Fixing the asuser method in Puppet::Util::SUIDManager

so that it correctly just yields if you're not root.  It
also no longer tries to set :uid or :gid; just :euid and :egid,
and it once again sets :egid before it sets :euid, which is
important because you usually can't change your group after
you've changed your user id.

1 files changed, 13 insertions, 15 deletions

diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
index 3108fdf5f..b071dca6f 100644
--- a/lib/puppet/util/suidmanager.rb
+++ b/lib/puppet/util/suidmanager.rb
@@ -21,21 +21,19 @@ module Puppet::Util::SUIDManager
     end
 
     # Runs block setting uid and gid if provided then restoring original ids
-    def asuser new_uid=nil, new_gid=nil
-      # We set both because some programs like to drop privs, i.e. bash.
-      old_uid, old_gid = self.uid, self.gid
-      old_euid, old_egid = self.euid, self.egid
-      begin
-          self.uid = convert_xid :uid, new_uid if new_uid
-          self.gid = convert_xid :gid, new_gid if new_gid
-          self.euid = convert_xid :uid, new_uid if new_uid
-          self.egid = convert_xid :gid, new_gid if new_gid
-
-          yield
-      ensure
-          self.uid, self.gid = old_uid, old_gid
-          self.euid, self.egid = old_euid, old_egid
-      end
+    def asuser(new_uid=nil, new_gid=nil)
+        return yield unless Process.uid == 0
+        # We set both because some programs like to drop privs, i.e. bash.
+        old_uid, old_gid = self.uid, self.gid
+        old_euid, old_egid = self.euid, self.egid
+        begin
+            self.egid = convert_xid :gid, new_gid if new_gid
+            self.euid = convert_xid :uid, new_uid if new_uid
+  
+            yield
+        ensure
+            self.euid, self.egid = old_euid, old_egid
+        end
     end
     module_function :asuser