commit 4492e47bc914650ecd587fcc94010ae0373ab91b
from: Anton Lindqvist <anton@basename.se>
date: Sun Apr 27 18:53:49 2025 UTC

gotwebd: inherit all user groups

Required if repos_path is not owned by the _gotwebd group.

ok stsp@

commit - a345a9df6d40e0b447c873496cc55d7bd88feb48
commit + 4492e47bc914650ecd587fcc94010ae0373ab91b
blob - f66b9f38c71db3ea73f08f317e7446e2d3929e59
blob + 162f7f952a51195716d37319a3ff5b81b27dc106
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
@@ -357,12 +357,13 @@ main(int argc, char **argv)
 	struct event_base	*evb;
 	struct gotwebd		*env;
 	struct passwd		*pw;
-	int			 ch, i;
+	int			 ch, i, gotwebd_ngroups;
 	int			 no_action = 0;
 	int			 proc_type = GOTWEBD_PROC_PARENT;
 	const char		*conffile = GOTWEBD_CONF;
 	const char		*gotwebd_username = GOTWEBD_DEFAULT_USER;
 	const char		*www_username = GOTWEBD_WWW_USER;
+	gid_t			 gotwebd_groups[NGROUPS_MAX];
 	gid_t			 www_gid;
 	const char		*argv0;
 
@@ -440,6 +441,9 @@ main(int argc, char **argv)
 	pw = getpwnam(gotwebd_username);
 	if (pw == NULL)
 		fatalx("unknown user %s", gotwebd_username);
+	if (getgrouplist(gotwebd_username, pw->pw_gid, gotwebd_groups,
+	    &gotwebd_ngroups) == -1)
+		fatalx("too many groups for user %s", gotwebd_username);
 
 	/* check for root privileges */
 	if (geteuid())
@@ -469,7 +473,7 @@ main(int argc, char **argv)
 		setproctitle("gotweb");
 		log_procinit("gotweb");
 
-		if (setgroups(1, &pw->pw_gid) == -1 ||
+		if (setgroups(gotwebd_ngroups, gotwebd_groups) == -1 ||
 		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
 		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
 			fatal("failed to drop privileges");