From b2660b7012693bd2a171b9f237950c225cf4d123 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 18 Jan 2022 17:47:17 +0100
Subject: [PATCH] keyfile: for keyfile owner check allow root and euid

This partly restores the previous behavior. The point of the
file owner check is to ensure that the file cannot be read
by unpriviledged processes as it may contain secrets. If the
file is owned by root, that is considered secure (even if our
euid is different).

Possibly, if our euid is not root, then we couldn't read the
file, but that is a different problem.
---
 src/core/settings/plugins/keyfile/nms-keyfile-utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
index b31370b15a..7c0e329e2d 100644
--- a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
+++ b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
@@ -337,7 +337,7 @@ nms_keyfile_utils_check_file_permissions_stat(NMSKeyfileFiletype filetype,
         g_return_val_if_reached(FALSE);
 
     if (!NM_FLAGS_HAS(nm_utils_get_testing(), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
-        if (st->st_uid != nm_utils_get_nm_uid()) {
+        if (!NM_IN_SET(st->st_uid, 0, nm_utils_get_nm_uid())) {
             g_set_error(error,
                         NM_SETTINGS_ERROR,
                         NM_SETTINGS_ERROR_INVALID_CONNECTION,