Finish setuid/setgid.

backend/brminv.scm

@@ -34,7 +34,9 @@
 	(chicken string)
 	api-servlets
 	bar-db
-	(chicken process-context posix))
+	(chicken process-context posix)
+	(chicken process-context)
+	posix-groups)
 
 (define -port- (make-parameter #f))
 (define -certificate- (make-parameter #f))
@@ -99,12 +101,24 @@
 		   private-key: (-key-))
       (tcp-listen port)))
 
-(when (or (-user-) (-group-))
-  (print "current user id: " (current-user-id))
-  (print "current effective user id: " (current-effective-user-id))
-  (switch-user/group (-user-) (-group-))
-  (print "current user id: " (current-user-id))
-  (print "current effective user id: " (current-effective-user-id)))
+(print "current user id: " (current-user-id))
+(print "current effective user id: " (current-effective-user-id))
+(when (-group-)	 ; group first, since only superuser can switch groups
+  (let ((ginfo (group-information (-group-))))
+    (unless ginfo
+      (error "Group does not exist" (-group-)))
+    (set! (current-group-id) (list-ref ginfo 2))))
+(when (-user-)
+  (let ((uinfo (user-information (-user-))))
+    (unless uinfo
+      (error "User does not exist" (-user-)))
+    (set-environment-variable! "HOME" (list-ref uinfo 5))
+    (initialize-groups (-user-) (list-ref uinfo 3))
+    (unless (-group-)		    ; Already changed to target group?
+      (set! (current-group-id) (list-ref uinfo 3)))
+    (set! (current-user-id) (list-ref uinfo 2))))
+(print "current user id: " (current-user-id))
+(print "current effective user id: " (current-effective-user-id))
 
 (bar-db-init! (-db-name-) (-db-host-) (-db-user-) (-db-pass-))