29 lines
1.2 KiB
Diff
29 lines
1.2 KiB
Diff
From d4dda9b5583d19e2eee268fec59aa487d61fc079 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Valent=C3=ADn=20Guti=C3=A9rrez?= <vgutierrez@wikimedia.org>
|
|
Date: Thu, 21 Nov 2024 03:54:03 +0100
|
|
Subject: [PATCH] Invoke initgroups() iff we got enough privileges (#11869)
|
|
(#11872)
|
|
|
|
Follow up of #11855, that rendered unusable ATS as root when spawned via traffic_manager.
|
|
---
|
|
src/tscore/ink_cap.cc | 6 ++++--
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc
|
|
index 0f0d6f869e2..f464daad3b1 100644
|
|
--- a/src/tscore/ink_cap.cc
|
|
+++ b/src/tscore/ink_cap.cc
|
|
@@ -156,8 +156,10 @@ impersonate(const struct passwd *pwd, ImpersonationLevel level)
|
|
#endif
|
|
|
|
// Always repopulate the supplementary group list for the new user.
|
|
- if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
|
|
- Fatal("switching to user %s, failed to initialize supplementary groups ID %ld", pwd->pw_name, (long)pwd->pw_gid);
|
|
+ if (geteuid() == 0) { // check that we have enough rights to call initgroups()
|
|
+ if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
|
|
+ Fatal("switching to user %s, failed to initialize supplementary groups ID %ld", pwd->pw_name, (long)pwd->pw_gid);
|
|
+ }
|
|
}
|
|
|
|
switch (level) {
|