From b71a228538f78fe96e22fa1635cadaf620d4a07a Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 23 Jul 2020 00:55:49 -0400 Subject: [PATCH] swtpm_setup: Only change file and directory ownership if needed Change the file and directory ownership of tcsd related files only if it is absolutely needed. It is not needed if we are running as user TCSD_USER in group TCSD_GROUP because then the files were created with the needed owner and group. This avoids problems when trying to change file ownership when invoked by libvirt where we do not have the capabilities to change file ownership even as root. Signed-off-by: Stefan Berger --- src/swtpm_setup/swtpm_setup.sh.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/swtpm_setup/swtpm_setup.sh.in b/src/swtpm_setup/swtpm_setup.sh.in index d26ce6a..c61bbb8 100755 --- a/src/swtpm_setup/swtpm_setup.sh.in +++ b/src/swtpm_setup/swtpm_setup.sh.in @@ -550,16 +550,16 @@ EOF else chmod 0640 "$TCSD_CONFIG" fi - if [ $(id -u) -eq 0 ]; then + if [ $(id -u) -eq 0 ] && \ + [ $(id -u) -ne $(id -u @TSS_USER@) -o $(id -g) -ne $(id -g @TSS_GROUP@) ]; then chown "@TSS_USER@:@TSS_GROUP@" "$TCSD_CONFIG" 2>/dev/null + if [ $? -ne 0 ]; then + logerr "Could not change ownership on $TCSD_CONFIG to ${user}:${group}." + return 1 + fi chown "@TSS_USER@:@TSS_GROUP@" "$TCSD_DATA_DIR" 2>/dev/null chown "@TSS_USER@:@TSS_GROUP@" "$TCSD_DATA_FILE" 2>/dev/null fi - if [ $? -ne 0 ]; then - logerr "Could not change ownership on $TCSD_CONFIG to ${user}:${group}." - ls -l "$TCSD_CONFIG" - return 1 - fi # make sure tcsd is gone stop_tcsd 1