Permalink
Browse files

Merge pull request #113 from ryansch/groups

Adding supplementary_groups.
  • Loading branch information...
2 parents 78a787c + ca5b002 commit b979c51623e561b513d9f567b3d22faa177cbddd @akzhan akzhan committed Aug 18, 2011
Showing with 13 additions and 5 deletions.
  1. +5 −2 lib/bluepill/process.rb
  2. +8 −3 lib/bluepill/system.rb
View
@@ -35,7 +35,9 @@ class Process
:child_process_factory,
:pid_command,
- :auto_start
+ :auto_start,
+
+ :supplementary_groups
]
attr_accessor :name, :watches, :triggers, :logger, :skip_ticks_until, :process_running
@@ -422,7 +424,8 @@ def system_command_options
:logger => self.logger,
:stdin => self.stdin,
:stdout => self.stdout,
- :stderr => self.stderr
+ :stderr => self.stderr,
+ :supplementary_groups => self.supplementary_groups
}
end
View
@@ -62,7 +62,7 @@ def daemonize(cmd, options = {})
# child
rd.close
- drop_privileges(options[:uid], options[:gid])
+ drop_privileges(options[:uid], options[:gid], options[:supplementary_groups])
# if we cannot write the pid file as the provided user, err out
exit unless can_write_pid_file(options[:pid_file], options[:logger])
@@ -113,7 +113,7 @@ def execute_blocking(cmd, options = {})
pid = fork {
# grandchild
- drop_privileges(options[:uid], options[:gid])
+ drop_privileges(options[:uid], options[:gid], options[:supplementary_groups])
Dir.chdir(ENV["PWD"] = options[:working_dir]) if options[:working_dir]
options[:environment].each { |key, value| ENV[key.to_s] = value.to_s } if options[:environment]
@@ -192,12 +192,17 @@ def ps_axu
# be sure to call this from a fork otherwise it will modify the attributes
# of the bluepill daemon
- def drop_privileges(uid, gid)
+ def drop_privileges(uid, gid, supplementary_groups)
if ::Process::Sys.geteuid == 0
uid_num = Etc.getpwnam(uid).uid if uid
gid_num = Etc.getgrnam(gid).gid if gid
+ group_nums = supplementary_groups.map do |group|
+ Etc.getgrnam(group).gid
+ end
+
::Process.groups = [gid_num] if gid
+ ::Process.groups |= group_nums unless group_nums.empty?
::Process::Sys.setgid(gid_num) if gid
::Process::Sys.setuid(uid_num) if uid
end

0 comments on commit b979c51

Please sign in to comment.