From 4367379907f40cbe7df6a64e51c36f34dd854197 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 14 Mar 2012 19:54:22 +0100 Subject: [PATCH] journalctl: warn if the user is not in the adm group --- src/journal/journalctl.c | 11 ++++++++++- src/util.c | 30 ++++++++++++++++++++++++++++++ src/util.h | 2 ++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 8db3fc920..5f8b240b0 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -45,6 +45,7 @@ static bool arg_no_pager = false; static int arg_lines = -1; static bool arg_no_tail = false; static bool arg_new_id128 = false; +static bool arg_quiet = false; static int help(void) { @@ -59,6 +60,7 @@ static int help(void) { " --no-tail Show all lines, even in follow mode\n" " -o --output=STRING Change journal output mode (short, short-monotonic,\n" " verbose, export, json, cat)\n" + " -q --quiet Don't show privilege warning\n" " --new-id128 Generate a new 128 Bit id\n", program_invocation_short_name); @@ -84,6 +86,7 @@ static int parse_argv(int argc, char *argv[]) { { "lines", required_argument, NULL, 'n' }, { "no-tail", no_argument, NULL, ARG_NO_TAIL }, { "new-id128", no_argument, NULL, ARG_NEW_ID128 }, + { "quiet", no_argument, NULL, 'q' }, { NULL, 0, NULL, 0 } }; @@ -92,7 +95,7 @@ static int parse_argv(int argc, char *argv[]) { assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "hfo:an:", options, NULL)) >= 0) { + while ((c = getopt_long(argc, argv, "hfo:an:q", options, NULL)) >= 0) { switch (c) { @@ -143,6 +146,9 @@ static int parse_argv(int argc, char *argv[]) { arg_new_id128 = true; break; + case 'q': + arg_quiet = true; + case '?': return -EINVAL; @@ -204,6 +210,9 @@ int main(int argc, char *argv[]) { goto finish; } + if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) + log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off."); + r = sd_journal_open(&j, 0); if (r < 0) { log_error("Failed to open journal: %s", strerror(-r)); diff --git a/src/util.c b/src/util.c index 73481abee..20cbc2b0d 100644 --- a/src/util.c +++ b/src/util.c @@ -5608,6 +5608,36 @@ int get_group_creds(const char **groupname, gid_t *gid) { return 0; } +int in_group(const char *name) { + gid_t gid, *gids; + int ngroups_max, r, i; + + r = get_group_creds(&name, &gid); + if (r < 0) + return r; + + if (getgid() == gid) + return 1; + + if (getegid() == gid) + return 1; + + ngroups_max = sysconf(_SC_NGROUPS_MAX); + assert(ngroups_max > 0); + + gids = alloca(sizeof(gid_t) * ngroups_max); + + r = getgroups(ngroups_max, gids); + if (r < 0) + return -errno; + + for (i = 0; i < r; i++) + if (gids[i] == gid) + return 1; + + return 0; +} + int glob_exists(const char *path) { glob_t g; int r, k; diff --git a/src/util.h b/src/util.h index 890a3b5d4..b1af6dbe7 100644 --- a/src/util.h +++ b/src/util.h @@ -466,6 +466,8 @@ int socket_from_display(const char *display, char **path); int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home); int get_group_creds(const char **groupname, gid_t *gid); +int in_group(const char *name); + int glob_exists(const char *path); int dirent_ensure_type(DIR *d, struct dirent *de);