File 0012-Configurable-local-socket-group-permission-for-daemo.patch of Package sblim-sfcb.23461

From 281330e01cafe3d3271767b2fab97f45f9c9d3e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Fri, 5 Nov 2010 21:48:18 +0100
Subject: [PATCH 12/25] Configurable local socket group permission for daemon
 clients

(Chris_Poblete@Dell.com)

In our environment where we use Sfcb, services are run as root. One of
the services is a web service that runs worker threads as daemon user.
A worker thread connects to Sfcb through the local socket interface in
Sfcc. The connection is failing since the local socket file permission
is set to 755 for user:group root:root and the worker thread is
running as daemon:daemon.

Solution:

The proposal allows the socket file group permission to be set to a
specific group. The group name is defined in the Sfcb configuration
file. Once set, the group shall have write permission to the socket
file which will allow the local socket connection.  By default, the
group name is not set and the default permission is used.  Security is
preserved since the configuration file is writable only by user root
(when properly installed).  The installation shall be responsible for
assigning a trusted group as applicable.
---
 msgqueue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/msgqueue.c b/msgqueue.c
index 69d30b391b65..ec62cd73d6d9 100644
--- a/msgqueue.c
+++ b/msgqueue.c
@@ -29,8 +29,8 @@
 #include <sys/stat.h>
 #include <unistd.h>
 #include <stddef.h>
-#include "control.h"
 #include <grp.h>
+#include "control.h"
 
 extern unsigned long exFlags;
 
-- 
2.15.0