From ed70b60ad828d01cc18462cc5f50461ad84ef01c Mon Sep 17 00:00:00 2001
From: psychon <psychon@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Wed, 22 Oct 2008 09:14:31 +0000
Subject: First set our group id, then the user id, because we need to be root
 to set the group (else it always fails with EPERM). Plus also call
 setgroups(0, NULL); to get rid of the supplementary groups.

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@10684 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/inspircd.cpp | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

(limited to 'src')

diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index 9a64331b5..f1cccab19 100644
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -730,48 +730,59 @@ InspIRCd::InspIRCd(int argc, char** argv)
 	Logs->Log("STARTUP", DEFAULT, "Startup complete as '%s'[%s], %d max open sockets", Config->ServerName,Config->GetSID().c_str(), SE->GetMaxFds());
 
 #ifndef WIN32
-	if (*(this->Config->SetUser))
+	if (*(this->Config->SetGroup))
 	{
-		// setuid
-		struct passwd *u;
+		int ret;
+
+		// setgroups
+		ret = setgroups(0, NULL);
+
+		if (ret == -1)
+		{
+			this->Logs->Log("SETGROUPS", DEFAULT, "setgroups() failed (wtf?): %s", strerror(errno));
+			this->QuickExit(0);
+		}
+
+		// setgid
+		struct group *g;
 
 		errno = 0;
-		u = getpwnam(this->Config->SetUser);
+		g = getgrnam(this->Config->SetGroup);
 
-		if (!u)
+		if (!g)
 		{
-			this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno));
+			this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno));
 			this->QuickExit(0);
 		}
 
-		int ret = setuid(u->pw_uid);
+		ret = setgid(g->gr_gid);
 
 		if (ret == -1)
 		{
-			this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno));
+			this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno));
 			this->QuickExit(0);
 		}
 	}
 
-	if (*(this->Config->SetGroup))
+	if (*(this->Config->SetUser))
 	{
-		// setgid
-		struct group *g;
+		// setuid
+		struct passwd *u;
 
 		errno = 0;
-		g = getgrnam(this->Config->SetGroup);
+		u = getpwnam(this->Config->SetUser);
 
-		if (!g)
+		if (!u)
 		{
-			this->Logs->Log("SETGUID", DEFAULT, "getgrnam() failed (bad user?): %s", strerror(errno));
+			this->Logs->Log("SETGUID", DEFAULT, "getpwnam() failed (bad user?): %s", strerror(errno));
 			this->QuickExit(0);
 		}
 
-		int ret = setgid(g->gr_gid);
+		int ret = setuid(u->pw_uid);
 
 		if (ret == -1)
 		{
-			this->Logs->Log("SETGUID", DEFAULT, "setgid() failed (bad user?): %s", strerror(errno));
+			this->Logs->Log("SETGUID", DEFAULT, "setuid() failed (bad user?): %s", strerror(errno));
 			this->QuickExit(0);
 		}
 	}
-- 
cgit v1.2.3