daemon: Set ownership of kept build directories to the calling user.

Fixes <http://bugs.gnu.org/15890>. * nix/libstore/globals.hh (Settings) Add clientUid and clientGid. * nix/nix-daemon/nix-daemon.cc (daemonLoop] Store UID and GID of the caller in settings. * nix/libstore/build.cc (_chown): New function. (DerivationGoal::deleteTmpDir): Use it, change ownership of build directory if it is kept and the new owner is not root.
2025-10-02 02:15:12 +00:00 · 2016-11-21 19:49:12 +01:00 · 2016-11-21 19:49:12 +01:00 · 2608e40988
commit 2608e40988
parent 43e8824d3c
3 changed files with 39 additions and 0 deletions
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@ -960,6 +960,18 @@ static void daemonLoop()
                    strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1]));
                }

+#if defined(SO_PEERCRED)
+                /* Store the client's user and group for this connection. This
+                   has to be done in the forked process since it is per
+                   connection. */
+                settings.clientUid = cred.uid;
+                settings.clientGid = cred.gid;
+#else
+                /* Setting these to -1 means: do not change */
+                settings.clientUid = (uid_t) -1;
+                settings.clientGid = (gid_t) -1;
+#endif
+
                /* Handle the connection. */
                from.fd = remote;
                to.fd = remote;