HomePhorge
Diffusion puppet bb224dd15498

(#8770) Don't fail to set supplementary groups when changing user to root
bb224dd15498Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(#8770) Don't fail to set supplementary groups when changing user to root

Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.

This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.

Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.

This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.

Details

Provenance
Nick Lewis <nick@puppetlabs.com>Authored on
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU7de5ee899621: Merge remote-tracking branch 'nicklewis/ticket/2.6.x/8770' into 2.6.x
Branches
Unknown
Tags
Unknown

Event Timeline

Nick Lewis <nick@puppetlabs.com> committed rPUbb224dd15498: (#8770) Don't fail to set supplementary groups when changing user to root (authored by Nick Lewis <nick@puppetlabs.com>).Aug 12 2011, 9:54 PM

Changes (2)

PathSize
lib/
puppet/
util/
spec/
unit/
util/

rPUbb224dd15498

View Options

lib/puppet/util/suidmanager.rb

Loading...
View Options

spec/unit/util/suidmanager_spec.rb

Loading...