This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 4e087572fa1ab4901a79fa453c9f6707ba8d196d Author: ValentÃn Gutiérrez <[email protected]> AuthorDate: Thu Nov 21 03:54:03 2024 +0100 Invoke initgroups() iff we got enough privileges (#11869) (#11872) Follow up of #11855, that rendered unusable ATS as root when spawned via traffic_manager. (cherry picked from commit d4dda9b5583d19e2eee268fec59aa487d61fc079) --- src/tscore/ink_cap.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc index 0f0d6f869e..f464daad3b 100644 --- a/src/tscore/ink_cap.cc +++ b/src/tscore/ink_cap.cc @@ -156,8 +156,10 @@ impersonate(const struct passwd *pwd, ImpersonationLevel level) #endif // Always repopulate the supplementary group list for the new user. - if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) { - Fatal("switching to user %s, failed to initialize supplementary groups ID %ld", pwd->pw_name, (long)pwd->pw_gid); + if (geteuid() == 0) { // check that we have enough rights to call initgroups() + if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) { + Fatal("switching to user %s, failed to initialize supplementary groups ID %ld", pwd->pw_name, (long)pwd->pw_gid); + } } switch (level) {
