X-Git-Url: https://git.octo.it/?a=blobdiff_plain;ds=sidebyside;f=src%2Fexec.c;h=d9f2d8ce26c60bfc9de60b45fe47a46dd65ac560;hb=5e73df5f8ec52055e5f79be5d898e5baec4c9967;hp=e416c8f051ac2a64ee09ec4d4bf94b36fcf06be1;hpb=1a7050de376608268d11293d4e5faa3fb8516c5a;p=collectd.git diff --git a/src/exec.c b/src/exec.c index e416c8f0..d9f2d8ce 100644 --- a/src/exec.c +++ b/src/exec.c @@ -118,6 +118,7 @@ static void exec_child (program_list_t *pl) int status; int uid; int gid; + int egid; char *arg0; struct passwd *sp_ptr; @@ -140,20 +141,16 @@ static void exec_child (program_list_t *pl) } uid = sp.pw_uid; + gid = sp.pw_gid; if (uid == 0) { ERROR ("exec plugin: Cowardly refusing to exec program as root."); exit (-1); } - status = setuid (uid); - if (status != 0) - { - ERROR ("exec plugin: setuid failed: %s", - sstrerror (errno, errbuf, sizeof (errbuf))); - exit (-1); - } - + /* The group configured in the configfile is set as effective group, because + * this way the forked process can (re-)gain the user's primary group. */ + egid = -1; if (NULL != pl->group) { if ('\0' != *pl->group) { @@ -173,22 +170,41 @@ static void exec_child (program_list_t *pl) exit (-1); } - gid = gr.gr_gid; + egid = gr.gr_gid; } else { - gid = sp.pw_gid; + egid = gid; } + } /* if (pl->group == NULL) */ - status = setgid (gid); - if (0 != status) + status = setgid (gid); + if (status != 0) + { + ERROR ("exec plugin: setgid (%i) failed: %s", + gid, sstrerror (errno, errbuf, sizeof (errbuf))); + exit (-1); + } + + if (egid != -1) + { + status = setegid (egid); + if (status != 0) { - ERROR ("exec plugin: setgid failed: %s", - sstrerror (errno, errbuf, sizeof (errbuf))); + ERROR ("exec plugin: setegid (%i) failed: %s", + egid, sstrerror (errno, errbuf, sizeof (errbuf))); exit (-1); } } + status = setuid (uid); + if (status != 0) + { + ERROR ("exec plugin: setuid (%i) failed: %s", + uid, sstrerror (errno, errbuf, sizeof (errbuf))); + exit (-1); + } + arg0 = strrchr (pl->exec, '/'); if (arg0 != NULL) arg0++;