#include <getopt.h>
+#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
return res;
}
+static bool set_groups(const char *user_name, const gid_t gid)
+{
+ int ngroup = 0;
+ errno = 0;
+ int ret = getgrouplist(user_name, gid, NULL, &ngroup);
+ if (ret != -1) {
+ _E("getgrouplist() unexpected return value: %d", ret);
+ return false;
+ } else if (errno != 0) {
+ _E("getgrouplist() unexcepted failure: %m");
+ return false;
+ }
+
+ gid_t groups[ngroup];
+ ret = getgrouplist(user_name, gid, groups, &ngroup);
+ if (ret == -1) {
+ _E("getgrouplist() error");
+ return false;
+ }
+
+ ret = setgroups(ngroup, groups);
+ if (ret != 0) {
+ _E("setgroups() error: %m\n");
+ return false;
+ }
+
+ return true;
+}
+
static bool drop_privileges(const char *user_name)
{
struct passwd *user_info = getpwnam(user_name);
return false;
}
+ if (!set_groups(user_name, user_info->pw_gid))
+ return false;
+
if (setuid(user_info->pw_uid) == -1) {
_E("setuid() error: %m\n");
return false;