Browse code

- when starting ser in suid mode (e..g -u user), set also the supplementary groups of the respective user. Patch from Marcus Better <marcus@better.se>.

Andrei Pelinescu-Onciul authored on 29/07/2008 12:06:50
Showing 1 changed files
... ...
@@ -57,6 +57,8 @@
57 57
 #include <sys/time.h>    
58 58
 #include <sys/resource.h> /* setrlimit */
59 59
 #include <unistd.h>
60
+#include <pwd.h>
61
+#include <grp.h>
60 62
 
61 63
 #ifdef HAVE_SCHED_SETSCHEDULER
62 64
 #include <sched.h>
... ...
@@ -223,6 +225,8 @@ error:
223 223
 
224 224
 int do_suid()
225 225
 {
226
+	struct passwd *pw;
227
+	
226 228
 	if (gid){
227 229
 		if(setgid(gid)<0){
228 230
 			LOG(L_CRIT, "cannot change gid to %d: %s\n", gid, strerror(errno));
... ...
@@ -231,6 +235,15 @@ int do_suid()
231 231
 	}
232 232
 	
233 233
 	if(uid){
234
+		if (!(pw = getpwuid(uid))){
235
+			LOG(L_CRIT, "user lookup failed: %s\n", strerror(errno));
236
+			goto error;
237
+		}
238
+		if(initgroups(pw->pw_name, pw->pw_gid)<0){
239
+			LOG(L_CRIT, "cannot set supplementary groups: %s\n", 
240
+							strerror(errno));
241
+			goto error;
242
+		}
234 243
 		if(setuid(uid)<0){
235 244
 			LOG(L_CRIT, "cannot change uid to %d: %s\n", uid, strerror(errno));
236 245
 			goto error;