Fixed #1806 - supplementary groups are not reset

Patch thanks to Till Maas Signed-off-by: James Turnbull <james@lovedthanlost.net>
author: James Turnbull <james@lovedthanlost.net> 2009-10-09 16:03:42 +1100
committer: James Turnbull <james@lovedthanlost.net> 2009-11-20 07:37:20 +1100
commit: e32f980fd7c6291abc2841ede397c962798d9a9c (patch)
tree: 956bb3e8700796a280a5f91847fa74d783d7567f /lib/puppet
parent: be7ff82f92a14f4f572d738eeeb2c77437069c49 (diff)
download: puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.gz
puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.xz
puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.zip
2 files changed, 14 insertions, 3 deletions
diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb
index 6f83c7ac5..21573d1da 100644
--- a/lib/puppet/util.rb
+++ b/lib/puppet/util.rb
@@ -55,10 +55,11 @@ module Util
             end
             unless Puppet::Util::SUIDManager.uid == user
                 begin
+                    Puppet::Util::SUIDManager.initgroups(user)
                     Puppet::Util::SUIDManager.uid = user
                     Puppet::Util::SUIDManager.euid = user
-                rescue
-                    $stderr.puts "could not change to user %s" % user
+                rescue => detail
+                    $stderr.puts "Could not change to user %s: %s" % [user, detail]
                     exit(74)
                 end
             end
diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
index c5df0d198..a0a9178bb 100644
--- a/lib/puppet/util/suidmanager.rb
+++ b/lib/puppet/util/suidmanager.rb
@@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager
     extend Forwardable
 
     to_delegate_to_process = [ :euid=, :euid, :egid=, :egid,
-                               :uid=, :uid, :gid=, :gid ]
+                               :uid=, :uid, :gid=, :gid, :groups=, :groups ]
 
     to_delegate_to_process.each do |method|
         def_delegator Process, method
@@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager
         # We set both because some programs like to drop privs, i.e. bash.
         old_uid, old_gid = self.uid, self.gid
         old_euid, old_egid = self.euid, self.egid
+        old_groups = self.groups
         begin
             self.egid = convert_xid :gid, new_gid if new_gid
+            self.initgroups(convert_xid(:uid, new_uid)) if new_uid
             self.euid = convert_xid :uid, new_uid if new_uid
 
             yield
         ensure
             self.euid, self.egid = old_euid, old_egid
+            self.groups = old_groups
         end
     end
     module_function :asuser
@@ -49,6 +52,13 @@ module Puppet::Util::SUIDManager
     end
     module_function :convert_xid
 
+    # Initialize supplementary groups
+    def initgroups(user)
+        require 'etc'
+        Process.initgroups(Etc.getpwuid(user).name, Process.gid)
+    end
+
+    module_function :initgroups
 
     def run_and_capture(command, new_uid=nil, new_gid=nil)
         output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid)
author	James Turnbull <james@lovedthanlost.net>	2009-10-09 16:03:42 +1100
committer	James Turnbull <james@lovedthanlost.net>	2009-11-20 07:37:20 +1100
commit	e32f980fd7c6291abc2841ede397c962798d9a9c (patch)
tree	956bb3e8700796a280a5f91847fa74d783d7567f /lib/puppet
parent	be7ff82f92a14f4f572d738eeeb2c77437069c49 (diff)
download	puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.gz puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.xz puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.zip