Call setgroups(1, &gid) after setting the gid (rather than calling

setgroups(0, NULL) before).

Call setgroups(1, &gid) after setting the gid (rather than calling
setgroups(0, NULL) before).
6969ebcf · Wayne Davison · 1dbb94ca · 6969ebcf
Commit 6969ebcf authored Aug 20, 2003 by Wayne Davison
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 10 deletions

clientserver.c clientserver.c +9 -10

No files found.
--- a/clientserver.c
+++ b/clientserver.c
@@ -344,16 +344,6 @@ static int rsync_module(int f_in, int f_out, int i)
 	}

 	if (am_root) {
-#ifdef HAVE_SETGROUPS
-		/* Get rid of any supplementary groups this process
-		 * might have inheristed. */
-		if (setgroups(0, NULL)) {
-			rsyserr(FERROR, errno, "setgroups failed");
-			io_printf(f_out, "@ERROR: setgroups failed\n");
-			return -1;
-		}
-#endif
-
 		/* XXXX: You could argue that if the daemon is started
 		 * by a non-root user and they explicitly specify a
 		 * gid, then we should try to change to that gid --
@@ -369,6 +359,15 @@ static int rsync_module(int f_in, int f_out, int i)
 			io_printf(f_out, "@ERROR: setgid failed\n");
 			return -1;
 		}
+#ifdef HAVE_SETGROUPS
+		/* Get rid of any supplementary groups this process
+		 * might have inheristed. */
+		if (setgroups(1, &gid)) {
+			rsyserr(FERROR, errno, "setgroups failed");
+			io_printf(f_out, "@ERROR: setgroups failed\n");
+			return -1;
+		}
+#endif

 		if (setuid(uid)) {
 			rsyserr(FERROR, errno, "setuid %d failed", (int) uid);