[Dnsmasq-discuss] [PATCH] Preserve existing log file permissions when adding group-write bit.

[Florian Margaine]

Hi,

Commit 1f8f78a49b8fd ("Add root group writeable flag to log file")
introduced a fchmod() call in log_start() that resets the file mode
to a hardcoded value (0660), discarding any pre-existing permissions.
This broke our usage of dnsmasq where we create the log file with
specific permissions before starting dnsmasq in an LXC container
namespace, so that unprivileged users inside the container can read
the log. The hardcoded mode strips those permissions on startup.

Use the existing stat result to OR in S_IWGRP instead, equivalent
to chmod g+w, so that only the group-write bit is added without
disturbing other permission bits.

Co-Authored-By: Claude Opus 4.6 <noreply at anthropic.com>
---
 src/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/log.c b/src/log.c
index c8e8348..131e580 100644
--- a/src/log.c
+++ b/src/log.c
@@ -113,7 +113,7 @@ int log_start(struct passwd *ent_pw, int errfd)
       struct stat ls;
       if (getgid() == 0 && fstat(log_fd, &ls) == 0 && ls.st_gid == 0 &&
    (ls.st_mode & S_IWGRP) == 0)
- (void)fchmod(log_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP);
+ (void)fchmod(log_fd, ls.st_mode | S_IWGRP);
       if (fchown(log_fd, ent_pw->pw_uid, -1) != 0)
  ret = errno;
     }
--
2.47.3