summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac2
-rw-r--r--src/main.c10
2 files changed, 11 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 303fc7b..377e204 100644
--- a/configure.ac
+++ b/configure.ac
@@ -203,7 +203,7 @@ AC_FUNC_REALLOC
AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \
strchr strdup strerror strncasecmp strpbrk strstr strtol])
AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
-AC_CHECK_FUNCS([strlcpy strlcat])
+AC_CHECK_FUNCS([strlcpy strlcat setgroups])
dnl Enable extra warnings
diff --git a/src/main.c b/src/main.c
index a7ae9c7..abb047d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -296,6 +296,16 @@ change_user (const char *program)
exit (EX_NOPERM);
}
+#ifdef HAVE_SETGROUPS
+ /* Drop all supplementary groups, otherwise these are inherited from the calling process */
+ if (setgroups (0, NULL) < 0) {
+ fprintf (stderr,
+ "%s: Unable to drop supplementary groups.\n",
+ program);
+ exit (EX_NOPERM);
+ }
+#endif
+
log_message (LOG_INFO, "Now running as group \"%s\".",
config.group);
}