diff options
| author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2023-06-15 07:33:26 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-15 07:33:26 -0400 |
| commit | 39e629e24cf176963d112ec54fd1db1a24afc5b5 (patch) | |
| tree | 2b99b8abe8a302970722d778d668470f8566ace7 /daemon/analytics.c | |
| parent | 4ce6422c9fac738138842b332b54bcc75ae82e3d (diff) | |
Consistently start the agent as root and rely on it to drop privileges properly. (#14890)
* Consolidate preparation of required directories.
The only differences between cases where the prep is done is how we
derive the UID and GID that get passed to some of the functions. By just
encapsulating the preparation in a function like this, we make this
differentiation obvious while also making it easier to modify what
directories need to be created or prepared.
* Create the log directory if it does not already exist.
We treat the log directory not existing as a fatal error, but we can (in
most cases) just create it on startup, so just do so.
* Trust netdata to handle dropping privileges itself.
This allows more correct behavior with respect to handling of required
directories, and also ensures that our system service scripts properly
support running the agent as arbitrary users instead of requiring it to
run as the user configured at build time.
* Fix build issues.
* Move directory creation to be done alongside directory existence checks.
* Fix syntax errors and address review feedback.
Diffstat (limited to 'daemon/analytics.c')
| -rw-r--r-- | daemon/analytics.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/daemon/analytics.c b/daemon/analytics.c index 2689886bd7..cbe6ded79d 100644 --- a/daemon/analytics.c +++ b/daemon/analytics.c @@ -632,6 +632,17 @@ static const char *verify_required_directory(const char *dir) return dir; } +static const char *verify_or_create_required_directory(const char *dir) { + int result; + + result = mkdir(dir, 0755); + + if (result != 0 && errno != EEXIST) + fatal("Cannot create required directory '%s'", dir); + + return verify_required_directory(dir); +} + /* * This is called after the rrdinit * These values will be sent on the START event @@ -827,11 +838,11 @@ void set_global_environment() setenv("NETDATA_STOCK_CONFIG_DIR", verify_required_directory(netdata_configured_stock_config_dir), 1); setenv("NETDATA_PLUGINS_DIR", verify_required_directory(netdata_configured_primary_plugins_dir), 1); setenv("NETDATA_WEB_DIR", verify_required_directory(netdata_configured_web_dir), 1); - setenv("NETDATA_CACHE_DIR", verify_required_directory(netdata_configured_cache_dir), 1); - setenv("NETDATA_LIB_DIR", verify_required_directory(netdata_configured_varlib_dir), 1); - setenv("NETDATA_LOCK_DIR", netdata_configured_lock_dir, 1); - setenv("NETDATA_LOG_DIR", verify_required_directory(netdata_configured_log_dir), 1); - setenv("HOME", verify_required_directory(netdata_configured_home_dir), 1); + setenv("NETDATA_CACHE_DIR", verify_or_create_required_directory(netdata_configured_cache_dir), 1); + setenv("NETDATA_LIB_DIR", verify_or_create_required_directory(netdata_configured_varlib_dir), 1); + setenv("NETDATA_LOCK_DIR", verify_or_create_required_directory(netdata_configured_lock_dir), 1); + setenv("NETDATA_LOG_DIR", verify_or_create_required_directory(netdata_configured_log_dir), 1); + setenv("HOME", verify_or_create_required_directory(netdata_configured_home_dir), 1); setenv("NETDATA_HOST_PREFIX", netdata_configured_host_prefix, 1); { |