Move initgroups() for -U option into display_privs() so group matching

in sudoers works correctly.

diff --git a/parse.c b/parse.c
index f10da56ef59e3a92069979b194f58ea4ba1c6c8e..d1ecf3b1480a888a80b547ab1fef15817e51ca77 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -213,6 +213,19 @@ display_privs(pw)
     struct userspec *us;
     struct cmndtag tags;
 
+#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
+    /* Set group vector so group matching works correctly. */
+    if (pw != sudo_user.pw) {
+       (void) initgroups(pw->pw_name, pw->pw_gid);
+       if ((user_ngroups = getgroups(0, NULL)) > 0) {
+          user_groups = erealloc3(user_groups, user_ngroups, sizeof(gid_t));
+          if (getgroups(user_ngroups, user_groups) < 0)
+              log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
+       } else
+          user_ngroups = 0;
+    }
+#endif
+
     display_defaults(pw);
 
     print_priv4("\n", "User ", pw->pw_name,

diff --git a/sudo.c b/sudo.c
index b4e9e19492d7976b7b838596a93c1bd1a53034d5..1216c1e248b1b8e0218a33d4c8890d703b590a94 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -872,10 +872,6 @@ parse_args(argc, argv)
                    usage(1);
                if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
                    errorx(1, "unknown user %s", NewArgv[1]);
-#ifdef HAVE_INITGROUPS
-               /* Set group vector so group matching works correctly. */
-               (void) initgroups(list_pw->pw_name, list_pw->pw_gid);
-#endif
                NewArgc--;
                NewArgv++;
                break;