From 11c49dc9ac730bdaa2f6b26ff877b9ba87f38572 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Wed, 20 Feb 2019 13:14:30 +0000 Subject: [PATCH] [Fix] Set rspamd user to initialise supplementary groups on reload Issue: #2693 Closes: #2693 --- src/libserver/worker_util.c | 6 ++++-- src/rspamd.c | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/libserver/worker_util.c b/src/libserver/worker_util.c index e10e25bc0..a52dd3ccb 100644 --- a/src/libserver/worker_util.c +++ b/src/libserver/worker_util.c @@ -513,12 +513,14 @@ rspamd_worker_drop_priv (struct rspamd_main *rspamd_main) strerror (errno)); exit (-errno); } + if (rspamd_main->cfg->rspamd_user && - initgroups (rspamd_main->cfg->rspamd_user, rspamd_main->workers_gid) == - -1) { + initgroups (rspamd_main->cfg->rspamd_user, + rspamd_main->workers_gid) == -1) { msg_err_main ("initgroups failed (%s), aborting", strerror (errno)); exit (-errno); } + if (setuid (rspamd_main->workers_uid) == -1) { msg_err_main ("cannot setuid to %d (%s), aborting", (gint) rspamd_main->workers_uid, diff --git a/src/rspamd.c b/src/rspamd.c index 88b44d773..85191e949 100644 --- a/src/rspamd.c +++ b/src/rspamd.c @@ -178,6 +178,7 @@ read_cmd_line (gint *argc, gchar ***argv, struct rspamd_config *cfg) else { cfg->cfg_name = cfg_names[0]; } + for (i = 1; i < cfg_num; i++) { r = fork (); if (r == 0) { @@ -313,6 +314,9 @@ reread_config (struct rspamd_main *rspamd_main) REF_RELEASE (old_cfg); msg_info_main ("config has been reread successfully"); rspamd_map_preload (rspamd_main->cfg); + + rspamd_main->cfg->rspamd_user = rspamd_user; + rspamd_main->cfg->rspamd_group = rspamd_group; } } -- 2.39.5