From 2e43829a776933eb8703db447d6c5cb3160ec504 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 4 Jul 2011 18:09:00 +0200
Subject: [PATCH] Set ownership of domain socket when starting

---
 src/main/command.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/main/command.c b/src/main/command.c
index 85f76c7..f2406a5 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -1928,6 +1928,23 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
 		return -1;
 	}
 
+#if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
+	/*
+	 *	Don't chown it from (possibly) non-root to root.
+	 *	Do chown it from (possibly) root to non-root.
+	 */
+	if ((sock->uid != 0) && (sock->gid != 0)) {
+		fr_suid_up();
+		if (fchown(this->fd, sock->uid, sock->gid) < 0) {
+			radlog(L_ERR, "Failed setting ownership of %s: %s",
+			       sock->path, strerror(errno));
+			fr_suid_down();
+			return -1;
+		}
+		fr_suid_down();
+	}
+#endif
+
 	return 0;
 }
 
-- 
2.1.4