From dfd3091c6a35317c0e0682ebaaab89b1c65e80d1 Mon Sep 17 00:00:00 2001
From: Gerd von Egidy <gerd@egidy.de>
Date: Wed, 30 Jul 2014 00:25:19 +0200
Subject: [PATCH] Call initgroups before setuid to inherit additional group
 rights

fixes #6809

Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
---
 icinga-app/icinga.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp
index 29f2d8913..866e4606c 100644
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -440,6 +440,14 @@ int Main(void)
 			}
 		}
 
+		// also activate the additional groups the configured user is member of
+		if (!g_AppParams.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
+			std::ostringstream msgbuf;
+			msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+			Log(LogCritical, "icinga-app",  msgbuf.str());
+			return EXIT_FAILURE;
+		}
+
 		if (setuid(pw->pw_uid) < 0) {
 			std::ostringstream msgbuf;
 			msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";