tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Call initgroups before setuid to inherit additional group rights 

fixes #6809

Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
This commit is contained in:
Gerd von Egidy 2014-07-30 00:25:19 +02:00 committed by Gunnar Beutner
parent 7c59ef284e
commit dfd3091c6a
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
icinga-app/icinga.cpp
View File

@ -440,6 +440,14 @@ int Main(void)
} }
} }
// also activate the additional groups the configured user is member of
if (!g_AppParams.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
std::ostringstream msgbuf;
msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
Log(LogCritical, "icinga-app", msgbuf.str());
return EXIT_FAILURE;
}
if (setuid(pw->pw_uid) < 0) { if (setuid(pw->pw_uid) < 0) {
std::ostringstream msgbuf; std::ostringstream msgbuf;
msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\""; msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";