From 4c7c6631cc5a27cc6b4431f5ad3805a2d624c5f5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 19 Dec 2021 21:19:25 -0600 Subject: Set owner of login protectors to correct user When the root user creates a login protector for a non-root user, make sure to chown() the protector file to make it owned by the user. Without this, the protector cannot be updated by the user, which causes it to get out of sync if the user changes their login passphrase. Fixes https://github.com/google/fscrypt/issues/319 --- util/util.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'util/util.go') diff --git a/util/util.go b/util/util.go index d97a7ae..1dab335 100644 --- a/util/util.go +++ b/util/util.go @@ -121,9 +121,14 @@ func AtoiOrPanic(input string) int { return i } +// UserFromUID returns the User corresponding to the given user id. +func UserFromUID(uid int64) (*user.User, error) { + return user.LookupId(strconv.FormatInt(uid, 10)) +} + // EffectiveUser returns the user entry corresponding to the effective user. func EffectiveUser() (*user.User, error) { - return user.LookupId(strconv.Itoa(os.Geteuid())) + return UserFromUID(int64(os.Geteuid())) } // IsUserRoot checks if the effective user is root. @@ -131,6 +136,13 @@ func IsUserRoot() bool { return os.Geteuid() == 0 } +// Chown changes the owner of a File to a User. +func Chown(file *os.File, user *user.User) error { + uid := AtoiOrPanic(user.Uid) + gid := AtoiOrPanic(user.Gid) + return file.Chown(uid, gid) +} + // IsKernelVersionAtLeast returns true if the Linux kernel version is at least // major.minor. If something goes wrong it assumes false. func IsKernelVersionAtLeast(major, minor int) bool { -- cgit v1.2.3