X-Git-Url: https://oss.titaniummirror.com/gitweb?a=blobdiff_plain;f=repo_shell.c;h=07e5cf7e4b24e0d5a4275fc1b542def979af7052;hb=9c21356b4de36e2db5ede03b1ee5edfc587e0b85;hp=7d34e576e7e122782ed7eef5229eef23b82f18c2;hpb=f8294bed64126df0043e157d693267b5ce31ee4e;p=repo_shell.git

diff --git a/repo_shell.c b/repo_shell.c
index 7d34e57..07e5cf7 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -18,6 +18,8 @@
 #define SHELL "/bin/bash"
 #define GIT_ACL_FILE ".gitacls"
 
+enum { REPO_UMASK = 027 };
+
 typedef struct {
   char *user;
   char *svn_root;
@@ -36,9 +38,17 @@ static void change_user(char *user)
 
   if (!pw)
     die("invalid user %s", user);
+  setgid(pw->pw_gid);
   setuid(pw->pw_uid);
 }
 
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+  setgid(getgid());
+  setuid(getuid());
+}
+
 static char *dequote(char *arg)
 {
   char* narg = NULL;
@@ -94,6 +104,7 @@ static int do_git_cmd(const char *cmd, char *arg, char *user)
     die("bad command");
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   if (!git_check_access(cmd, arg, user))
     die("insufficient ACL permissions");
 
@@ -116,6 +127,7 @@ static int do_svnserve_cmd(const char *cmd, char *arg, char *user)
   int ret;
 
   change_user(cfg.owner);
+  umask(REPO_UMASK);
   return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
 }
 
@@ -205,7 +217,7 @@ int main(int argc, char **argv)
       fprintf(stderr, "\n");
       die("only repository access is allowed");
     }
-    setuid(getuid());
+    reset_user();
     argv[0] = SHELL;
     execvp(argv[0], (char *const *) argv);
     return 1;
@@ -266,7 +278,7 @@ int main(int argc, char **argv)
 
   if (!cfg.allow_interactive)
     die("only repository access is allowed");
-  setuid(getuid());
+  reset_user();
   cd_to_homedir();
   argv[0] = SHELL;
   execvp(argv[0], (char *const *) argv);