>>>>> On Fri, 7 Jul 2006 11:41:22 +0200, Kern Sibbald said: > > As you know, users running Bacula under restricted privileges (i.e. > user=bacula, group=bacula or disk) have had a number of problems accessing > the necessary files. After looking at the source code and several patches > that were submitted by Dimitri Puzin, it appears that the documentation of > setgroups() is really quite deficient, which means that the current code does > not properly initialize all the groups associated with the userid. > > I've now reworked the original code in a way that I think it should now work > correctly -- correctly setup all the groups associated with the userid > specified, and add any additional group that may be specified. > > Note: to change the group (-g xxx), you *must* specify the user (i.e. -u > yyy). Another way of saying this is that a -g option without the -u option > will be ignored (I suppose I should make it ABORT). This should cause no > problem because normally one uses a command line something like > > bacula-sd -c ... -u bacula -g disk > > Since the code now initializes all the groups associated with the user > specified, the "-g disk" should no longer be necessary providing that the > user "bacula" is configured to be in the "disk" group. > > I would appreciate it if one or more of you could try the patch that I have > attached to this email (instructions at the top of the patch) and let me know > if it corrects the problems.
I think it won't work in the order you've written it. All calls to initgroups() must occur before setuid(), because otherwise it won't have permission (unless uid is root). Also, maybe the call to initgroups() should be inside #if HAVE_GRP_H? __Martin Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
