From 68e54d2c8bc93b45b800e23da16c1ce32651d20b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 29 Nov 2004 17:52:02 +0000
Subject: [PATCH] Call initgroups() in -U mode so group matches work normally.

---
 sudo.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sudo.c b/sudo.c
index c878324c8..625f9f146 100644
--- a/sudo.c
+++ b/sudo.c
@@ -553,7 +553,7 @@ init_vars(sudo_mode)
     /* It is now safe to use log_error() and set_perms() */
 
 #ifdef HAVE_GETGROUPS
-    if (list_pw == NULL && (user_ngroups = getgroups(0, NULL)) > 0) {
+    if ((user_ngroups = getgroups(0, NULL)) > 0) {
 	user_groups = emalloc2(user_ngroups, sizeof(gid_t));
 	if (getgroups(user_ngroups, user_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
@@ -828,6 +828,10 @@ parse_args(argc, argv)
 		    usage(1);
 		if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
 		    errorx(1, "unknown user %s", NewArgv[1]);
+#ifdef HAVE_INITGROUPS
+		/* Set group vector so group matching works correctly. */
+		(void) initgroups(list_pw->pw_name, list_pw->pw_gid);
+#endif
 		NewArgc--;
 		NewArgv++;
 		break;
-- 
2.50.1