[PATCH 0/3] Allow running tgtd as a non-root user

[PATCH 0/3] Allow running tgtd as a non-root user

[Ronnie Sahlberg]

List, Tomo

Please find three trivial patches to allow running tgtd as a normal
unprivileged user.

[PATCH 1/3] tgtd.c: allow oom adjust failures for non-root users

[Ronnie Sahlberg]

If run as non-root, allow failure to adjust the oom settings for
the process without aborting.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
---
 usr/tgtd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/tgtd.c b/usr/tgtd.c
index 23ad413..65bc888 100644
--- a/usr/tgtd.c
+++ b/usr/tgtd.c
@@ -604,7 +604,7 @@ int main(int argc, char **argv)
 	}
 
 	err = oom_adjust();
-	if (err)
+	if (err && getuid() == 0)
 		exit(1);
 
 	err = nr_file_adjust();
-- 
2.1.0

[PATCH 2/3] mgmt: change ipc socket address and make it group writeable

[Ronnie Sahlberg]

Change the ipc socket basename from /var/run/tgtd.ipc_abstract_namespace
to /var/run/tgtd/socket.

/var/run is usually only writeable by root, so putting the ipc socket
and its lockfile directly under /var/run prevents running tgtd as a
non-root user. Thus we place the socket file under /var/run/tgtd instead
and this directory can then be set up as owned and writeable by
a user tgtd and group tgtd.

Second is that ipc_abstract_namespace is unintuitive for what it does.
Lets just call it socket so it is clear that this is just a socket
we use to talk to the daemon with.

We also change the socket to be group writeable. This then will allow
running tgtd as a dedicated group tgtd and then group membership to
tgtd can control who can connect to the daemon.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
---
 usr/mgmt.c   | 2 +-
 usr/tgtadm.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/mgmt.c b/usr/mgmt.c
index 3587f4b..364b3c8 100644
--- a/usr/mgmt.c
+++ b/usr/mgmt.c
@@ -768,7 +768,7 @@ int ipc_init(void)
 
 	sprintf(mgmt_lock_path, "%s.%d.lock", TGT_IPC_NAMESPACE, control_port);
 	ipc_lock_fd = open(mgmt_lock_path, O_WRONLY | O_CREAT,
-			   S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+			   S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
 	if (ipc_lock_fd < 0) {
 		eprintf("failed to open lock file for management IPC\n");
 		return -1;
diff --git a/usr/tgtadm.h b/usr/tgtadm.h
index 4e239c4..866aac9 100644
--- a/usr/tgtadm.h
+++ b/usr/tgtadm.h
@@ -1,7 +1,7 @@
 #ifndef TGTADM_H
 #define TGTADM_H
 
-#define TGT_IPC_NAMESPACE	"/var/run/tgtd.ipc_abstract_namespace"
+#define TGT_IPC_NAMESPACE	"/var/run/tgtd/socket"
 #define TGT_LLD_NAME_LEN	64
 
 #define GLOBAL_TID (~0U)
-- 
2.1.0

[PATCH 3/3] mgmt.c: check that the socket is owned by the current user, not root

[Ronnie Sahlberg]

Change the ipc_perm() check from being a check that the socket user and group
is set to root into instead check that the socket user/group matches
the running tgtd process.
This is needed in order to run tgtd as a normal non-root user.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
---
 usr/mgmt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/mgmt.c b/usr/mgmt.c
index 364b3c8..ebe0fd6 100644
--- a/usr/mgmt.c
+++ b/usr/mgmt.c
@@ -569,7 +569,7 @@ static int ipc_perm(int fd)
 		return -1;
 	}
 
-	if (cred.uid || cred.gid)
+	if (cred.uid != getuid() || cred.gid != getgid())
 		return -EPERM;
 
 	return 0;
-- 
2.1.0