diff --git a/src/broker/broker.c b/src/broker/broker.c index 932d3b1bd8f7..df4c43761ff9 100644 --- a/src/broker/broker.c +++ b/src/broker/broker.c @@ -738,6 +738,11 @@ static int checkdir (const char *name, const char *path) log_err ("cannot stat %s %s", name, path); return -1; } + if (sb.st_uid != getuid ()) { + errno = EPERM; + log_err ("%s %s is not owned by instance owner", name, path); + return -1; + } if (!S_ISDIR (sb.st_mode)) { errno = ENOTDIR; log_err ("%s %s", name, path); diff --git a/t/t0001-basic.t b/t/t0001-basic.t index 2f5df8196ffe..499d286536b0 100755 --- a/t/t0001-basic.t +++ b/t/t0001-basic.t @@ -430,13 +430,16 @@ test_expect_success 'broker broker.pid attribute is readable' ' test -n "$BROKERPID" && test "$BROKERPID" -eq "$BROKERPID" ' + test_expect_success 'local-uri override works' ' - newsock=local:///tmp/meep && + sockdir=$(mktemp -d) && + newsock=local://$sockdir/meep && echo $newsock >uri.exp && flux start ${ARGS} \ -o,-Slocal-uri=$newsock \ printenv FLUX_URI >uri.out && - test_cmp uri.exp uri.out + test_cmp uri.exp uri.out && + rm -rf $sockdir ' test_expect_success 'broker fails gracefully when local-uri is malformed' ' test_must_fail flux start ${ARGS} -o,-Slocal-uri=baduri \