> @@ -151,6 +157,11 @@ main(int argc, char **argv)
> } else if (strcmp(pp->pw_name, me) != 0 && getuid() != 0) {
> /* Only root can change other's S/Keys. */
> errx(1, "Permission denied.");
> + } else {
> + /* So the file ends up owned by the proper ID. */
> + if (setresuid(-1, pp->pw_uid, -1) != 0)
> + errx(1, "unable to change user ID to %u",
> + pp->pw_uid);
> }
> }
> I think it would be nice to drop the "id" promise here. I'd prefer to run as little code with "proc exec id" as possible.
