Call initgroups() in -U mode so group matches work normally.

diff --git a/sudo.c b/sudo.c
index c878324c84c356733af073c2055f7b73b4e270cb..625f9f1462f2205589f3ac5b0c5d3b2bc60078cc 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -553,7 +553,7 @@ init_vars(sudo_mode)
     /* It is now safe to use log_error() and set_perms() */
 
 #ifdef HAVE_GETGROUPS
-    if (list_pw == NULL && (user_ngroups = getgroups(0, NULL)) > 0) {
+    if ((user_ngroups = getgroups(0, NULL)) > 0) {
        user_groups = emalloc2(user_ngroups, sizeof(gid_t));
        if (getgroups(user_ngroups, user_groups) < 0)
            log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
@@ -828,6 +828,10 @@ parse_args(argc, argv)
                    usage(1);
                if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
                    errorx(1, "unknown user %s", NewArgv[1]);
+#ifdef HAVE_INITGROUPS
+               /* Set group vector so group matching works correctly. */
+               (void) initgroups(list_pw->pw_name, list_pw->pw_gid);
+#endif
                NewArgc--;
                NewArgv++;
                break;