1999-03-05 Nathan Bryant <bryant@cs.usm.maine.edu>
* sysdep.c: add undocumented -r flag to citserver to prevent it from
dropping root permissions.
+ * sysdep.c: also drop supplementary groups
1999-03-04 Nathan Bryant <bryant@cs.usm.maine.edu>
* config.c: error checking in put_config()
#include <errno.h>
#include <stdarg.h>
#include <syslog.h>
+#include <grp.h>
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
/*
* Now that we've bound the socket, change to the BBS user id and its
- * corresponding group id
+ * corresponding group ids
*/
if (drop_root_perms) {
if ((pw = getpwuid(BBSUID)) == NULL)
- lprintf(1, "getpwuid(%d): %s\n", BBSUID,
- strerror(errno));
- else if (setgid(pw->pw_gid))
- lprintf(3, "setgid(%d): %s\n", pw->pw_gid,
+ lprintf(1, "WARNING: getpwuid(%d): %s\n"
+ "Group IDs will be incorrect.\n", BBSUID,
strerror(errno));
+ else {
+ if (initgroups(pw->pw_name, pw->pw_gid))
+ lprintf(3, "initgroups(): %s\n",
+ strerror(errno));
+ if (setgid(pw->pw_gid))
+ lprintf(3, "setgid(%d): %s\n", pw->pw_gid,
+ strerror(errno));
+ }
lprintf(7, "Changing uid to %d\n", BBSUID);
if (setuid(BBSUID) != 0) {
lprintf(3, "setuid() failed: %s\n", strerror(errno));