diod: log access policy

Problem: when diod starts, it may not be clear which access policy has been enacted. Log it.
chaos · Jan 20, 2025 · 4684e5c · 4684e5c
1 parent 06e325b
commit 4684e5c
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/src/cmd/diod.c b/src/cmd/diod.c
@@ -507,6 +507,22 @@ _test_setgroups (void)
 }
 #endif /* USE_IMPERSONATION_LINUX */
 
+/* Look up user name of effective uid.
+ * The result is only valid until the next call, and this is not thread safe.
+ */
+static const char *
+_geteuser (void)
+{
+    static char idstr[16];
+    struct passwd *pw = getpwuid (geteuid ());
+
+    if (!pw) {
+        snprintf (idstr, sizeof (idstr), "%d", geteuid ());
+        return idstr;
+    }
+    return pw->pw_name;
+}
+
 static void
 _service_run (srvmode_t mode, int rfdno, int wfdno)
 {
@@ -564,6 +580,16 @@ _service_run (srvmode_t mode, int rfdno, int wfdno)
             _become_user (NULL, diod_conf_get_runasuid ());
     }
 
+    /* report */
+    if (diod_conf_opt_runasuid ()) {
+        const char *user = _geteuser ();
+        msg ("Only %s can attach and access files as %s", user, user);
+    }
+    else if (diod_conf_get_allsquash ())
+        msg ("Anyone can attach and access files as %s", _geteuser ());
+    else
+        msg ("Anyone can attach and access files as themselves");
+
     /* clear umask */
     umask (0);