diff options
| author | Jacob Helwig <jacob@puppetlabs.com> | 2011-08-12 13:24:17 -0700 |
|---|---|---|
| committer | Jacob Helwig <jacob@puppetlabs.com> | 2011-08-12 13:24:17 -0700 |
| commit | b6895de42276262a58029a7763844eacd9cd0745 (patch) | |
| tree | 58c203e733e8a0cdb068795e069921683a4ef308 | |
| parent | 7de5ee899621e3a799ca87988ac1d2498b19d09a (diff) | |
| parent | bb224dd1549817190b6471e677e43fa02bb766a3 (diff) | |
| download | puppet-b6895de42276262a58029a7763844eacd9cd0745.tar.gz puppet-b6895de42276262a58029a7763844eacd9cd0745.tar.xz puppet-b6895de42276262a58029a7763844eacd9cd0745.zip | |
Merge remote-tracking branch 'nicklewis/ticket/2.6.x/8770' into 2.6.x
* nicklewis/ticket/2.6.x/8770:
(#8770) Don't fail to set supplementary groups when changing user to root
| -rw-r--r-- | lib/puppet/util/suidmanager.rb | 12 | ||||
| -rwxr-xr-x | spec/unit/util/suidmanager_spec.rb | 22 |
2 files changed, 32 insertions, 2 deletions
diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb index 2e12b220f..697bce111 100644 --- a/lib/puppet/util/suidmanager.rb +++ b/lib/puppet/util/suidmanager.rb @@ -82,13 +82,21 @@ module Puppet::Util::SUIDManager begin Process::UID.change_privilege(uid) rescue NotImplementedError + # If changing uid, we must be root. So initgroups first here. initgroups(uid) Process.euid = uid Process.uid = uid end else - initgroups(uid) - Process.euid = uid + # If we're already root, initgroups before changing euid. If we're not, + # change euid (to root) first. + if Process.euid == 0 + initgroups(uid) + Process.euid = uid + else + Process.euid = uid + initgroups(uid) + end end end module_function :change_user diff --git a/spec/unit/util/suidmanager_spec.rb b/spec/unit/util/suidmanager_spec.rb index f58f6c708..fc70e1718 100755 --- a/spec/unit/util/suidmanager_spec.rb +++ b/spec/unit/util/suidmanager_spec.rb @@ -134,6 +134,28 @@ describe Puppet::Util::SUIDManager do xids[:euid].should == 42 xids[:uid].should == 0 end + + it "should set euid before groups if changing to root" do + Process.stubs(:euid).returns 50 + + when_not_root = sequence 'when_not_root' + + Process.expects(:euid=).in_sequence(when_not_root) + Puppet::Util::SUIDManager.expects(:initgroups).in_sequence(when_not_root) + + Puppet::Util::SUIDManager.change_user(0, false) + end + + it "should set groups before euid if changing from root" do + Process.stubs(:euid).returns 0 + + when_root = sequence 'when_root' + + Puppet::Util::SUIDManager.expects(:initgroups).in_sequence(when_root) + Process.expects(:euid=).in_sequence(when_root) + + Puppet::Util::SUIDManager.change_user(50, false) + end end end |