diff options
Diffstat (limited to '')
| -rw-r--r-- | src/cerberus.c | 12 | ||||
| -rw-r--r-- | src/cerberus.h | 3 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/cerberus.c b/src/cerberus.c index 01cbe08..4f9dd0c 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -242,6 +242,8 @@ void do_login(int argc, char** argv) } else if (child_pid == 0) { + int ret; + /* In case the shell does not do this */ setsid(); @@ -251,7 +253,15 @@ void do_login(int argc, char** argv) signal(SIGINT, SIG_DFL); /* Partial login */ - /* TODO set supplemental groups */ + ret = entry->pw_uid + ? initgroups(username, entry->pw_gid) /* supplemental groups for user, can require network */ + : setgroups(0, NULL); /* supplemental groups for root, does not require netork */ + if (ret == -1) + { + perror(entry->pw_uid ? "initgroups" : "setgroups"); + sleep(ERROR_SLEEP); + _exit(1); + } set_user(entry); exec_shell(entry); } diff --git a/src/cerberus.h b/src/cerberus.h index 706925a..a2df554 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -30,9 +30,8 @@ #include <termios.h> #include <sys/wait.h> #include <sys/ioctl.h> -#ifdef USE_TTY_GROUP +#include <sys/types.h> #include <grp.h> -#endif #include "config.h" |