diff --git a/ReadMe.md b/ReadMe.md
index 2d0fece..7e71d8a 100644
--- a/ReadMe.md
+++ b/ReadMe.md
@@ -579,10 +579,12 @@ entware|ipkg update
ipkg install smartdns|软件源路径:https://bin.entwa
| log-file | 日志文件路径 | /var/log/smartdns/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns/smartdns.log |
| log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K |
| log-num | 日志归档个数 | openwrt为2, 其他系统为8 | 大于等于 0 的数字,0表示禁用日志 | log-num 2 |
+| log-file-mode | 日志归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
| audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes |
| audit-file | 审计文件路径 | /var/log/smartdns/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns/smartdns-audit.log |
| audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K |
| audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 |
+| audit-file-mode | 审计归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
| conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
| server | 上游 UDP DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-blacklist-ip]:配置 IP 过滤结果。
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark| server 8.8.8.8:53 -blacklist-ip -group g1 |
| server-tcp | 上游 TCP DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark | server-tcp 8.8.8.8:53 |
diff --git a/ReadMe_en.md b/ReadMe_en.md
index 99854b2..51b74f7 100644
--- a/ReadMe_en.md
+++ b/ReadMe_en.md
@@ -541,10 +541,12 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
|log-file|log path|/var/log/smartdns/smartdns.log|File Pah|log-file /var/log/smartdns/smartdns.log
|log-size|log size|128K|number+K,M,G|log-size 128K
|log-num|archived log number|2 for openwrt, 8 for other system|Integer, 0 means turn off the log|log-num 2
+|log-file-mode|archived log file mode|0640|Integer|log-file-mode 644
|audit-enable|audit log enable|no|[yes\|no]|audit-enable yes
|audit-file|audit log file|/var/log/smartdns/smartdns-audit.log|File Path|audit-file /var/log/smartdns/smartdns-audit.log
|audit-size|audit log size|128K|number+K,M,G|audit-size 128K
|audit-num|archived audit log number|2|Integer, 0 means turn off the log|audit-num 2
+|audit-file-mode|archived audit log file mode|0640|Integer|audit-file-mode 644
|conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
|server|Upstream UDP DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group.
`[-set-mark]`:set mark on packets | server 8.8.8.8:53 -blacklist-ip
|server-tcp|Upstream TCP DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark]`:set mark on packets | server-tcp 8.8.8.8:53
diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf
index b7653a0..d9836bc 100644
--- a/etc/smartdns/smartdns.conf
+++ b/etc/smartdns/smartdns.conf
@@ -139,6 +139,7 @@ log-level info
# log-file /var/log/smartdns/smartdns.log
# log-size 128k
# log-num 2
+# log-file-mode [mode]: file mode of log file.
# dns audit
# audit-enable [yes|no]: enable or disable audit.
@@ -146,6 +147,7 @@ log-level info
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
+# audit-file-mode [mode]: file mode of audit file.
# audit-size 128k
# audit-num 2
diff --git a/src/dns_conf.c b/src/dns_conf.c
index ef57f86..5bb9b68 100644
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -105,6 +105,7 @@ int dns_conf_log_level = TLOG_ERROR;
char dns_conf_log_file[DNS_MAX_PATH];
size_t dns_conf_log_size = 1024 * 1024;
int dns_conf_log_num = 8;
+int dns_conf_log_file_mode;
/* CA file */
char dns_conf_ca_file[DNS_MAX_PATH];
@@ -119,6 +120,7 @@ int dns_conf_audit_log_SOA;
char dns_conf_audit_file[DNS_MAX_PATH];
size_t dns_conf_audit_size = 1024 * 1024;
int dns_conf_audit_num = 2;
+int dns_conf_audit_file_mode;
/* address rules */
art_tree dns_conf_domain_rule;
@@ -2420,9 +2422,11 @@ static struct config_item _config_item[] = {
CONF_STRING("log-file", (char *)dns_conf_log_file, DNS_MAX_PATH),
CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024),
CONF_INT("log-num", &dns_conf_log_num, 0, 1024),
+ CONF_INT_BASE("log-file-mode", &dns_conf_log_file_mode, 0, 511, 8),
CONF_YESNO("audit-enable", &dns_conf_audit_enable),
CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA),
CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH),
+ CONF_INT_BASE("audit-file-mode", &dns_conf_audit_file_mode, 0, 511, 8),
CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024),
CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024),
CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX),
diff --git a/src/dns_conf.h b/src/dns_conf.h
index d0aa26a..fe85224 100644
--- a/src/dns_conf.h
+++ b/src/dns_conf.h
@@ -350,6 +350,7 @@ extern int dns_conf_log_level;
extern char dns_conf_log_file[DNS_MAX_PATH];
extern size_t dns_conf_log_size;
extern int dns_conf_log_num;
+extern int dns_conf_log_file_mode;;
extern char dns_conf_ca_file[DNS_MAX_PATH];
extern char dns_conf_ca_path[DNS_MAX_PATH];
@@ -367,6 +368,7 @@ extern int dns_conf_audit_log_SOA;
extern char dns_conf_audit_file[DNS_MAX_PATH];
extern size_t dns_conf_audit_size;
extern int dns_conf_audit_num;
+extern int dns_conf_audit_file_mode;
extern char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
extern art_tree dns_conf_domain_rule;
diff --git a/src/dns_server.c b/src/dns_server.c
index e1dab10..3d5972e 100644
--- a/src/dns_server.c
+++ b/src/dns_server.c
@@ -5532,6 +5532,10 @@ static int _dns_server_audit_init(void)
return -1;
}
+ if (dns_conf_audit_file_mode > 0) {
+ tlog_set_permission(dns_audit, dns_conf_audit_file_mode, dns_conf_audit_file_mode);
+ }
+
return 0;
}
diff --git a/src/include/conf.h b/src/include/conf.h
index 9bc8e54..59a7d8d 100644
--- a/src/include/conf.h
+++ b/src/include/conf.h
@@ -49,6 +49,13 @@ struct config_item_int {
int max;
};
+struct config_item_int_base {
+ int *data;
+ int min;
+ int max;
+ int base;
+};
+
struct config_item_string {
char *data;
size_t size;
@@ -81,6 +88,13 @@ struct config_enum {
.data = value, .min = min_value, .max = max_value \
} \
}
+#define CONF_INT_BASE(key, value, min_value, max_value, base_value) \
+ { \
+ key, conf_int_base, &(struct config_item_int_base) \
+ { \
+ .data = value, .min = min_value, .max = max_value, .base = base_value \
+ } \
+ }
#define CONF_STRING(key, value, len_value) \
{ \
key, conf_string, &(struct config_item_string) \
@@ -131,6 +145,8 @@ extern int conf_custom(const char *item, void *data, int argc, char *argv[]);
extern int conf_int(const char *item, void *data, int argc, char *argv[]);
+extern int conf_int_base(const char *item, void *data, int argc, char *argv[]);
+
extern int conf_string(const char *item, void *data, int argc, char *argv[]);
extern int conf_yesno(const char *item, void *data, int argc, char *argv[]);
diff --git a/src/lib/conf.c b/src/lib/conf.c
index 7e62d94..a8765b4 100644
--- a/src/lib/conf.c
+++ b/src/lib/conf.c
@@ -87,6 +87,27 @@ int conf_int(const char *item, void *data, int argc, char *argv[])
return 0;
}
+int conf_int_base(const char *item, void *data, int argc, char *argv[])
+{
+ struct config_item_int_base *item_int = data;
+ int value = 0;
+ if (argc < 2) {
+ return -1;
+ }
+
+ value = strtol(argv[1], NULL, item_int->base);
+
+ if (value < item_int->min) {
+ value = item_int->min;
+ } else if (value > item_int->max) {
+ value = item_int->max;
+ }
+
+ *(item_int->data) = value;
+
+ return 0;
+}
+
int conf_string(const char *item, void *data, int argc, char *argv[])
{
struct config_item_string *item_string = data;
diff --git a/src/smartdns.c b/src/smartdns.c
index 83ea284..52074b8 100644
--- a/src/smartdns.c
+++ b/src/smartdns.c
@@ -361,6 +361,9 @@ static int _smartdns_init(void)
tlog_setlogscreen(verbose_screen);
tlog_setlevel(dns_conf_log_level);
+ if (dns_conf_log_file_mode > 0) {
+ tlog_set_permission(tlog_get_root(), dns_conf_log_file_mode, dns_conf_log_file_mode);
+ }
tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng , build: %s %s)", __DATE__,
__TIME__);
diff --git a/src/tlog.c b/src/tlog.c
index 2512209..54eb751 100644
--- a/src/tlog.c
+++ b/src/tlog.c
@@ -90,6 +90,7 @@ struct tlog_log {
time_t last_waitpid;
mode_t file_perm;
mode_t archive_perm;
+ int mode_changed;
int waiters;
int is_exit;
@@ -332,6 +333,7 @@ void tlog_set_permission(struct tlog_log *log, unsigned int file, unsigned int a
{
log->file_perm = file;
log->archive_perm = archive;
+ log->mode_changed = 1;
}
int tlog_localtime(struct tlog_time *tm)
@@ -1205,6 +1207,10 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
return -1;
}
+ if (log->mode_changed != 0) {
+ fchmod(log->fd, log->file_perm);
+ }
+
log->last_try = 0;
log->print_errmsg = 1;
/* get log file size */