Merge "Add secondary groups to user during privilege escalation"

2014-01-28 00:37:49 +00:00 · 2014-01-28 00:37:49 +00:00 · 9034558f0b
commit 9034558f0b
parent 61f9380225 c656e18949
2 changed files with 9 additions and 2 deletions
--- a/swift/common/utils.py
+++ b/swift/common/utils.py
@ -17,6 +17,7 @@

 import errno
 import fcntl
+import grp
 import hmac
 import operator
 import os
@ -1164,9 +1165,10 @@ def drop_privileges(user):

    :param user: User name to change privileges to
    """
-    user = pwd.getpwnam(user)
    if os.geteuid() == 0:
-        os.setgroups([])
+        groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
+        os.setgroups(groups)
+    user = pwd.getpwnam(user)
    os.setgid(user[3])
    os.setuid(user[2])
    os.environ['HOME'] = user[5]
--- a/test/unit/common/test_utils.py
+++ b/test/unit/common/test_utils.py
@ -21,6 +21,7 @@ import ctypes
 import errno
 import eventlet
 import eventlet.event
+import grp
 import logging
 import os
 import random
@ -959,6 +960,10 @@ log_name = %(yarr)s'''
        import pwd
        self.assertEquals(pwd.getpwnam(user)[5], utils.os.environ['HOME'])

+        groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
+        groups.append(pwd.getpwnam(user).pw_gid)
+        self.assertEquals(set(groups), set(os.getgroups()))
+
        # reset; test same args, OSError trying to get session leader
        utils.os = MockOs(called_funcs=required_func_calls,
                          raise_funcs=('setsid',))