#define SHELL "/bin/bash"
#define GIT_ACL_FILE ".gitacls"
+enum { REPO_UMASK = 027 };
+
typedef struct {
char *user;
char *svn_root;
if (!pw)
die("invalid user %s", user);
+ setgid(pw->pw_gid);
setuid(pw->pw_uid);
}
+/* Set the user and group permissions back to the requesting user */
+static void reset_user()
+{
+ setgid(getgid());
+ setuid(getuid());
+}
+
static char *dequote(char *arg)
{
char* narg = NULL;
die("bad command");
change_user(cfg.owner);
+ umask(REPO_UMASK);
if (!git_check_access(cmd, arg, user))
die("insufficient ACL permissions");
int ret;
change_user(cfg.owner);
+ umask(REPO_UMASK);
return execvp(svnserve_argv[0], (char *const *) svnserve_argv);
}
fprintf(stderr, "\n");
die("only repository access is allowed");
}
- setuid(getuid());
+ reset_user();
argv[0] = SHELL;
execvp(argv[0], (char *const *) argv);
return 1;
if (!cfg.allow_interactive)
die("only repository access is allowed");
- setuid(getuid());
+ reset_user();
cd_to_homedir();
argv[0] = SHELL;
execvp(argv[0], (char *const *) argv);