default
 .BR inn.conf .
 .TP
-.BI \-\-ctrl-sock-dir= DIR
+.BI \-\-ctrl-sock-dir= CTRL-SOCK-DIR
 Use
-.I DIR
+.I CTRL-SOCK-DIR
 as the directory to contain the actual control socket.  See
 CONTROLLING INNDUCT, below.
 If
-.I DIR
+.I CTRL-SOCK-DIR
 does not exist it will be created with mode 0700; if it does
 exist it must not be a symlink and must be owned by the user running
 innduct and have no access for "other".  If the control socket cannot
@@ -120,6 +120,13 @@ be set up (for this or any other reason), a warning is logged, but
 such situations are not fatal for innduct's startup.  The default is
 .BR /tmp/innduct.control .
 .TP
+.BI \-\-no-ctrl-sock-dir-perms-check
+Use an existing
+.I CTRL-SOCK-DIR
+even if it has unexpected permissions and ownership.  Note that this
+is not safe with the default value of
+.IR CTRL-SOCK-DIR .
+.TP
 .BI \-\-port= PORT
 Connect to port
 .I PORT