From 9b2140040471136e99e13806d0d4f88ccd8863fa Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 4 Jan 2013 16:25:31 +0100
Subject: Set supplementary groups

---
 src/fastd.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'src/fastd.c')

diff --git a/src/fastd.c b/src/fastd.c
index 22d64b9..3b72922 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -1037,11 +1037,6 @@ static void set_user(fastd_context_t *ctx) {
 		if (setgid(ctx->conf->gid) < 0)
 			exit_errno(ctx, "setgid");
 
-		if (setgroups(1, &ctx->conf->gid) < 0) {
-			if (errno != EPERM)
-				pr_debug_errno(ctx, "setgroups");
-		}
-
 		if (setuid(ctx->conf->uid) < 0)
 			exit_errno(ctx, "setuid");
 
@@ -1049,6 +1044,21 @@ static void set_user(fastd_context_t *ctx) {
 	}
 }
 
+static void set_groups(fastd_context_t *ctx) {
+	if (ctx->conf->groups) {
+		if (setgroups(ctx->conf->n_groups, ctx->conf->groups) < 0) {
+			if (errno != EPERM)
+				pr_debug_errno(ctx, "setgroups");
+		}
+	}
+	else if (ctx->conf->user || ctx->conf->group) {
+		if (setgroups(1, &ctx->conf->gid) < 0) {
+			if (errno != EPERM)
+				pr_debug_errno(ctx, "setgroups");
+		}
+	}
+}
+
 static void drop_caps(fastd_context_t *ctx) {
 	set_user(ctx);
 	fastd_cap_drop(ctx);
@@ -1089,6 +1099,9 @@ int main(int argc, char *argv[]) {
 
 	fastd_cap_init(&ctx);
 
+	/* change groups early as the can be relevant for file access (for PID file & log files) */
+	set_groups(&ctx);
+
 	crypto_init(&ctx);
 
 	init_sockets(&ctx);
-- 
cgit v1.2.3