shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

execute: do initgroups() first, pam initialization second so that it can still modify the groups list

Browse Source
This commit is contained in:
Lennart Poettering 2011-06-30 02:15:01 +02:00
parent 64747e2d4b
commit 3b8bdddeff
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/execute.c
View File

@ -886,7 +886,7 @@ static int setup_pam(
* cleanups, so forget about the handle here. */
handle = NULL;
/* Unblock SIGSUR1 again in the parent */
/* Unblock SIGTERM again in the parent */
if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
goto fail;
@ -1255,6 +1255,14 @@ int exec_spawn(ExecCommand *command,
}
}
if (apply_permissions)
if (enforce_groups(context, username, uid) < 0) {
r = EXIT_GROUP;
goto fail_child;
}
umask(context->umask);
#ifdef HAVE_PAM
if (context->pam_name && username) {
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
@ -1264,14 +1272,6 @@ int exec_spawn(ExecCommand *command,
}
#endif
if (apply_permissions)
if (enforce_groups(context, username, uid) < 0) {
r = EXIT_GROUP;
goto fail_child;
}
umask(context->umask);
if (strv_length(context->read_write_dirs) > 0 ||
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||