From: Gerd von Egidy <gerd@egidy.de>
Date: Tue, 29 Jul 2014 22:25:19 +0000 (+0200)
Subject: Call initgroups before setuid to inherit additional group rights
X-Git-Tag: v2.0.2~42
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dfd3091c6a35317c0e0682ebaaab89b1c65e80d1;p=icinga2

Call initgroups before setuid to inherit additional group rights

fixes #6809

Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
---

diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp
index 29f2d8913..866e4606c 100644
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -440,6 +440,14 @@ int Main(void)
 			}
 		}
 
+		// also activate the additional groups the configured user is member of
+		if (!g_AppParams.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
+			std::ostringstream msgbuf;
+			msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+			Log(LogCritical, "icinga-app",  msgbuf.str());
+			return EXIT_FAILURE;
+		}
+
 		if (setuid(pw->pw_uid) < 0) {
 			std::ostringstream msgbuf;
 			msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";