This affects both tripe(8) and tripectl(1). The options are still
useful, since they determine the ownership of the administration socket.
This is a result of a long-standing error by the author, who assumed
that it was possible to setgid(2) to any existing supplementary group.
options.
.TP
.BI "\-G, \-\-setgid=" group
options.
.TP
.BI "\-G, \-\-setgid=" group
+If the current effective uid is zero (i.e., the daemon was invoked as
+.BR root )
+then set gid to that of
.I group
(either a group name or integer gid) after initialization. If a new
.BR tripe (8)
.I group
(either a group name or integer gid) after initialization. If a new
.BR tripe (8)
void u_setugid(uid_t u, gid_t g)
{
void u_setugid(uid_t u, gid_t g)
{
+ uid_t cu = geteuid();
+
+ if (cu == 0 && g != (gid_t)-1) {
if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) {
die(EXIT_FAILURE, "couldn't setgid to %u: %s",
(unsigned)g, strerror(errno));
if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) {
die(EXIT_FAILURE, "couldn't setgid to %u: %s",
(unsigned)g, strerror(errno));
administration socket.
.TP
.BI "\-G, \-\-setgid=" group
administration socket.
.TP
.BI "\-G, \-\-setgid=" group
+If the current effective uid is zero (i.e., the daemon was invoked as
+.BR root )
+then set gid to that of
-(either a group name or integer gid) after initialization.
+(either a group name or integer gid) after initialization. In any
+event, arrange hat the administration socket be owned by the given
+.IR group .
.TP
.BI "\-k, \-\-priv\-keyring=" file
Reads the private key from
.TP
.BI "\-k, \-\-priv\-keyring=" file
Reads the private key from
~mdw / tripe / commitdiff