Call initgroups before setuid to inherit additional group rights

author Gerd von Egidy <gerd@egidy.de>

Tue, 29 Jul 2014 22:25:19 +0000 (00:25 +0200)

committer Gunnar Beutner <gunnar.beutner@netways.de>

Wed, 30 Jul 2014 08:16:17 +0000 (10:16 +0200)
author Gerd von Egidy <gerd@egidy.de>
Tue, 29 Jul 2014 22:25:19 +0000 (00:25 +0200)
committer Gunnar Beutner <gunnar.beutner@netways.de>
Wed, 30 Jul 2014 08:16:17 +0000 (10:16 +0200)
diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp

index 29f2d8913cecdb17422a8b133bb313c52f416f52..866e4606ca9b1a5191e06fc4f350be109436e746 100644 (file)
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -440,6 +440,14 @@ int Main(void)
                         }
                 }
  
+               // also activate the additional groups the configured user is member of
+               if (!g_AppParams.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
+                       std::ostringstream msgbuf;
+                       msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+                       Log(LogCritical, "icinga-app",  msgbuf.str());
+                       return EXIT_FAILURE;
+               }
+
                 if (setuid(pw->pw_uid) < 0) {
                         std::ostringstream msgbuf;
                         msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
author	Gerd von Egidy <gerd@egidy.de>
	Tue, 29 Jul 2014 22:25:19 +0000 (00:25 +0200)
committer	Gunnar Beutner <gunnar.beutner@netways.de>
	Wed, 30 Jul 2014 08:16:17 +0000 (10:16 +0200)