daemon: no initgroups() when already running as the configured user

We can assume that initgroups() would be a no-op in that case, however initgroups() is not allowed for unprivileged users anyway.

daemon: no initgroups() when already running as the configured user
e30b356e · Max Kellermann · 09a08031 · e30b356e · e30b356e
Commit e30b356e authored Dec 29, 2013 by Max Kellermann
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

NEWS NEWS +2 -0

Daemon.cxx src/Daemon.cxx +5 -1

No files found.
--- a/NEWS
+++ b/NEWS
 ver 0.18.7 (not yet released)
+* daemon: don't initialize supplementary groups when already running
+  as the configured user
 ver 0.18.6 (2013/12/24)
 * input

--- a/src/Daemon.cxx
+++ b/src/Daemon.cxx
@@ -116,7 +116,11 @@ daemonize_set_user(void)
 	/* init supplementary groups
 	 * (must be done before we change our uid)
 	 */
-	if (!had_group && initgroups(user_name, user_gid) == -1) {
+	if (!had_group &&
+	    /* no need to set the new user's supplementary groups if
+	       we are already this user */
+	    user_uid != getuid() &&
+	    initgroups(user_name, user_gid) == -1) {
 		FormatFatalSystemError("Failed to set supplementary groups "
 				       "of user \"%s\"",
 				       user_name);