summaryrefslogtreecommitdiffstats
path: root/src/fastd.c
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-01-04 16:25:31 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-01-04 16:25:31 +0100
commit9b2140040471136e99e13806d0d4f88ccd8863fa (patch)
tree8b3081a4e3f6233e9d2627a1bbf7b22a9e59c0a5 /src/fastd.c
parent6aa3b1b12ae4b753d384472f3935d5e66584a518 (diff)
downloadfastd-9b2140040471136e99e13806d0d4f88ccd8863fa.tar
fastd-9b2140040471136e99e13806d0d4f88ccd8863fa.zip
Set supplementary groups
Diffstat (limited to 'src/fastd.c')
-rw-r--r--src/fastd.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/src/fastd.c b/src/fastd.c
index 22d64b9..3b72922 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -1037,11 +1037,6 @@ static void set_user(fastd_context_t *ctx) {
if (setgid(ctx->conf->gid) < 0)
exit_errno(ctx, "setgid");
- if (setgroups(1, &ctx->conf->gid) < 0) {
- if (errno != EPERM)
- pr_debug_errno(ctx, "setgroups");
- }
-
if (setuid(ctx->conf->uid) < 0)
exit_errno(ctx, "setuid");
@@ -1049,6 +1044,21 @@ static void set_user(fastd_context_t *ctx) {
}
}
+static void set_groups(fastd_context_t *ctx) {
+ if (ctx->conf->groups) {
+ if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) {
+ if (errno != EPERM)
+ pr_debug_errno(ctx, "setgroups");
+ }
+ }
+ else if (ctx->conf->user || ctx->conf->group) {
+ if (setgroups(1, &ctx->conf->gid) < 0) {
+ if (errno != EPERM)
+ pr_debug_errno(ctx, "setgroups");
+ }
+ }
+}
+
static void drop_caps(fastd_context_t *ctx) {
set_user(ctx);
fastd_cap_drop(ctx);
@@ -1089,6 +1099,9 @@ int main(int argc, char *argv[]) {
fastd_cap_init(&ctx);
+ /* change groups early as the can be relevant for file access (for PID file & log files) */
+ set_groups(&ctx);
+
crypto_init(&ctx);
init_sockets(&ctx);