X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/f947f8c4b2b6b403eb9617a744004fe00ac60514..25879952b1359bcd62dba33f2364c77442358832:/ikiwiki-mass-rebuild?ds=sidebyside

diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild
index fa8bd913d..f13033e7f 100755
--- a/ikiwiki-mass-rebuild
+++ b/ikiwiki-mass-rebuild
@@ -2,6 +2,36 @@
 use warnings;
 use strict;
 
+sub supplemental_groups {
+	my $user=shift;
+
+	my @list;
+	while (my @fields=getgrent()) {
+		if (grep { $_ eq $user } split(' ', $fields[3])) {
+			push @list, $fields[2];
+		}
+	}
+
+	return @list;
+}
+
+sub samelists {
+	my %a=map { $_ => 1 } split(' ', shift());
+	my %b=map { $_ => 1 } split(' ', shift());
+
+	foreach my $i (keys %b) {
+		if (! exists $a{$i}) {
+			return 0;
+		}
+	}
+	foreach my $i (keys %a) {
+		if (! exists $b{$i}) {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 sub processline {
 	my $user=shift;
 	my $setup=shift;
@@ -20,15 +50,20 @@ sub processline {
 	defined(my $pid = fork) or die "Can’t fork: $!";
 	if (! $pid) {
 		my ($uuid, $ugid) = (getpwnam($user))[2, 3];
-		$)="$ugid $ugid";
+		my $grouplist=join(" ", $ugid, sort {$a <=> $b} $ugid, supplemental_groups($user));
+		if (! samelists(($)=$grouplist), $grouplist)) {
+			die "failed to set egid $grouplist (got back $))";
+		}
 		$(=$ugid;
 		$<=$uuid;
 		$>=$uuid;
-		if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+		if ($< != $uuid || $> != $uuid || $( != $ugid) {
 			die "failed to drop permissions to $user";
 		}
-		%ENV=();
-		$ENV{HOME}=(getpwnam($user))[7];
+		%ENV=(
+			PATH => $ENV{PATH},
+			HOME => (getpwnam($user))[7],
+		);
 		exec("ikiwiki", "-setup", $setup, @ARGV);
 		die "failed to run ikiwiki: $!";
 	}