When attempting to switch runtime permissions over to the correct group specified for the vty group, if the user specified to run as does not have that vty group then do warn about the issue and stop running
Signed-off-by: Donald Sharp <[email protected]> Reported-by: Thomas Martin <[email protected]> --- lib/privs.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/privs.c b/lib/privs.c index 0ca8783..e6d76b6 100644 --- a/lib/privs.c +++ b/lib/privs.c @@ -664,6 +664,7 @@ zprivs_init(struct zebra_privs_t *zprivs) struct group *grentry = NULL; gid_t groups[NGROUPS_MAX]; int i, ngroups = 0; + int found = 0; if (!zprivs) { @@ -729,8 +730,17 @@ zprivs_init(struct zebra_privs_t *zprivs) for ( i = 0; i < ngroups; i++ ) if ( groups[i] == zprivs_state.vtygrp ) - break; + { + found++; + break; + } + if (!found) + { + fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n", + zprivs->user, zprivs->vty_group); + exit (1); + } if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) ) { groups[i] = zprivs_state.vtygrp; -- 1.9.1 _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
