Finish setuid/setgid.

2025-04-13 15:12:00 +02:00 · 2025-04-13 15:12:00 +02:00 · 0e012332e1
commit 0e012332e1
parent 8bd46721aa
1 changed files with 21 additions and 7 deletions
--- a/backend/brminv.scm
+++ b/backend/brminv.scm
@ -34,7 +34,9 @@
 	(chicken string)
 	api-servlets
 	bar-db
-	(chicken process-context posix))
+	(chicken process-context posix)
 	(chicken process-context)
 	posix-groups)
 (define -port- (make-parameter #f))
 (define -certificate- (make-parameter #f))
@ -99,12 +101,24 @@
 		   private-key: (-key-))
      (tcp-listen port)))
 (when (or (-user-) (-group-))
 (print "current user id: " (current-user-id))
 (print "current effective user id: " (current-effective-user-id))
-  (switch-user/group (-user-) (-group-))
+(when (-group-)	 ; group first, since only superuser can switch groups
  (let ((ginfo (group-information (-group-))))
    (unless ginfo
      (error "Group does not exist" (-group-)))
    (set! (current-group-id) (list-ref ginfo 2))))
 (when (-user-)
  (let ((uinfo (user-information (-user-))))
    (unless uinfo
      (error "User does not exist" (-user-)))
    (set-environment-variable! "HOME" (list-ref uinfo 5))
    (initialize-groups (-user-) (list-ref uinfo 3))
    (unless (-group-)		    ; Already changed to target group?
      (set! (current-group-id) (list-ref uinfo 3)))
    (set! (current-user-id) (list-ref uinfo 2))))
 (print "current user id: " (current-user-id))
-  (print "current effective user id: " (current-effective-user-id)))
+(print "current effective user id: " (current-effective-user-id))
 (bar-db-init! (-db-name-) (-db-host-) (-db-user-) (-db-pass-))