1 files changed, 18 insertions, 5 deletions

diff --git a/src/fastd.c b/src/fastd.c
index 22d64b9..3b72922 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -1037,11 +1037,6 @@ static void set_user(fastd_context_t *ctx) {
 		if (setgid(ctx->conf->gid) < 0)
 			exit_errno(ctx, "setgid");
 
-		if (setgroups(1, &ctx->conf->gid) < 0) {
-			if (errno != EPERM)
-				pr_debug_errno(ctx, "setgroups");
-		}
-
 		if (setuid(ctx->conf->uid) < 0)
 			exit_errno(ctx, "setuid");
 
@@ -1049,6 +1044,21 @@ static void set_user(fastd_context_t *ctx) {
 	}
 }
 
+static void set_groups(fastd_context_t *ctx) {
+	if (ctx->conf->groups) {
+		if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) {
+			if (errno != EPERM)
+				pr_debug_errno(ctx, "setgroups");
+		}
+	}
+	else if (ctx->conf->user || ctx->conf->group) {
+		if (setgroups(1, &ctx->conf->gid) < 0) {
+			if (errno != EPERM)
+				pr_debug_errno(ctx, "setgroups");
+		}
+	}
+}
+
 static void drop_caps(fastd_context_t *ctx) {
 	set_user(ctx);
 	fastd_cap_drop(ctx);
@@ -1089,6 +1099,9 @@ int main(int argc, char *argv[]) {
 
 	fastd_cap_init(&ctx);
 
+	/* change groups early as the can be relevant for file access (for PID file & log files) */
+	set_groups(&ctx);
+
 	crypto_init(&ctx);
 
 	init_sockets(&ctx);