Skip to content

Commit d56910b

Browse files
bdevcichbdevcich
committed
dcp: Restore UID/GID after setting with --uid/--gid
When `--uid` or `--gid` is used, MPI_Init() is called as the original user. The original uid/gid is not being restored prior to calling MPI_Finalize(), which leads to cleanup issues. Resolves #585. Signed-off-by: Blake Devcich <[email protected]>
1 parent 0a4c530 commit d56910b

File tree

1 file changed

+59
-10
lines changed

1 file changed

+59
-10
lines changed

src/dcp/dcp.c

+59-10
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@
1919

2020
#include "mfu_errors.h"
2121

22+
/* Max number of groups for get/setgroups */
23+
#define MAX_GIDS 100
24+
2225
static int input_flist_skip(const char* name, void *args)
2326
{
2427
/* nothing to do if args are NULL */
@@ -111,7 +114,10 @@ int main(int argc, char** argv)
111114
int rc = 0;
112115

113116
/* effective group/user id */
114-
uid_t gid = 0, uid = 0;
117+
uid_t egid = 0, euid = 0;
118+
uid_t gid = getegid(), uid = geteuid();
119+
uid_t gids[MAX_GIDS];
120+
int gids_count = 0;
115121

116122
/* initialize MPI */
117123
MPI_Init(&argc, &argv);
@@ -332,10 +338,10 @@ int main(int argc, char** argv)
332338
mfu_progress_timeout = atoi(optarg);
333339
break;
334340
case 'G':
335-
gid = atoi(optarg);
341+
egid = atoi(optarg);
336342
break;
337343
case 'U':
338-
uid = atoi(optarg);
344+
euid = atoi(optarg);
339345
break;
340346
case 'v':
341347
mfu_debug_level = MFU_LOG_VERBOSE;
@@ -396,7 +402,17 @@ int main(int argc, char** argv)
396402
}
397403

398404
/* setgroups before set gid or uid */
399-
if (gid > 0 || uid > 0) {
405+
if (egid > 0 || euid > 0) {
406+
/* record the original groups */
407+
gids_count = getgroups(MAX_GIDS, &gids);
408+
if (gids_count < 0) {
409+
MFU_LOG(MFU_LOG_ERR, "Could not getgroups: %s", strerror(errno));
410+
mfu_finalize();
411+
MPI_Finalize();
412+
return 1;
413+
}
414+
415+
/* clear groups */
400416
if (setgroups(0, NULL) < 0) {
401417
MFU_LOG(MFU_LOG_ERR, "Could not setgroups: %s", strerror(errno));
402418
mfu_finalize();
@@ -406,25 +422,25 @@ int main(int argc, char** argv)
406422
}
407423

408424
/* set egid */
409-
if (gid > 0) {
410-
if (setegid(gid) < 0) {
425+
if (egid > 0) {
426+
if (setegid(egid) < 0) {
411427
MFU_LOG(MFU_LOG_ERR, "Could not set Group ID: %s", strerror(errno));
412428
mfu_finalize();
413429
MPI_Finalize();
414430
return 1;
415431
}
416-
MFU_LOG(MFU_LOG_INFO, "Set Group ID to %u", gid);
432+
MFU_LOG(MFU_LOG_DBG, "Set Group ID to %u", egid);
417433
}
418434

419435
/* set euid */
420-
if (uid > 0) {
421-
if (seteuid(uid) < 0) {
436+
if (euid > 0) {
437+
if (seteuid(euid) < 0) {
422438
MFU_LOG(MFU_LOG_ERR, "Could not set User ID: %s", strerror(errno));
423439
mfu_finalize();
424440
MPI_Finalize();
425441
return 1;
426442
}
427-
MFU_LOG(MFU_LOG_INFO, "Set User ID to %u", uid);
443+
MFU_LOG(MFU_LOG_DBG, "Set User ID to %u", euid);
428444
}
429445

430446

@@ -570,6 +586,39 @@ int main(int argc, char** argv)
570586
daos_cleanup(daos_args, mfu_src_file, mfu_dst_file);
571587
#endif
572588

589+
/* restore uid */
590+
if (euid > 0) {
591+
if (seteuid(uid) < 0) {
592+
MFU_LOG(MFU_LOG_ERR, "Could not restore original User ID: %s", strerror(errno));
593+
mfu_finalize();
594+
MPI_Finalize();
595+
return 1;
596+
}
597+
MFU_LOG(MFU_LOG_DBG, "Restored User ID back to %u", uid);
598+
}
599+
600+
/* restore gid */
601+
if (egid > 0) {
602+
if (setegid(gid) < 0) {
603+
MFU_LOG(MFU_LOG_ERR, "Could not restore original Group ID: %s", strerror(errno));
604+
mfu_finalize();
605+
MPI_Finalize();
606+
return 1;
607+
}
608+
MFU_LOG(MFU_LOG_DBG, "Restored Group ID back to %u", gid);
609+
}
610+
611+
/* restore groups*/
612+
if (egid > 0 || euid > 0) {
613+
if (setgroups(gids_count, gids) < 0) {
614+
MFU_LOG(MFU_LOG_ERR, "Could not setgroups: %s", strerror(errno));
615+
mfu_finalize();
616+
MPI_Finalize();
617+
return 1;
618+
}
619+
MFU_LOG(MFU_LOG_DBG, "Restored GIDs");
620+
}
621+
573622
/* free the file list */
574623
mfu_flist_free(&flist);
575624

0 commit comments

Comments
 (0)