2 files changed, 13 insertions, 7 deletions

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 2b6e1be14..c4ff62891 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder()
                safe.  Also note that setuid() when run as root sets
                the real, effective and saved UIDs. */
             if (buildUser.enabled()) {
-                printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID());
+                printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser());
 
                 if (amPrivileged()) {
                     
@@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure()
             throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
 #endif
 
+        if (buildUser.enabled() && !amPrivileged())
+            /* Call the setuid helper to change ownership from the
+               build user to our uid.  If we *are* root, then
+               canonicalisePathMetaData() will take care of this. */
+            getOwnership(path);
+            
         /* Get rid of all weird permissions. */
 	canonicalisePathMetaData(path);
 
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index c1fcb035b..143f093e5 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path)
 
     if (!S_ISLNK(st.st_mode)) {
 
+        if (st.st_uid != geteuid()) {
+            if (chown(path.c_str(), geteuid(), -1) == -1)
+                throw SysError(format("changing owner of `%1%' to %2%")
+                    % path % geteuid());
+        }
+
         /* Mask out all type related bits. */
         mode_t mode = st.st_mode & ~S_IFMT;
         
@@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path)
                 throw SysError(format("changing mode of `%1%' to %2$o") % path % mode);
         }
 
-        if (st.st_uid != geteuid() || st.st_gid != getegid()) {
-            if (chown(path.c_str(), geteuid(), getegid()) == -1)
-                throw SysError(format("changing owner/group of `%1%' to %2%/%3%")
-                    % path % geteuid() % getegid());
-        }
-
         if (st.st_mtime != 0) {
             struct utimbuf utimbuf;
             utimbuf.actime = st.st_atime;