def check_db(doc)
doc.root.each_element('/Configuration/Enforcer/Datastore/SQLite') {|sqlite|
file = ((sqlite.text+"").untaint)
if !File.exist?(file)
log(LOG_ERR, "Can't find DB file : #{file}")
return
end
stat = File::Stat.new(file)
user_name=nil
group_name=nil
begin
user_name = doc.elements['Configuration/Enforcer/Privileges/User'].text
rescue Exception
end
begin
group_name = doc.elements['Configuration/Enforcer/Privileges/Group'].text
rescue Exception
end
if (user_name || group_name)
pid = fork {
begin
if (group_name)
group = Etc.getgrnam((group_name+"").untaint).gid
Process::Sys.setgid(group)
end
if (user_name)
user = Etc.getpwnam((user_name+"").untaint).uid
Process::Sys.setuid(user)
end
rescue Exception => e
log(LOG_ERR, "Can't change to #{user_name}, #{group_name} to check DB write permissions")
end
if (stat.writable?)
exit(0)
else
exit(-1)
end
}
Process.wait(pid)
ret_status = $? >> 8
if (ret_status != 0)
log(LOG_ERR, "#{user_name} user can not write to DB file #{file}\n")
end
else
if !(stat.writable?)
log(LOG_ERR, "Current user can not write to DB file #{file}\n")
end
end
}
doc.root.each_element('//Enforcer/Datastore/MySQL') {|mysql|
}
end