Make check_private_dir check for group ownership as appropriate

author: Nick Mathewson <nickm@torproject.org> 2011-05-15 13:11:48 -0400
committer: Nick Mathewson <nickm@torproject.org> 2011-05-15 20:20:30 -0400
commit: f72e792be5437c9ee11d3f498ed3bb469b46d1bb (patch)
tree: 29f2e5a044c793c55dbcb834822ac9075a23c530 /src/common
parent: 287f6cb128c890e31faa951be6d42cd6801f4e59 (diff)
download: tor-f72e792be5437c9ee11d3f498ed3bb469b46d1bb.tar.gz
tor-f72e792be5437c9ee11d3f498ed3bb469b46d1bb.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/common/util.c b/src/common/util.c
index 0e739f2127..1bb116b212 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -30,6 +30,7 @@
 #else
 #include <dirent.h>
 #include <pwd.h>
+#include <grp.h>
 #endif
 
 /* math.h needs this on Linux */
@@ -1736,6 +1737,21 @@ check_private_dir(const char *dirname, cpd_check_t check)
     tor_free(process_ownername);
     return -1;
   }
+  if ((check & CPD_GROUP_OK) && st.st_gid != getgid()) {
+    struct group *gr;
+    char *process_groupname = NULL;
+    gr = getgrgid(getgid());
+    process_groupname = gr ? tor_strdup(gr->gr_name) : tor_strdup("<unknown>");
+    gr = getgrgid(st.st_gid);
+
+    log_warn(LD_FS, "%s is not owned by this group (%s, %d) but by group "
+             "%s (%d).  Are you running Tor as the wrong user?",
+             dirname, process_groupname, (int)getgid(),
+             gr ?  gr->gr_name : "<unknown>", (int)st.st_gid);
+
+    tor_free(process_groupname);
+    return -1;
+  }
   if (check & CPD_GROUP_OK) {
     mask = 0027;
   } else {
author	Nick Mathewson <nickm@torproject.org>	2011-05-15 13:11:48 -0400
committer	Nick Mathewson <nickm@torproject.org>	2011-05-15 20:20:30 -0400
commit	f72e792be5437c9ee11d3f498ed3bb469b46d1bb (patch)
tree	29f2e5a044c793c55dbcb834822ac9075a23c530 /src/common
parent	287f6cb128c890e31faa951be6d42cd6801f4e59 (diff)
download	tor-f72e792be5437c9ee11d3f498ed3bb469b46d1bb.tar.gz tor-f72e792be5437c9ee11d3f498ed3bb469b46d1bb.zip