diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-08-12 12:18:51 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-08-12 12:54:53 -0700 |
| commit | bb224dd1549817190b6471e677e43fa02bb766a3 (patch) | |
| tree | 58c203e733e8a0cdb068795e069921683a4ef308 /lib/puppet/rails | |
| parent | 7de5ee899621e3a799ca87988ac1d2498b19d09a (diff) | |
| download | puppet-bb224dd1549817190b6471e677e43fa02bb766a3.tar.gz puppet-bb224dd1549817190b6471e677e43fa02bb766a3.tar.xz puppet-bb224dd1549817190b6471e677e43fa02bb766a3.zip | |
(#8770) Don't fail to set supplementary groups when changing user to root
Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.
This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.
Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.
This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.
Diffstat (limited to 'lib/puppet/rails')
0 files changed, 0 insertions, 0 deletions