Merge pull request #752 from comel/master

Add emperor-tyrant-initgroups option

core/emperor.c

@@ -1524,9 +1524,30 @@ static void uwsgi_emperor_spawn_vassal(struct uwsgi_instance *n_ui) {
 			uwsgi_error("setgid()");
 			exit(1);
 		}
-		if (setgroups(0, NULL)) {
-			uwsgi_error("setgroups()");
-			exit(1);
+
+		if (uwsgi.emperor_tyrant_initgroups) {
+			char *uidname = NULL;
+			gid_t gid = NULL;
+			struct passwd *pw = getpwuid(n_ui->uid);
+
+			if (pw) {
+				uidname = pw->pw_name;
+				gid = pw->pw_gid;
+			}
+
+			if (!uidname) {
+				uidname = uwsgi_num2str(n_ui->uid);
+			}
+
+			if (initgroups(uidname, gid)) {
+				uwsgi_error("initgroups()");
+				exit(1);
+			}
+		} else {
+			if (setgroups(0, NULL)) {
+				uwsgi_error("setgroups()");
+				exit(1);
+			}
 		}
 
 		if (setuid(n_ui->uid)) {

core/uwsgi.c

@@ -212,6 +212,7 @@ static struct uwsgi_option uwsgi_base_options[] = {
 	{"emperor-pidfile", required_argument, 0, "write the Emperor pid in the specified file", uwsgi_opt_set_str, &uwsgi.emperor_pidfile, 0},
 	{"emperor-tyrant", no_argument, 0, "put the Emperor in Tyrant mode", uwsgi_opt_true, &uwsgi.emperor_tyrant, 0},
 	{"emperor-tyrant-nofollow", no_argument, 0, "do not follow symlinks when checking for uid/gid in Tyrant mode", uwsgi_opt_true, &uwsgi.emperor_tyrant_nofollow, 0},
+	{"emperor-tyrant-initgroups", no_argument, 0, "add additional groups set via initgroups() in Tyrant mode", uwsgi_opt_true, &uwsgi.emperor_tyrant_initgroups, 0},
 	{"emperor-stats", required_argument, 0, "run the Emperor stats server", uwsgi_opt_set_str, &uwsgi.emperor_stats, 0},
 	{"emperor-stats-server", required_argument, 0, "run the Emperor stats server", uwsgi_opt_set_str, &uwsgi.emperor_stats, 0},
 	{"early-emperor", no_argument, 0, "spawn the emperor as soon as possibile", uwsgi_opt_true, &uwsgi.early_emperor, 0},

uwsgi.h

@@ -2780,6 +2780,7 @@ struct uwsgi_server {
 	int async_warn_if_queue_full;
 	char *zeus;
 	uint64_t buffer_size;
+	int emperor_tyrant_initgroups;
 };
 
 struct uwsgi_rpc {