summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--src/process.cc17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc
index fda35e8..bfab311 100644
--- a/src/process.cc
+++ b/src/process.cc
@@ -59,9 +59,11 @@ void process::check(const string& id,configuration& config) {
59 59
60void process::launch(const string& id,configuration& config) { 60void process::launch(const string& id,configuration& config) {
61 uid_t uid = 0; 61 uid_t uid = (uid_t)-1;
62 gid_t gid = (gid_t)-1;
62 if(!user.empty()) { 63 if(!user.empty()) {
63 struct passwd *ptmp = getpwnam(user.c_str()); 64 struct passwd *ptmp = getpwnam(user.c_str());
64 if(ptmp) { 65 if(ptmp) {
65 uid = ptmp->pw_uid; 66 uid = ptmp->pw_uid;
67 gid = ptmp->pw_gid;
66 }else{ 68 }else{
67 errno=0; 69 errno=0;
@@ -71,5 +73,4 @@ void process::launch(const string& id,configuration& config) {
71 } 73 }
72 } 74 }
73 gid_t gid = 0;
74 if(!group.empty()) { 75 if(!group.empty()) {
75 struct group *gtmp = getgrnam(group.c_str()); 76 struct group *gtmp = getgrnam(group.c_str());
@@ -90,13 +91,15 @@ void process::launch(const string& id,configuration& config) {
90 try { 91 try {
91 setsid(); 92 setsid();
93 if(user.empty()) {
94 if((getgid()!=gid) && setgid(gid))
95 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
96 }else{
97 if(initgroups(user.c_str(),gid))
98 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()");
99 }
92 if(!chroot.empty()) { 100 if(!chroot.empty()) {
93 if(::chroot(chroot.c_str())) 101 if(::chroot(chroot.c_str()))
94 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()"); 102 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()");
95 } 103 }
96 if(!group.empty()) {
97 // TODO: initgroups()?
98 if((getgid()!=gid) && setgid(gid))
99 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
100 }
101 if(!user.empty()) { 104 if(!user.empty()) {
102 if((getuid()!=uid) && setuid(uid)) 105 if((getuid()!=uid) && setuid(uid))