On Jul 28, 2008 at 23:22, Marcus Better <[EMAIL PROTECTED]> wrote:
> This patch adds a call to initgroups() to also set the supplementary groups
> of the ser user. I want to apply this for Debian, where we want to have
> rtpproxy running setuid/setgid to rtpproxy, and add ser to the "rtpproxy"
> group so it can access the rtpproxy control socket.
Thanks a lot, patch applied to unstable.
I made only 2 minor changes:
- struct passed *pw moved up to be consistent with the coding style
- changed initgroups(user, pw->pw_gid) to
initgroups(pw->pw_name, pw->pw_gid) (user can contain a numeric uid,
e.g. ser -u 101 )
Andrei
>
> --- a/daemonize.c
> +++ b/daemonize.c
> @@ -55,6 +55,8 @@
> #include <sys/time.h>
> #include <sys/resource.h> /* setrlimit */
> #include <unistd.h>
> +#include <pwd.h>
> +#include <grp.h>
>
> #include "daemonize.h"
> #include "globals.h"
> @@ -219,6 +221,16 @@ int do_suid()
> }
>
> if(uid){
> + struct passwd *pw;
> +
> + if (!(pw = getpwuid(uid))){
> + LOG(L_CRIT, "user lookup failed: %s\n",
> strerror(errno));
> + goto error;
> + }
> + if(initgroups(user, pw->pw_gid)<0){
> + LOG(L_CRIT, "cannot set supplementary groups: %s\n",
> strerror(errno));
> + goto error;
> + }
> if(setuid(uid)<0){
> LOG(L_CRIT, "cannot change uid to %d: %s\n", uid,
> strerror(errno));
> goto error;
>
> _______________________________________________
> Serdev mailing list
> [email protected]
> http://lists.iptel.org/mailman/listinfo/serdev
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
