use warnings;
use strict;
+sub supplemental_groups {
+ my $user=shift;
+
+ my @list;
+ while (my @fields=getgrent()) {
+ if (grep { $_ eq $user } split(' ', $fields[3])) {
+ push @list, $fields[2];
+ }
+ }
+
+ return @list;
+}
+
+sub samelists {
+ my %a=map { $_ => 1 } split(' ', shift());
+ my %b=map { $_ => 1 } split(' ', shift());
+
+ foreach my $i (keys %b) {
+ if (! exists $a{$i}) {
+ return 0;
+ }
+ }
+ foreach my $i (keys %a) {
+ if (! exists $b{$i}) {
+ return 0;
+ }
+ }
+ return 1;
+}
+
sub processline {
my $user=shift;
my $setup=shift;
defined(my $pid = fork) or die "Can’t fork: $!";
if (! $pid) {
my ($uuid, $ugid) = (getpwnam($user))[2, 3];
- $)="$ugid $ugid";
+ my $grouplist=join(" ", $ugid, sort {$a <=> $b} $ugid, supplemental_groups($user));
+ if (! samelists(($)=$grouplist), $grouplist)) {
+ die "failed to set egid $grouplist (got back $))";
+ }
$(=$ugid;
$<=$uuid;
$>=$uuid;
- if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+ if ($< != $uuid || $> != $uuid || $( != $ugid) {
die "failed to drop permissions to $user";
}
- %ENV=();
- $ENV{HOME}=(getpwnam($user))[7];
+ %ENV=(
+ PATH => $ENV{PATH},
+ HOME => (getpwnam($user))[7],
+ );
exec("ikiwiki", "-setup", $setup, @ARGV);
die "failed to run ikiwiki: $!";
}