execute: properly enforce group

[elogind.git] / src / execute.c

diff --git a/src/execute.c b/src/execute.c
index 7b2567976d3c40b732d8443be7872d9ec1af7a15..668bf9d0f06bb544e45309d01571bbf2cdaa870c 100644 (file)
--- a/src/execute.c
+++ b/src/execute.c
@@ -1193,7 +1193,7 @@ int exec_spawn(ExecCommand *command,
                 }
 
                 if (apply_permissions)
-                        if (enforce_groups(context, username, uid) < 0) {
+                        if (enforce_groups(context, username, gid) < 0) {
                                 r = EXIT_GROUP;
                                 goto fail_child;
                         }
@@ -1402,7 +1402,7 @@ fail_parent:
 void exec_context_init(ExecContext *c) {
         assert(c);
 
-        c->umask = 0002;
+        c->umask = 0022;
         c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
         c->cpu_sched_policy = SCHED_OTHER;
         c->syslog_priority = LOG_DAEMON|LOG_INFO;