Ensure that file logging uses the correct username.

src/logging.c

@@ -66,11 +66,15 @@ int mqtt3_log_init(struct mqtt3_config *config)
 	}
 
 	if(log_destinations & MQTT3_LOG_FILE){
+		if(drop_privileges(config, true)){
+			return 1;
+		}
 		config->log_fptr = _mosquitto_fopen(config->log_file, "at");
 		if(!config->log_fptr){
 			_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to open log file %s for writing.", config->log_file);
 			return MOSQ_ERR_INVAL;
 		}
+		restore_privileges();
 	}
 	return rc;
 }
@@ -87,6 +91,7 @@ int mqtt3_log_close(struct mqtt3_config *config)
 	if(log_destinations & MQTT3_LOG_FILE){
 		if(config->log_fptr){
 			fclose(config->log_fptr);
+			config->log_fptr = NULL;
 		}
 	}
 

src/mosquitto.c

@@ -64,7 +64,6 @@ int allow_severity = LOG_INFO;
 int deny_severity = LOG_INFO;
 #endif
 
-int drop_privileges(struct mqtt3_config *config);
 void handle_sigint(int signal);
 void handle_sigusr1(int signal);
 void handle_sigusr2(int signal);
@@ -82,11 +81,12 @@ struct mosquitto_db *_mosquitto_get_db(void)
  * Note that setting config->user to "root" does not produce an error, but it
  * strongly discouraged.
  */
-int drop_privileges(struct mqtt3_config *config)
+int drop_privileges(struct mqtt3_config *config, bool temporary)
 {
 #if !defined(__CYGWIN__) && !defined(WIN32)
 	struct passwd *pwd;
 	char err[256];
+	int rc;
 
 	if(geteuid() == 0){
 		if(config->user && strcmp(config->user, "root")){
@@ -100,12 +100,22 @@ int drop_privileges(struct mqtt3_config *config)
 				_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting groups whilst dropping privileges: %s.", err);
 				return 1;
 			}
-			if(setgid(pwd->pw_gid) == -1){
+			if(temporary){
+				rc = setegid(pwd->pw_gid);
+			}else{
+				rc = setgid(pwd->pw_gid);
+			}
+			if(rc == -1){
 				strerror_r(errno, err, 256);
 				_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst dropping privileges: %s.", err);
 				return 1;
 			}
-			if(setuid(pwd->pw_uid) == -1){
+			if(temporary){
+				rc = seteuid(pwd->pw_uid);
+			}else{
+				rc = setuid(pwd->pw_uid);
+			}
+			if(rc == -1){
 				strerror_r(errno, err, 256);
 				_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst dropping privileges: %s.", err);
 				return 1;
@@ -119,6 +129,30 @@ int drop_privileges(struct mqtt3_config *config)
 	return MOSQ_ERR_SUCCESS;
 }
 
+int restore_privileges(void)
+{
+#if !defined(__CYGWIN__) && !defined(WIN32)
+	char err[256];
+	int rc;
+
+	if(getuid() == 0){
+		rc = setegid(0);
+		if(rc == -1){
+			strerror_r(errno, err, 256);
+			_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst restoring privileges: %s.", err);
+			return 1;
+		}
+		rc = seteuid(0);
+		if(rc == -1){
+			strerror_r(errno, err, 256);
+			_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst restoring privileges: %s.", err);
+			return 1;
+		}
+	}
+#endif
+	return MOSQ_ERR_SUCCESS;
+}
+
 #ifdef SIGHUP
 /* Signal handler for SIGHUP - flag a config reload. */
 void handle_sighup(int signal)
@@ -305,7 +339,7 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	rc = drop_privileges(&config);
+	rc = drop_privileges(&config, false);
 	if(rc != MOSQ_ERR_SUCCESS) return rc;
 
 	signal(SIGINT, handle_sigint);

src/mosquitto_broker.h

@@ -349,6 +349,9 @@ int mqtt3_config_read(struct mqtt3_config *config, bool reload);
 /* Free all config data. */
 void mqtt3_config_cleanup(struct mqtt3_config *config);
 
+int drop_privileges(struct mqtt3_config *config, bool temporary);
+int restore_privileges(void);
+
 /* ============================================================
  * Server send functions
  * ============================================================ */