diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-06-30 02:15:01 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-06-30 02:15:01 +0200 |
| commit | 3b8bdddeffbbb9569ae68018bf2942cf73befc85 (patch) | |
| tree | 2e4f5ba271defc221c509a0f1ef9ff18b060ff76 | |
| parent | 64747e2d4b6feb61e9f9e70d36ffcf5a972e168a (diff) | |
execute: do initgroups() first, pam initialization second so that it can still modify the groups list
| -rw-r--r-- | src/execute.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/execute.c b/src/execute.c index 6f0f5d09d9..cb55843542 100644 --- a/src/execute.c +++ b/src/execute.c @@ -886,7 +886,7 @@ static int setup_pam( * cleanups, so forget about the handle here. */ handle = NULL; - /* Unblock SIGSUR1 again in the parent */ + /* Unblock SIGTERM again in the parent */ if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0) goto fail; @@ -1255,6 +1255,14 @@ int exec_spawn(ExecCommand *command, } } + if (apply_permissions) + if (enforce_groups(context, username, uid) < 0) { + r = EXIT_GROUP; + goto fail_child; + } + + umask(context->umask); + #ifdef HAVE_PAM if (context->pam_name && username) { if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) { @@ -1264,14 +1272,6 @@ int exec_spawn(ExecCommand *command, } #endif - if (apply_permissions) - if (enforce_groups(context, username, uid) < 0) { - r = EXIT_GROUP; - goto fail_child; - } - - umask(context->umask); - if (strv_length(context->read_write_dirs) > 0 || strv_length(context->read_only_dirs) > 0 || strv_length(context->inaccessible_dirs) > 0 || |