From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 29 Nov 2004 17:52:02 +0000 (+0000)
Subject: Call initgroups() in -U mode so group matches work normally.
X-Git-Tag: SUDO_1_7_0~777
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=68e54d2c8bc93b45b800e23da16c1ce32651d20b;p=sudo

Call initgroups() in -U mode so group matches work normally.
---

diff --git a/sudo.c b/sudo.c
index c878324c8..625f9f146 100644
--- a/sudo.c
+++ b/sudo.c
@@ -553,7 +553,7 @@ init_vars(sudo_mode)
     /* It is now safe to use log_error() and set_perms() */
 
 #ifdef HAVE_GETGROUPS
-    if (list_pw == NULL && (user_ngroups = getgroups(0, NULL)) > 0) {
+    if ((user_ngroups = getgroups(0, NULL)) > 0) {
 	user_groups = emalloc2(user_ngroups, sizeof(gid_t));
 	if (getgroups(user_ngroups, user_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
@@ -828,6 +828,10 @@ parse_args(argc, argv)
 		    usage(1);
 		if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
 		    errorx(1, "unknown user %s", NewArgv[1]);
+#ifdef HAVE_INITGROUPS
+		/* Set group vector so group matching works correctly. */
+		(void) initgroups(list_pw->pw_name, list_pw->pw_gid);
+#endif
 		NewArgc--;
 		NewArgv++;
 		break;