* Get rid of `build-users'. We'll just take all the members of

`build-users-group'. This makes configuration easier: you can just add users in /etc/group.
author: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-06 20:00:15 +0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-06 20:00:15 +0000
commit: 6e5ec1029ad279c1ac69e14730afb4d2d9964b5d (patch)
tree: d0b031a8c4a40d6fa9c6d77b95b1acc66ea1840c /src/nix-setuid-helper
parent: 751f6d2157a1b89f2463b68a90f8515deb3f942c (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/nix-setuid-helper/main.cc b/src/nix-setuid-helper/main.cc
index 50a059f50..d278d5677 100644
--- a/src/nix-setuid-helper/main.cc
+++ b/src/nix-setuid-helper/main.cc
@@ -40,14 +40,18 @@ static void runBuilder(string userName,
        don't want to create that directory here. */
     secureChown(pw->pw_uid, gidBuilders, ".");
 
+                
     /* Set the real, effective and saved gid.  Must be done before
        setuid(), otherwise it won't set the real and saved gids. */
+    if (setgroups(0, 0) == -1)
+        throw SysError("cannot clear the set of supplementary groups");
     //setgid(gidBuilders);
 
     /* Set the real, effective and saved uid. */
-    setuid(pw->pw_uid);
-    if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
-        throw Error("cannot setuid");
+    if (setuid(pw->pw_uid) == -1 ||
+        getuid() != pw->pw_uid ||
+        geteuid() != pw->pw_uid)
+        throw SysError("setuid failed");
 
     /* Execute the program. */
     std::vector<const char *> args;
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-06 20:00:15 +0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-06 20:00:15 +0000
commit	6e5ec1029ad279c1ac69e14730afb4d2d9964b5d (patch)
tree	d0b031a8c4a40d6fa9c6d77b95b1acc66ea1840c /src/nix-setuid-helper
parent	751f6d2157a1b89f2463b68a90f8515deb3f942c (diff)