| -rw-r--r-- | src/process.cc | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc index fda35e8..bfab311 100644 --- a/src/process.cc +++ b/src/process.cc @@ -60,3 +60,4 @@ void process::check(const string& id,configuration& config) { void process::launch(const string& id,configuration& config) { - uid_t uid = 0; + uid_t uid = (uid_t)-1; + gid_t gid = (gid_t)-1; if(!user.empty()) { @@ -65,2 +66,3 @@ void process::launch(const string& id,configuration& config) { uid = ptmp->pw_uid; + gid = ptmp->pw_gid; }else{ @@ -72,3 +74,2 @@ void process::launch(const string& id,configuration& config) { } - gid_t gid = 0; if(!group.empty()) { @@ -91,2 +92,9 @@ void process::launch(const string& id,configuration& config) { setsid(); + if(user.empty()) { + if((getgid()!=gid) && setgid(gid)) + throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()"); + }else{ + if(initgroups(user.c_str(),gid)) + throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()"); + } if(!chroot.empty()) { @@ -95,7 +103,2 @@ void process::launch(const string& id,configuration& config) { } - if(!group.empty()) { - // TODO: initgroups()? - if((getgid()!=gid) && setgid(gid)) - throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()"); - } if(!user.empty()) { |