diff options
| author | James Turnbull <james@lovedthanlost.net> | 2009-10-09 16:03:42 +1100 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-11-20 07:37:20 +1100 |
| commit | e32f980fd7c6291abc2841ede397c962798d9a9c (patch) | |
| tree | 956bb3e8700796a280a5f91847fa74d783d7567f /lib | |
| parent | be7ff82f92a14f4f572d738eeeb2c77437069c49 (diff) | |
| download | puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.gz puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.tar.xz puppet-e32f980fd7c6291abc2841ede397c962798d9a9c.zip | |
Fixed #1806 - supplementary groups are not reset
Patch thanks to Till Maas
Signed-off-by: James Turnbull <james@lovedthanlost.net>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/util.rb | 5 | ||||
| -rw-r--r-- | lib/puppet/util/suidmanager.rb | 12 |
2 files changed, 14 insertions, 3 deletions
diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb index 6f83c7ac5..21573d1da 100644 --- a/lib/puppet/util.rb +++ b/lib/puppet/util.rb @@ -55,10 +55,11 @@ module Util end unless Puppet::Util::SUIDManager.uid == user begin + Puppet::Util::SUIDManager.initgroups(user) Puppet::Util::SUIDManager.uid = user Puppet::Util::SUIDManager.euid = user - rescue - $stderr.puts "could not change to user %s" % user + rescue => detail + $stderr.puts "Could not change to user %s: %s" % [user, detail] exit(74) end end diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb index c5df0d198..a0a9178bb 100644 --- a/lib/puppet/util/suidmanager.rb +++ b/lib/puppet/util/suidmanager.rb @@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager extend Forwardable to_delegate_to_process = [ :euid=, :euid, :egid=, :egid, - :uid=, :uid, :gid=, :gid ] + :uid=, :uid, :gid=, :gid, :groups=, :groups ] to_delegate_to_process.each do |method| def_delegator Process, method @@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager # We set both because some programs like to drop privs, i.e. bash. old_uid, old_gid = self.uid, self.gid old_euid, old_egid = self.euid, self.egid + old_groups = self.groups begin self.egid = convert_xid :gid, new_gid if new_gid + self.initgroups(convert_xid(:uid, new_uid)) if new_uid self.euid = convert_xid :uid, new_uid if new_uid yield ensure self.euid, self.egid = old_euid, old_egid + self.groups = old_groups end end module_function :asuser @@ -49,6 +52,13 @@ module Puppet::Util::SUIDManager end module_function :convert_xid + # Initialize supplementary groups + def initgroups(user) + require 'etc' + Process.initgroups(Etc.getpwuid(user).name, Process.gid) + end + + module_function :initgroups def run_and_capture(command, new_uid=nil, new_gid=nil) output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid) |