commit 12d198bbbb076d1ba4ce85d5714380a277eb4a39
from: Anton Lindqvist <anton@basename.se>
via: Thomas Adam <thomas@xteddy.org>
date: Thu May 15 16:08:55 2025 UTC

gotwebd: inherit all user groups

Required if repos_path is not owned by the _gotwebd group.

ok stsp@

commit - f0961700eb8c00d5ea2cb5fb79f5c65a642e9c9a
commit + 12d198bbbb076d1ba4ce85d5714380a277eb4a39
blob - b58f1b61836672541d663f0d88b9f21f67fbd42f
blob + d3fdaf7dfe7a9829ecbb4a9e54b9164515a3337e
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
@@ -356,12 +356,13 @@ main(int argc, char **argv)
 	struct event_base	*evb;
 	struct gotwebd		*env;
 	struct passwd		*pw;
-	int			 ch, i;
+	int			 ch, i, gotwebd_ngroups;
 	int			 no_action = 0;
 	int			 proc_type = GOTWEBD_PROC_PARENT;
 	const char		*conffile = GOTWEBD_CONF;
 	const char		*gotwebd_username = GOTWEBD_DEFAULT_USER;
 	const char		*www_username = GOTWEBD_WWW_USER;
+	gid_t			 gotwebd_groups[NGROUPS_MAX];
 	gid_t			 www_gid;
 	const char		*argv0;
 
@@ -439,6 +440,9 @@ main(int argc, char **argv)
 	pw = getpwnam(gotwebd_username);
 	if (pw == NULL)
 		fatalx("unknown user %s", gotwebd_username);
+	if (getgrouplist(gotwebd_username, pw->pw_gid, gotwebd_groups,
+	    &gotwebd_ngroups) == -1)
+		fatalx("too many groups for user %s", gotwebd_username);
 
 	/* check for root privileges */
 	if (geteuid())
@@ -468,7 +472,7 @@ main(int argc, char **argv)
 		setproctitle("gotweb");
 		log_procinit("gotweb");
 
-		if (setgroups(1, &pw->pw_gid) == -1 ||
+		if (setgroups(gotwebd_ngroups, gotwebd_groups) == -1 ||
 		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
 		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
 			fatal("failed to drop privileges");