+ return r;
+}
+
+static int socket_chown(Socket *s, pid_t *_pid) {
+ pid_t pid;
+ int r;
+
+ r = socket_arm_timer(s);
+ if (r < 0)
+ goto fail;
+
+ /* We have to resolve the user names out-of-process, hence
+ * let's fork here. It's messy, but well, what can we do? */
+
+ pid = fork();
+ if (pid < 0)
+ return -errno;
+
+ if (pid == 0) {
+ SocketPort *p;
+ uid_t uid = (uid_t) -1;
+ gid_t gid = (gid_t) -1;
+ int ret;
+
+ default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
+ ignore_signals(SIGPIPE, -1);
+ log_forget_fds();
+
+ if (!isempty(s->user)) {
+ const char *user = s->user;
+
+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+ if (r < 0) {
+ ret = EXIT_USER;
+ goto fail_child;
+ }
+ }
+
+ if (!isempty(s->group)) {
+ const char *group = s->group;
+
+ r = get_group_creds(&group, &gid);
+ if (r < 0) {
+ ret = EXIT_GROUP;
+ goto fail_child;
+ }
+ }
+
+ LIST_FOREACH(port, p, s->ports) {
+ const char *path = NULL;
+
+ if (p->type == SOCKET_SOCKET)
+ path = socket_address_get_path(&p->address);
+ else if (p->type == SOCKET_FIFO)
+ path = p->path;
+
+ if (!path)
+ continue;
+
+ if (chown(path, uid, gid) < 0) {
+ r = -errno;
+ ret = EXIT_CHOWN;
+ goto fail_child;
+ }
+ }
+
+ _exit(0);
+
+ fail_child:
+ log_open();
+ log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
+
+ _exit(ret);
+ }
+
+ r = unit_watch_pid(UNIT(s), pid);
+ if (r < 0)
+ goto fail;
+
+ *_pid = pid;
+ return 0;