X-Git-Url: https://oss.titaniummirror.com/gitweb?a=blobdiff_plain;f=repo_shell.c;fp=repo_shell.c;h=07e5cf7e4b24e0d5a4275fc1b542def979af7052;hb=9c21356b4de36e2db5ede03b1ee5edfc587e0b85;hp=e4918b30fb06ac458df7ff55b2596c0310437ff6;hpb=0aa10cafb34f36da9f52b4c382e28e2679224149;p=repo_shell.git

diff --git a/repo_shell.c b/repo_shell.c
index e4918b3..07e5cf7 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -38,9 +38,17 @@ static void change_user(char *user)
 
   if (!pw)
     die("invalid user %s", user);
+  setgid(pw->pw_gid);
   setuid(pw->pw_uid);
 }
 
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+  setgid(getgid());
+  setuid(getuid());
+}
+
 static char *dequote(char *arg)
 {
   char* narg = NULL;
@@ -209,7 +217,7 @@ int main(int argc, char **argv)
       fprintf(stderr, "\n");
       die("only repository access is allowed");
     }
-    setuid(getuid());
+    reset_user();
     argv[0] = SHELL;
     execvp(argv[0], (char *const *) argv);
     return 1;
@@ -270,7 +278,7 @@ int main(int argc, char **argv)
 
   if (!cfg.allow_interactive)
     die("only repository access is allowed");
-  setuid(getuid());
+  reset_user();
   cd_to_homedir();
   argv[0] = SHELL;
   execvp(argv[0], (char *const *) argv);