X-Git-Url: https://unix4lyfe.org/gitweb/darkstat-debian/blobdiff_plain/a1e8056c92203d02860d719abb1d562453896da8..HEAD:/conv.c

diff --git a/conv.c b/conv.c
index 4ff95ae..e1ff414 100644
--- a/conv.c
+++ b/conv.c
@@ -1,5 +1,5 @@
 /* darkstat 3
- * copyright (c) 2001-2011 Emil Mikulic.
+ * copyright (c) 2001-2014 Emil Mikulic.
  *
  * conv.c: convenience functions.
  *
@@ -24,13 +24,14 @@
 #include "err.h"
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
+#include <limits.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
-#include <limits.h>
 
 #define PATH_DEVNULL "/dev/null"
 
@@ -288,9 +289,7 @@ daemonize_finish(void)
  * For security, chroot (optionally) and drop privileges.
  * Pass a NULL chroot_dir to disable chroot() behaviour.
  */
-void
-privdrop(const char *chroot_dir, const char *privdrop_user)
-{
+void privdrop(const char *chroot_dir, const char *privdrop_user) {
    struct passwd *pw;
 
    errno = 0;
@@ -302,7 +301,9 @@ privdrop(const char *chroot_dir, const char *privdrop_user)
       else
          err(1, "getpwnam(\"%s\") failed", privdrop_user);
    }
-   if (chroot_dir != NULL) {
+   if (chroot_dir == NULL) {
+      verbosef("no --chroot dir specified, darkstat will not chroot()");
+   } else {
       tzset(); /* read /etc/localtime before we chroot */
       if (chdir(chroot_dir) == -1)
          err(1, "chdir(\"%s\") failed", chroot_dir);
@@ -310,6 +311,12 @@ privdrop(const char *chroot_dir, const char *privdrop_user)
          err(1, "chroot(\"%s\") failed", chroot_dir);
       verbosef("chrooted into: %s", chroot_dir);
    }
+   {
+      gid_t list[1];
+      list[0] = pw->pw_gid;
+      if (setgroups(1, list) == -1)
+         err(1, "setgroups");
+   }
    if (setgid(pw->pw_gid) == -1)
       err(1, "setgid");
    if (setuid(pw->pw_uid) == -1)
@@ -344,3 +351,5 @@ fd_set_block(const int fd)
       err(1, "fcntl(fd %d) to unset O_NONBLOCK", fd);
    assert( (fcntl(fd, F_GETFL, 0) & O_NONBLOCK ) == 0 );
 }
+
+/* vim:set ts=3 sw=3 tw=78 expandtab: */