diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-01-04 16:25:31 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-01-04 16:25:31 +0100 |
commit | 9b2140040471136e99e13806d0d4f88ccd8863fa (patch) | |
tree | 8b3081a4e3f6233e9d2627a1bbf7b22a9e59c0a5 /src/fastd.c | |
parent | 6aa3b1b12ae4b753d384472f3935d5e66584a518 (diff) | |
download | fastd-9b2140040471136e99e13806d0d4f88ccd8863fa.tar fastd-9b2140040471136e99e13806d0d4f88ccd8863fa.zip |
Set supplementary groups
Diffstat (limited to 'src/fastd.c')
-rw-r--r-- | src/fastd.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/fastd.c b/src/fastd.c index 22d64b9..3b72922 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -1037,11 +1037,6 @@ static void set_user(fastd_context_t *ctx) { if (setgid(ctx->conf->gid) < 0) exit_errno(ctx, "setgid"); - if (setgroups(1, &ctx->conf->gid) < 0) { - if (errno != EPERM) - pr_debug_errno(ctx, "setgroups"); - } - if (setuid(ctx->conf->uid) < 0) exit_errno(ctx, "setuid"); @@ -1049,6 +1044,21 @@ static void set_user(fastd_context_t *ctx) { } } +static void set_groups(fastd_context_t *ctx) { + if (ctx->conf->groups) { + if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) { + if (errno != EPERM) + pr_debug_errno(ctx, "setgroups"); + } + } + else if (ctx->conf->user || ctx->conf->group) { + if (setgroups(1, &ctx->conf->gid) < 0) { + if (errno != EPERM) + pr_debug_errno(ctx, "setgroups"); + } + } +} + static void drop_caps(fastd_context_t *ctx) { set_user(ctx); fastd_cap_drop(ctx); @@ -1089,6 +1099,9 @@ int main(int argc, char *argv[]) { fastd_cap_init(&ctx); + /* change groups early as the can be relevant for file access (for PID file & log files) */ + set_groups(&ctx); + crypto_init(&ctx); init_sockets(&ctx); |